Presentation is loading. Please wait.

Presentation is loading. Please wait.

PORTIA Project 1 Mitigating Online ID Theft: Phishing and Spyware Students:Blake Ross, Collin Jackson, Nick Miyake, Yuka Teraguchi, Robert Ladesma, Andrew.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "PORTIA Project 1 Mitigating Online ID Theft: Phishing and Spyware Students:Blake Ross, Collin Jackson, Nick Miyake, Yuka Teraguchi, Robert Ladesma, Andrew."— Presentation transcript:

1 PORTIA Project 1 Mitigating Online ID Theft: Phishing and Spyware Students:Blake Ross, Collin Jackson, Nick Miyake, Yuka Teraguchi, Robert Ladesma, Andrew Morrison Faculty:Dan Boneh and John Mitchell Special thanks to the SF-ECTF and SS.

2 2 Sample phishing email

3 3 Sample phishing site http://202.69.39.30/snkee/....

4 4 Magnitude of problem u Fastest growing crime on the Internet. u Trends: keyloggers from phishing sites. http://www.antiphishing.org 2004-5MarFebJan…JulyJan spoofs/ month 287026862602…1634113 # targets786864…137 March, 05: 80% at 8 brands, average uptime 5.8 days, 81% of targets are financial

5 5 What can we do about phishing? u Spam filter: Phishing starts with email, so stop it there. Non-trivial: phishing emails look like ordinary email. u Client-side methods: Anti-phishing using browser plug-ins. Anti-spyware using Virtual Machine Monitors. u Server-side methods: Personalized web pages. Improved user authentication (e.g. tokens or certs ).

6 6 PORTIA ID Protection Work u Long term effort to develop online ID protection tools.  SpoofGuard : (NDSS ’04) Alerts user when browser is viewing a spoofed web page. Uses variety of heuristics to identify spoof pages. A new type of anomaly detection problem.  PwdHash : (Usenix Sec ’05) Simple mechanism for strengthening password web auth.  SpyBlock : (under development) A Virtual Machine (VM) approach to SpyWare defense.

7 PORTIA Project 7 1. SpoofGuard: Detect Phishing Web Sites http://crypto.stanford.edu/SpoofGuard

8 8 SpoofGuard Browser Plug-in u Compute spoof index: Weighted sum of several spoof measures Depends on current page and browsing history u Provides two forms of information: Passive alerts in toolbar. Active blocking when necessary. u Challenges: Must be easy for novice users. Detect malicious pages yet minimize false alarms.

9 9 Sample Heuristics u History Check: Site is assumed OK if in user’s history list. u Domain Check: Check similarity to domain in history list. u Email Check: Suspicious if page is reached by following email link u Impact: Ebay toolbar, Yahoo ! toolbar, WholeSecure Multiple requests for Firefox support.

10 10 Current/future work u SpamAssassin extensions: Download pages that URL’s in incoming email point to. Run SpoofGuard heuristics on downloaded pages. u Spam archive scanning: Automatic detection of new phishing sites. www.spamarchive.org

11 PORTIA Project 11 2. PwdHash: Improved Pwd Mgmt http://crypto.stanford.edu/PwdHash

12 12 Strengthen Web Pwd Auth  Current web auth: cleartext password over SSL Vulnerable to phishing. Vulnerable to break-ins at low security sites.  Simple improvement: Browser plug-in that converts a user’s pwd into a unique pwd per site: 1. Locate all pwd HTML elements on page: 2. When form is submitted replace all pwd’s by: PRF pwd (domain-name) 3. Phishing site only sees hash of Ebay password.  The challenge: Extremely hard to implement securely in a modern browser!

13 13 PwdHash Challenges 1.Javascript attacks 2.Pwd reset after plug-in install 3.Dictionary attacks (sol: EKE or SFE for equality test) 4.What salt to use in hash? 5.How to encode resulting hash? 6.Internet Café u Our design goal: transparent to user. u Impact:1. Google: PhD intern. 2. TIPPI working group: MS, Mozilla, RSA

14 14 Javascript attacks u Phishing site can create Javascript to steal user’s unhashed password. Record all key-strokes sent to page Change target-domain-name on submit Mask regular text field as a password field

15 15 Javascript attacks (cont.) u Defense 1: Password prefix / Password key Ask user to start all passwords with “@@” Plus-in traps all keyboard events to window. When “@@” detected, replace subseq. keys with ‘%’ –Browser never sees pwd. On ‘BeforeNavigate2’ event, replace ‘%%’ in POST data with hashed pwd. Alert user if “@@” detected in key stream while focus not on pwd field.

16 16 Pwd Salting – an old idea u Hash pwd with realm provided by remote site: HTTP 1.1 Digest Authentication Kerberos 5 u Hash pwd with network service name: Gabber, Gibbons, Mattias, Mayer [FC ’97]. Proxy. Abadi, Bharat, Marais [PTO ’97] u Challenge:implementing securely in a modern browser.

17 PORTIA Project 17 SpyBlock Spyware defense tool Current work

18 18 SpyBlock design u Proxy VM keeps sensitive user info away from SpyWare. u User hits pwdkey before and after typing sensitive info. VMWare ACE Server / Xen Guest OS Firefox Proxy VM SpyWare apps https page PwdKey Keys Junk https junk  data

19 19 Summary u Long term effort focused on ID protection tools. u Current tools: SpoofGuard, PwdHash, Current/future work:SpyBlock u Strong focus on technology transfer: Interns help do tech transfer. Source code available on PORTIA web site.  Close collaboration with SF-ECTF.

Download ppt "PORTIA Project 1 Mitigating Online ID Theft: Phishing and Spyware Students:Blake Ross, Collin Jackson, Nick Miyake, Yuka Teraguchi, Robert Ladesma, Andrew."

Similar presentations

ForceHTTPS: Protecting High-Security Web Sites from Network Attacks Collin Jackson and Adam Barth.

ForceHTTPS: Protecting High-Security Web Sites from Network Attacks Collin Jackson and Adam Barth.
Passwords Don’t Get No Respect – Or, How to Make the Most of Weak Shared Secrets Burt Kaliski, RSA Laboratories DIMACS Workshop on Theft in E-Commerce.

Passwords Don’t Get No Respect – Or, How to Make the Most of Weak Shared Secrets Burt Kaliski, RSA Laboratories DIMACS Workshop on Theft in E-Commerce.
New trends on cyber security - Cyber Espionage & Identity theft By K S Yash, CRO 1.

New trends on cyber security - Cyber Espionage & Identity theft By K S Yash, CRO 1.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
1 CANTINA : A Content-Based Approach to Detecting Phishing Web Sites WWW 2007 2008.09.09 Yue Zhang, Jason Hong, and Lorrie Cranor.

1 CANTINA : A Content-Based Approach to Detecting Phishing Web Sites WWW Yue Zhang, Jason Hong, and Lorrie Cranor.
PHAD- A Phishing Avoidance and Detection Tool Using Invisible Digital Watermarking By Sonali Batra Web 2.0 Security and Privacy 2014.

PHAD- A Phishing Avoidance and Detection Tool Using Invisible Digital Watermarking By Sonali Batra Web 2.0 Security and Privacy 2014.
A Crawler-based Study of Spyware on the Web Author: Alexander Moshchuk, Tanya Bragin, Steven D.Gribble, Henry M.Levy Presented At: NDSS, 2006 Prepared.

A Crawler-based Study of Spyware on the Web Author: Alexander Moshchuk, Tanya Bragin, Steven D.Gribble, Henry M.Levy Presented At: NDSS, 2006 Prepared.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
1 CPSC156: The Internet Co-Evolution of Technology and Society Lecture 22: April 17, 2007 Browser-based Security and Privacy Tools.

1 CPSC156: The Internet Co-Evolution of Technology and Society Lecture 22: April 17, 2007 Browser-based Security and Privacy Tools.
Stronger Password Authentication Using Browser Extensions Blake Ross, Collin Jackson, Nick Miyake, Dan Boneh, John Mitchell Stanford University

Stronger Password Authentication Using Browser Extensions Blake Ross, Collin Jackson, Nick Miyake, Dan Boneh, John Mitchell Stanford University
Context-Aware Phishing Attacks and Client-Side Defenses Collin Jackson Stanford University.

Context-Aware Phishing Attacks and Client-Side Defenses Collin Jackson Stanford University.
1 Client-side defenses against web-based identity theft Students:Robert Ledesma, Blake Ross, Yuka Teraguchi Faculty:Dan Boneh and John Mitchell Stanford.

1 Client-side defenses against web-based identity theft Students:Robert Ledesma, Blake Ross, Yuka Teraguchi Faculty:Dan Boneh and John Mitchell Stanford.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Trustworthy User Interface Design: Dynamic Security Skins Rachna Dhamija and J.D. Tygar University of California, Berkeley TIPPI Workshop June 13, 2005.

Trustworthy User Interface Design: Dynamic Security Skins Rachna Dhamija and J.D. Tygar University of California, Berkeley TIPPI Workshop June 13, 2005.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.

 Proxy Servers are software that act as intermediaries between client and servers on the Internet.  They help users on private networks get information.
Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.

Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.
Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP does not maintain state. State Information can be passed using: HTTP Headers.

Cookies COEN 351 E-commerce Security. Client / Session Identification HTTP does not maintain state. State Information can be passed using: HTTP Headers.
Quiz Review.

Quiz Review.
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.

Similar presentations

Ads by Google