PORTIA Project 1 Mitigating Online ID Theft: Phishing and Spyware Students:Blake Ross, Collin Jackson, Nick Miyake, Yuka Teraguchi, Robert Ladesma, Andrew.

Slides:

Advertisements

Similar presentations

ForceHTTPS: Protecting High-Security Web Sites from Network Attacks Collin Jackson and Adam Barth.

Advertisements

Passwords Don’t Get No Respect – Or, How to Make the Most of Weak Shared Secrets Burt Kaliski, RSA Laboratories DIMACS Workshop on Theft in E-Commerce.

New trends on cyber security - Cyber Espionage & Identity theft By K S Yash, CRO 1.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

1 CANTINA : A Content-Based Approach to Detecting Phishing Web Sites WWW Yue Zhang, Jason Hong, and Lorrie Cranor.

PHAD- A Phishing Avoidance and Detection Tool Using Invisible Digital Watermarking By Sonali Batra Web 2.0 Security and Privacy 2014.

A Crawler-based Study of Spyware on the Web Author: Alexander Moshchuk, Tanya Bragin, Steven D.Gribble, Henry M.Levy Presented At: NDSS, 2006 Prepared.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

1 CPSC156: The Internet Co-Evolution of Technology and Society Lecture 22: April 17, 2007 Browser-based Security and Privacy Tools.

Stronger Password Authentication Using Browser Extensions Blake Ross, Collin Jackson, Nick Miyake, Dan Boneh, John Mitchell Stanford University

Context-Aware Phishing Attacks and Client-Side Defenses Collin Jackson Stanford University.

1 Client-side defenses against web-based identity theft Students:Robert Ledesma, Blake Ross, Yuka Teraguchi Faculty:Dan Boneh and John Mitchell Stanford.

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Trustworthy User Interface Design: Dynamic Security Skins Rachna Dhamija and J.D. Tygar University of California, Berkeley TIPPI Workshop June 13, 2005.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.

Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP does not maintain state. State Information can be passed using: HTTP Headers.

Norman SecureSurf Protect your users when surfing the Internet.

 A cookie is a piece of text that a Web server can store on a user's hard disk.  Cookie data is simply name-value pairs stored on your hard disk by.

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.

Trojan Horse Implementation and Prevention By Pallavi Dharmadhikari Sirisha Bollineni VijayaLakshmi Jothiram Vasanthi Madala.

Presented By Jay Dani.  Web Spoofing is a security attack that allows an adversary to observe and modify all web pages sent to the victim's machine,

First Community Bank Prevx Safe Online Rollout & Best Practice Presentation.

The World-Wide Web. Why we care? How much of your personal info was released to the Internet each time you view a Web page? How much of your personal.

Computer Concepts 2014 Chapter 7 The Web and .

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

© 2006 Consumer Jungle Minimizing Online Risks. © 2006 Consumer Jungle 15 Steps to Minimizing Online Risks 1.Update your operating system 2.Use a firewall.

Phishing Rising to the challenge Amy Marasco Microsoft.

GONE PHISHING ECE 4112 Final Lab Project Group #19 Enid Brown & Linda Larmore.

Web Spoofing John D. Cook Andrew Linn. Web huh? Spoof: A hoax, trick, or deception Spoof: A hoax, trick, or deception Discussed among academics in the.

TRUST, Washington, D.C. Meeting January 9–10, 2006 Combating Online Identity Theft Spoofguard, PwdHash, Spyware, Botnets John Mitchell (Stanford)

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.

Visual-Similarity-Based Phishing Detection Eric Medvet, Engin Kirda, Christopher Kruegel SecureComm 2008 Sep.

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Design Extensions to Google+ CS6204 Privacy and Security.

1 All Your iFRAMEs Point to Us Mike Burry. 2 Drive-by downloads Malicious code (typically Javascript) Downloaded without user interaction (automatic),

Staying Safe Online Keep your Information Secure.

Web Browser Security Prepared By Mohammed EL-Batta Mohammed Soubih Supervised By Eng. Eman alajrami Explain Date 10. may University of Palestine.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

A Crawler-based Study of Spyware on the Web A.Moshchuk, T.Bragin, D.Gribble, M.Levy NDSS, 2006 * Presented by Justin Miller on 3/6/07.

A Crawler-based Study of Spyware on the Web Authors: Alexander Moshchuk, Tanya Bragin, Steven D.Gribble, and Henry M. Levy University of Washington 13.

The Battle Against Phishing: Dynamic Security Skins Rachna Dhamija and J.D. Tygar U.C. Berkeley.

Anti-Phishing Approaches Lifeng Hu

Chapter 2. Core Defense Mechanisms. Fundamental security problem All user input is untrusted.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.

BeamAuth : Two-Factor Web Authentication with a Bookmark 14 th ACM Conference on Computer and Communications Security Ben Adida Presenter : SJ Park.

Saphe surfing! 1 SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld.

Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP Headers Client IP Address HTTP User Login FAT URLs Cookies.

Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?

Presenter: Le Quoc Thanh SPYWARE ANALYSIS AND DETECTION.

Phishing & Pharming. 2 Oct to July 2005 APWG.

Cyber Safety Mohammad Abbas Alamdar Teacher of ICT STS Ajman – Boys School.

WebWatcher A Lightweight Tool for Analyzing Web Server Logs Hervé DEBAR IBM Zurich Research Laboratory Global Security Analysis Laboratory

LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.

Transaction Generators: Root Kits for Web By: Collin Jackson, Dan Bonch, John Mitchell Presented by Jeff Wheeler.

JavaScript and Ajax (Internet Background) Week 1 Web site:

Session Management Tyler Moore CS7403 University of Tulsa Slides adapted in part or whole from Dan Boneh, Stanford CS155 1.

Building Secure Web Applications with IDS Michael Chaney Technical Director ChainLink Networking Solutions, Inc.

Powerpoint presentation on Drive-by download attack -By Yogita Goyal.

ISYM 540 Current Topics in Information System Management

Software Applications for end-users

Conveying Trust Serge Egelman.

Cross-Site Request Forgeries: Exploitation and Prevention

Implementing Client Security on Windows 2000 and Windows XP Level 150

Stronger Password Authentication Using Browser Extensions

Chapter 9: Configuring Internet Explorer

Cross Site Request Forgery (CSRF)

Presentation transcript:

PORTIA Project 1 Mitigating Online ID Theft: Phishing and Spyware Students:Blake Ross, Collin Jackson, Nick Miyake, Yuka Teraguchi, Robert Ladesma, Andrew Morrison Faculty:Dan Boneh and John Mitchell Special thanks to the SF-ECTF and SS.

2 Sample phishing

3 Sample phishing site

4 Magnitude of problem u Fastest growing crime on the Internet. u Trends: keyloggers from phishing sites MarFebJan…JulyJan spoofs/ month … # targets786864…137 March, 05: 80% at 8 brands, average uptime 5.8 days, 81% of targets are financial

5 What can we do about phishing? u Spam filter: Phishing starts with , so stop it there. Non-trivial: phishing s look like ordinary . u Client-side methods: Anti-phishing using browser plug-ins. Anti-spyware using Virtual Machine Monitors. u Server-side methods: Personalized web pages. Improved user authentication (e.g. tokens or certs ).

6 PORTIA ID Protection Work u Long term effort to develop online ID protection tools.  SpoofGuard : (NDSS ’04) Alerts user when browser is viewing a spoofed web page. Uses variety of heuristics to identify spoof pages. A new type of anomaly detection problem.  PwdHash : (Usenix Sec ’05) Simple mechanism for strengthening password web auth.  SpyBlock : (under development) A Virtual Machine (VM) approach to SpyWare defense.

PORTIA Project 7 1. SpoofGuard: Detect Phishing Web Sites

8 SpoofGuard Browser Plug-in u Compute spoof index: Weighted sum of several spoof measures Depends on current page and browsing history u Provides two forms of information: Passive alerts in toolbar. Active blocking when necessary. u Challenges: Must be easy for novice users. Detect malicious pages yet minimize false alarms.

9 Sample Heuristics u History Check: Site is assumed OK if in user’s history list. u Domain Check: Check similarity to domain in history list. u Check: Suspicious if page is reached by following link u Impact: Ebay toolbar, Yahoo ! toolbar, WholeSecure Multiple requests for Firefox support.

10 Current/future work u SpamAssassin extensions: Download pages that URL’s in incoming point to. Run SpoofGuard heuristics on downloaded pages. u Spam archive scanning: Automatic detection of new phishing sites.

PORTIA Project PwdHash: Improved Pwd Mgmt

12 Strengthen Web Pwd Auth  Current web auth: cleartext password over SSL Vulnerable to phishing. Vulnerable to break-ins at low security sites.  Simple improvement: Browser plug-in that converts a user’s pwd into a unique pwd per site: 1. Locate all pwd HTML elements on page: 2. When form is submitted replace all pwd’s by: PRF pwd (domain-name) 3. Phishing site only sees hash of Ebay password.  The challenge: Extremely hard to implement securely in a modern browser!

13 PwdHash Challenges 1.Javascript attacks 2.Pwd reset after plug-in install 3.Dictionary attacks (sol: EKE or SFE for equality test) 4.What salt to use in hash? 5.How to encode resulting hash? 6.Internet Café u Our design goal: transparent to user. u Impact:1. Google: PhD intern. 2. TIPPI working group: MS, Mozilla, RSA

14 Javascript attacks u Phishing site can create Javascript to steal user’s unhashed password. Record all key-strokes sent to page Change target-domain-name on submit Mask regular text field as a password field

15 Javascript attacks (cont.) u Defense 1: Password prefix / Password key Ask user to start all passwords with Plus-in traps all keyboard events to window. When detected, replace subseq. keys with ‘%’ –Browser never sees pwd. On ‘BeforeNavigate2’ event, replace ‘%%’ in POST data with hashed pwd. Alert user if detected in key stream while focus not on pwd field.

16 Pwd Salting – an old idea u Hash pwd with realm provided by remote site: HTTP 1.1 Digest Authentication Kerberos 5 u Hash pwd with network service name: Gabber, Gibbons, Mattias, Mayer [FC ’97]. Proxy. Abadi, Bharat, Marais [PTO ’97] u Challenge:implementing securely in a modern browser.

PORTIA Project 17 SpyBlock Spyware defense tool Current work

18 SpyBlock design u Proxy VM keeps sensitive user info away from SpyWare. u User hits pwdkey before and after typing sensitive info. VMWare ACE Server / Xen Guest OS Firefox Proxy VM SpyWare apps https page PwdKey Keys Junk https junk  data

19 Summary u Long term effort focused on ID protection tools. u Current tools: SpoofGuard, PwdHash, Current/future work:SpyBlock u Strong focus on technology transfer: Interns help do tech transfer. Source code available on PORTIA web site.  Close collaboration with SF-ECTF.