Presentation is loading. Please wait.

Presentation is loading. Please wait.

June 19, 2006TIPPI21 Web Wallet Preventing Phishing Attacks by Revealing User Intentions Rob Miller & Min Wu User Interface Design Group MIT CSAIL Joint.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "June 19, 2006TIPPI21 Web Wallet Preventing Phishing Attacks by Revealing User Intentions Rob Miller & Min Wu User Interface Design Group MIT CSAIL Joint."— Presentation transcript:

1 June 19, 2006TIPPI21 Web Wallet Preventing Phishing Attacks by Revealing User Intentions Rob Miller & Min Wu User Interface Design Group MIT CSAIL Joint work with Simson Garfinkel, Greg Little

2 June 19, 2006TIPPI22 Do Security Indicators Work? ?

3 June 19, 2006TIPPI23 Security Indicators Don’t Work Users don ’ t know what to trust –Web page often looks more credible than indicator Security is a secondary task –Users don ’ t have to pay attention to the indicators, so they don ’ t Indicators aren ’ t reliable –Sloppy but common web practices make them inaccurate Current indicators only say “ don ’ t go there ” –So where should I go instead?

4 June 19, 2006TIPPI24 Our Approach: Web Wallet

5 June 19, 2006TIPPI25 Outline Security toolbar study [CHI ’ 06] Web Wallet [SOUPS ’ 06] –Demo –Design principles –User study Related work

6 June 19, 2006TIPPI26 Three Kinds of Toolbar Information SpoofStick Netcraft Toolbar Neutral-information Toolbar eBay’s Account Guard SpoofGuard System-decision Toolbar SSL-verification Toolbar TrustBar

7 June 19, 2006TIPPI27 Study Design Study should reflect the “ secondary goal property ” of security –In real life, security is rarely a user ’ s primary goal Users must be given tasks other than security –“ In this study, you are the personal assistant for John Smith. Here are 20 forwarded emails from him. ” Tasks involve security decisions –John ’ s emails ask the user to manage his wish lists at various e-commerce sites, which require logging in to the sites

8 June 19, 2006TIPPI28

9 June 19, 2006TIPPI29 Phishing Attacks in the Study 5 of the 20 emails are attacks, e.g.: Similar name attack IP address attack Hijacked-server attack Bestbuy.com  www.bestbuy.com.ww2.us Bestbuy.com  212.85.153.6 Bestbuy.com  www.btinternet.com

10 June 19, 2006TIPPI210 Results Neutral information System decision SSL verification

11 June 19, 2006TIPPI211 Why Were Users Fooled? Users explain away indicators of attacks –www.ssl-yahoo.com: “ a subdirectory of Yahoo, like mail.yahoo.com ” –sign.travelocity.com.zaga-zaga.us: “ must be an outsourcing site [for travelocity.com]. ” –www.btinternet.com (phishing for buy.com): “ sometimes I go to a website and the site directs me to another address which is different from the one I have typed. ” –200.114.156.78: “ I have been to sites that used IP addresses. ” –Potential fraudulent site: “ it is triggered because the web content is ‘ informal ’, just like my spam filter says ‘ this email is probably a spam. ’” –New Site [BR]: “ Yahoo must have a branch in Brazil. ”

12 June 19, 2006TIPPI212 Why Were Users Fooled? Users had the wrong security model –“ The site is authentic because it has a privacy policy, VeriSign seal, contact information, and the submit button says ‘ sign in using our secure server ’. ” –“ If a site works well with all its links, then the site is authentic. I cannot imagine that an attacker will mirror a whole site. ” Security was not the primary goal –“ I noticed the warning. But I had to take the risk to get the task done. ” –“ I did look at the toolbar but did not notice the warning under this attack. ”

13 June 19, 2006TIPPI213 Why Do Security Indicators Fail? Attack is more credible than indicator –Web page has richer cues than browser toolbar Security is a separate, secondary task –Primary task wins –Separate security task is ignored Sloppy but common web practices allow the user to rationalize the attack –Users do not know how to correctly interpret the toolbar display Advising the user not to proceed is not the right approach –We need to provide a safe path

14 June 19, 2006TIPPI214 Our Approach: Web Wallet Redesign browser UI so that the user ’ s intention is clear –“ Log in to bestbuy.com ” –“ Submit my credit card to amazon.com ” Block the action if the user ’ s intention disagrees with its actual effect –But offer a safe path to the user ’ s goal Integrate security decisions into the user ’ s workflow –So they can ’ t be ignored

15 June 19, 2006TIPPI215 Web Wallet DEMO

16 June 19, 2006TIPPI216

17 June 19, 2006TIPPI217

18 June 19, 2006TIPPI218

19 June 19, 2006TIPPI219

20 June 19, 2006TIPPI220

21 June 19, 2006TIPPI221 Web Wallet Design Principles Determine the user ’ s intention Respect that intention

22 June 19, 2006TIPPI222 Design Principles Integrate security UI into the user ’ s workflow Improve usability as well as security

23 June 19, 2006TIPPI223 Design Principles Use comparisons to put information in context Ask user to choose, not just “ are you sure? ”

24 June 19, 2006TIPPI224 Web Wallet User Study Same scenario as the toolbar study No tutorial 30 users –Internet Explorer alone (10 users) –Web Wallet (20 users) 5 phishing attacks –IE group saw only similar-name attacks, e.g.: –Web Wallet group saw Wallet-specific attacks bestbuy.com  www.bestbuy.com.ww2.us

25 June 19, 2006TIPPI225 Attacks Against the Web Wallet 1. Normal attack 3. Onscreen-keyboard attack 2. Undetected-form attack

26 June 19, 2006TIPPI226 Attacks Against the Web Wallet 4. Fake-wallet attack

27 June 19, 2006TIPPI227 Attacks Against the Web Wallet 5. Fake-suggestion attack

28 June 19, 2006TIPPI228 Results

29 June 19, 2006TIPPI229 Which Features Helped? Site description stopped 14 attacks (out of the 22 attacks where it was seen) Choosing interface stopped 14 (out of 14 attacks where seen)

30 June 19, 2006TIPPI230 Spoof Rate by Attack Type

31 June 19, 2006TIPPI231 Fake-Wallet Attack Web Wallet utterly failed to prevent the fake-wallet attack (spoof rate 64%) Users had the wrong mental model for the security key Spoofing is still a problem, since the Web Wallet itself can be spoofed –Dynamic skin –Personalized image –Active observer? Press F2 before you do any sensitive data submission Press F2 to open the Web Wallet

32 June 19, 2006TIPPI232 Related Work Dynamic security skins (Dhamija & Tygar) Microsoft InfoCard (Cameron et al) PwdHash (Ross et al) Password Multiplier (Halderman et al) GeoTrust TrustWatch

33 June 19, 2006TIPPI233 Summary: Antiphishing UI Design Principles Get the user ’ s intention Respect that intention Integrate security decisions into the user ’ s workflow Compare-and-choose, don ’ t just confirm More information at: http://uid.csail.mit.edu/

Download ppt "June 19, 2006TIPPI21 Web Wallet Preventing Phishing Attacks by Revealing User Intentions Rob Miller & Min Wu User Interface Design Group MIT CSAIL Joint."

Similar presentations

My System Profile and Password Reset Instructions PART 1 For every Core-CT User ID follow these steps to use the Automated Password Reset feature: 1.Log.

My System Profile and Password Reset Instructions PART 1 For every Core-CT User ID follow these steps to use the Automated Password Reset feature: 1.Log.
ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.

ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.
1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.

1 Identity Theft: What You Need to Know. 2 Identity Theft Identity theft is a crime of stealing key pieces of someone’s identifying information, such.
Users Are Not Dependable How to make security indicators that protect them better Min Wu, Simson Garfinkel, Robert Miller MIT Computer Science and Artificial.

Users Are Not Dependable How to make security indicators that protect them better Min Wu, Simson Garfinkel, Robert Miller MIT Computer Science and Artificial.
The Importance of Being Earnest [in Security Warnings] Serge Egelman (UC Berkeley) Stuart Schechter (Microsoft Research)

The Importance of Being Earnest [in Security Warnings] Serge Egelman (UC Berkeley) Stuart Schechter (Microsoft Research)
Internet Phishing Not the kind of Fishing you are used to.

Internet Phishing Not the kind of Fishing you are used to.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.

Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
10/20/2009 Loomi Liao.  The problems  Some anti-phishing solutions  The Web Wallet solutions  The Web Wallet User Interface  User study  Discussion.

10/20/2009 Loomi Liao.  The problems  Some anti-phishing solutions  The Web Wallet solutions  The Web Wallet User Interface  User study  Discussion.
Privacy and Security on the Web Part 1. Agenda Questions? Stories? Questions? Stories? IRB: I will review and hopefully send tomorrow. IRB: I will review.

Privacy and Security on the Web Part 1. Agenda Questions? Stories? Questions? Stories? IRB: I will review and hopefully send tomorrow. IRB: I will review.
Does Domain Highlighting Help People Identify Phishing Sites? Eric Lin, Saul Greenberg Eileah Trotter, David Ma & John Aycock University of Calgary.

Does Domain Highlighting Help People Identify Phishing Sites? Eric Lin, Saul Greenberg Eileah Trotter, David Ma & John Aycock University of Calgary.
Using Digital Credentials On The World-Wide Web M. Winslett.

Using Digital Credentials On The World-Wide Web M. Winslett.
User studies. Why user studies? How do we know security and privacy solutions are really usable? Have to observe users! –you may be surprised by what.

User studies. Why user studies? How do we know security and privacy solutions are really usable? Have to observe users! –you may be surprised by what.
Trustworthy User Interface Design: Dynamic Security Skins Rachna Dhamija and J.D. Tygar University of California, Berkeley TIPPI Workshop June 13, 2005.

Trustworthy User Interface Design: Dynamic Security Skins Rachna Dhamija and J.D. Tygar University of California, Berkeley TIPPI Workshop June 13, 2005.
Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”

Social Engineering PA Turnpike Commission. “Social Engineering is the practice of obtaining confidential information by manipulation of legitimate users”
Downloading and Installing AutoCAD Architecture 2015 This is a 4 step process 1.Register with the Autodesk Student Community 2.Downloading the software.

Downloading and Installing AutoCAD Architecture 2015 This is a 4 step process 1.Register with the Autodesk Student Community 2.Downloading the software.
Radoncssi.org Google based IT infrastructure Alf Siochi.

Radoncssi.org Google based IT infrastructure Alf Siochi.
Web Browser Security Team iBrowse Sha-Myra Richardson John Darr.

Web Browser Security Team iBrowse Sha-Myra Richardson John Darr.
Copyright ©: 1995-2011 SAMSUNG & Samsung Hope for Youth. All rights reserved Tutorials The internet: Safe online shopping Suitable for: Improver.

Copyright ©: SAMSUNG & Samsung Hope for Youth. All rights reserved Tutorials The internet: Safe online shopping Suitable for: Improver.
Trust and Semantic Attacks- Phishing Hassan Takabi October 20, 2009.

Trust and Semantic Attacks- Phishing Hassan Takabi October 20, 2009.
Examining the Effectiveness and Techniques of the Anti-Phishing Technology in Leading Web Browsers and Security Toolbars. Wesley W. Owen

Examining the Effectiveness and Techniques of the Anti-Phishing Technology in Leading Web Browsers and Security Toolbars. Wesley W. Owen

Similar presentations

Ads by Google