Presentation is loading. Please wait.

Presentation is loading. Please wait.

Delayed Password Disclosure Mutual Authentication to Fight Phishing Steve Myers Indiana University, Bloomington Joint work with: Markus Jakobsson Indiana.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Delayed Password Disclosure Mutual Authentication to Fight Phishing Steve Myers Indiana University, Bloomington Joint work with: Markus Jakobsson Indiana."— Presentation transcript:

1 Delayed Password Disclosure Mutual Authentication to Fight Phishing Steve Myers Indiana University, Bloomington Joint work with: Markus Jakobsson Indiana University, Bloomington

2 What is Phishing? Attack combines social engineering and technology An attack that tricks users out of confidential information: –Authentication –Financial (Credit Card, SSN,…) –Other possibilities in the future?

3 How It’s Typically Done? Create authentic looking fraudulent web- page Spam a large number of users, directing them to fraudulent site. Hope a certain percentage of people visit, and provide requested authentication information. Make use of provided information

4 Why is it Being Done & Why is it Successful? Low risk of being caught Easy to implement attack Potentially a very high payout Hard for users to differentiate between authentic site and phishers’. Users lack ability to authenticate site.

5 Real World Mutual Authentication Case Study: Bank transaction Bank explicitly authenticates client –Asks to see ID, Bank Card, etc…. Client implicitly authenticates bank –Cost of building authentic looking branch or ATM –Banks protect trademarks, logos, etc… Done by legal enforcement. –Hard to direct a lot of traffic to one branch. –High risks and low rewards for an impersonator

6 Implicit Authentication Assumptions Do Not Hold in the Digital World Easy to duplicate legitimate looking site –Bugs in browsers make this true even for security experts Hard for companies to enforce trademarks online Easy to direct a large number of users to fraudulent site High reward and low risk for many impersonators

7 Traditional Phishing Attack

8 Why not use PAKE? PAKE Protocol

9 Doppelganger Monitor Attacks Web-server running PAKE protocol Web-server with no security protocol Window looks identical to that used for PAKE Users password sent in clear to phisher

10 Doppelganger Monitor Attacks: Passive vs. Adaptive

11 Delayed Password Disclosure User feedback authenticates site Each character of password provides image/authenticity feedback. Wrong Images=Wrong Site! –Stop entering correct password. –User can stop before releasing whole password Correct images cannot be inferred from fake session

12 Delayed Password Disclosure Protects against passive Doppelganger Monitor Attacks Phishers cannot provide correct images without performing Adaptive MIM Doppelganger Attack

13 Username= Alice Alice Enters P 1 1-out-of-c OT P1P1 P2P2 P3P3 P4P4 Alice’s Password= 1-out-of-c 2 OT Alice Enters P 2 Database of Images specific to Alice Password Authenticated Key Exchange P1P2P3P4P5P1P2P3P4P5 P1P2P3P4P5P1P2P3P4P5 1-out-of-c 3 OTAlice Enters P 3 P5P5 Bank P i 2 [1..c]

14 Issue: Very efficient 1-out-of-n OT algs are slow when n is large Solution: –Replace servers DB of images with seeds –Transmit seeds instead of images Client uses seeds to generate random-art –DB of seeds in round i computed based on user previously selected seeds in rounds i-1 –Each OT round can be 1-out-of-c. Efficiency?

15 Security & Correctness Requirements for Modifications Seeds need to be same in every execution –Ensures same pictures are always revealed Ensure password secrecy is maintained Ensure that j invocations of protocol are needed to learn j sequences of seeds.

16 Username= Alice Alice Enters P 1 1-out-of-c OT P1P1 P2P2 P3P3 P4P4 Alice’s Password= 1-out-of-c OT Alice Enters P 2 P5P5 Bank P i 2 [0.. (c-1)] S 2 {0,1} n Pic. corsp. v 1 =F s (P 1 ) x 1 2 u [0..q-1] x 2 2 u [0..q-1] 1-out-of-c OTAlice Enters P 3 g is gen. for group of order q. F is a PRFG

17 Computational Costs Client performs 2 exps. per char. in password Server needs to perform c exponentiations per char. in password High computational load for server New extension: –Costs 2 extra comm. flows per char –3 exps. per char. for client –3 exps. per char. for server

18 Full Implementation Costs Efficient OT [NP01] (RO-Model) –One time cost of c exponentiations –Client 1 exp per OT –Server 1 exp per OT Efficient PAKE [KOY01] (Stand-Model) –Client & Server take 3 exp

19 Security and Usability of DPD DPD as secure as PAKE or SSL alternative. User must protect images from prying eyes. DPD not immune to Adptv. Dplgngr. Attck, but: –Technically more challenging to perform –Attack should be easier for bank to detect. No extra hardware is required! User Interface: more complicated User education necessary!

20 Questions?

Download ppt "Delayed Password Disclosure Mutual Authentication to Fight Phishing Steve Myers Indiana University, Bloomington Joint work with: Markus Jakobsson Indiana."

Similar presentations

Cyber Stalking Cyber Stalking Phishing Hacker 1. Never reveal your home address !!! This rule is especially important for women who are business professionals.

Cyber Stalking Cyber Stalking Phishing Hacker 1. Never reveal your home address !!! This rule is especially important for women who are business professionals.
Akshat Sharma Samarth Shah

Akshat Sharma Samarth Shah
09/04/2015Unit 2 (b) Back-Office processes Unit 2 Assessment Criteria (b) 10 marks.

09/04/2015Unit 2 (b) Back-Office processes Unit 2 Assessment Criteria (b) 10 marks.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.

SECURITY IN E-COMMERCE VARNA FREE UNIVERSITY Prof. Teodora Bakardjieva.
Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.

Greg Lamb. Introduction It is clear that we as consumers and entrepreneurs cannot expect complete privacy when discussing business matters. However… There.
CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 12 Jonathan Katz.
Internet Phishing Not the kind of Fishing you are used to.

Internet Phishing Not the kind of Fishing you are used to.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.
Electronic Transaction Security (E-Commerce)

Electronic Transaction Security (E-Commerce)
10/20/2009 Loomi Liao.  The problems  Some anti-phishing solutions  The Web Wallet solutions  The Web Wallet User Interface  User study  Discussion.

10/20/2009 Loomi Liao.  The problems  Some anti-phishing solutions  The Web Wallet solutions  The Web Wallet User Interface  User study  Discussion.
Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.

Mar 4, 2003Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities.
CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 14 Jonathan Katz.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
More on AuthenticationCS-4513 D-term 20081 More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.

More on AuthenticationCS-4513 D-term More on Authentication CS-4513 Distributed Computing Systems (Slides include materials from Operating System.
CMSC 414 Computer and Network Security Lecture 23 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 23 Jonathan Katz.
CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 17 Jonathan Katz.
SSL (Secure Socket Layer) and Secure Web Pages Rob Sodders, University of Florida CIS4930 “Advanced Web Design” Spring 2004

SSL (Secure Socket Layer) and Secure Web Pages Rob Sodders, University of Florida CIS4930 “Advanced Web Design” Spring 2004
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.

Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.

Norman SecureTide Powerful cloud solution to stop spam and threats before it reaches your network.

Similar presentations

Ads by Google