Presentation is loading. Please wait.

Presentation is loading. Please wait.

Saphe surfing! 1 SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld.

Published byDarcy Pearson Modified over 9 years ago

Similar presentations

Presentation on theme: "Saphe surfing! 1 SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld."— Presentation transcript:

1 Saphe surfing! 1 SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld

2 Saphe surfing! 2 Motivation Phishing caused 3 Billion $ damages in 2007 alone Current solutions are not effective enough

3 Saphe surfing! 3 What is Phishing? Any attempt to masquerade as a legitimate server in order to obtain sensitive information Usually done by soliciting an unsuspecting user to follow a fraudulent link From: your bank To: unsuspecting user There are problems in your account. Please follow attached link to solve them.

4 Saphe surfing! 4 Why Phishing works? Users are naïve Its hard to detect differences in URLs: http://www.myrealbankserver.co.il/login.asp http://www.myrea1bankserver.co.il/login.asp Over-reliance on SSL security Did you notice the small lock icon in the corner?

5 Saphe surfing! 5 Current solutions Maintaining black lists (Firefox & IE7) Phishing solicitations detection Idiosyncratic characteristics That’s me!

6 Saphe surfing! 6 A relevant warning This was recently published in a major Israeli bank’s web site: click me

7 Saphe surfing! 7 The Saphe Solution Relies on a password known only to the user and the real server Protects against: –Any impersonation of the real server –DNS poisoning –Man-in-the-Middle attacks

8 Saphe surfing! 8 Security assumptions AES is a strong encryption algorithm SSLv3.0 is a secure protocol Digital certificates positively identify the owner of a domain

9 Saphe surfing! 9 The general idea Use the password to authenticate the server to the user before using it to authenticate the user to the server Encrypt information about the current session to detect any tampering

10 Saphe surfing! 10 How it works Client-side code (plugin) automatically guards the user Server-side code creates data that authenticates the server to the plugin All the user needs to do is notice the plugin dialog box (or the lack of it…)

11 Saphe surfing! 11

12 Saphe surfing! 12 How it really works Plugin automatically started when relevant MIME-type is detected The password is NOT sent until the server is authenticated and the connection is proven to be tamper-free All links MUST be secure (HTTPS)

13 Saphe surfing! 13 How it really works (ctd) Client-side and server-side random challenge buffers are used (to prevent replay attacks) Encryption key is derived from the password and the challenges Data integrity is guaranteed with HMAC

14 Saphe surfing! 14 How it really works (ctd2) Key derivation function is computationally demanding to slow offline enumeration The server encrypts the following: –Connection source IP address –URL requested during the connection –Login URL

15 Saphe surfing! 15 How it really works (ctd3) User machine’s real IP address is retrieved from a secured (HTTPS) known server

16 Saphe surfing! 16 Next: Thwarting Phishing attacks!

17 Saphe surfing! 17 Phishing scenario #1 Redirecting the user to a fraudulent domain Forged web page similar to the real one Passive Phishing (Most common scenario)

18 Saphe surfing! 18 Phishing scenario #2 Active Phishing

19 Saphe surfing! 19 Phishing scenario #3 DNS poisoning

20 Saphe surfing! 20 Phishing scenario #4 Man-in-the-Middle

21 Saphe surfing! 21 Implementation details Firefox plugin written as a DLL in C++ Server side code written in C++ Test server written in Python Tested on Windows XP with Firefox 1.5

22 Saphe surfing! 22 Future versions Support more browsers and operating systems Automatic installer Allow HTML code in Saphe data Support password hashes

23 Saphe surfing! 23 How much is the phish? Questions? (How many fish are in this presentation?)

24 Saphe surfing! 24 For more details: http://tau-itw.wikidot.com/project:safelogin mailto: saphesolution@yahoo.com saphesolution@yahoo.com

Download ppt "Saphe surfing! 1 SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld."

Similar presentations

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).

Kerberos 1 Public domain image of Heracles and Cerberus. From an Attic bilingual amphora, 530–520 BC. From Italy (?).
ForceHTTPS: Protecting High-Security Web Sites from Network Attacks Collin Jackson and Adam Barth.

ForceHTTPS: Protecting High-Security Web Sites from Network Attacks Collin Jackson and Adam Barth.
Reporter: Jing Chiu Advisor: Yuh-Jye Lee 2015/7/181Data Mining & Machine Learning Lab.

Reporter: Jing Chiu Advisor: Yuh-Jye Lee /7/181Data Mining & Machine Learning Lab.
Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.

Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.
Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.

Copyright © 2012 Certification Partners, LLC -- All Rights Reserved Lesson 4: Web Browsing.
Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.

Topic 8: Secure communication in mobile devices. Choice of secure communication protocols, leveraging SSL for remote authentication and using HTTPS for.
Michelle J. Gosselin, Jennifer Schommer Guanzhong Wang.

Michelle J. Gosselin, Jennifer Schommer Guanzhong Wang.
ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.

ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.
More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.

More on SSL/TLS. Internet security: TLS TLS is one of the more prominent internet security protocols. TLS is one of the more prominent internet security.
Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.

Phishing and Pharming New Identity Theft Threats Presentation by Jason Guthrie.
Http Web Authentication Web authentication is used to verify a users identity before allowing access to certain web pages On web browsers you get a login.

Http Web Authentication Web authentication is used to verify a users identity before allowing access to certain web pages On web browsers you get a login.
Implementation of a Two-way Authentication Protocol Using Shared Key with Hash CS265 Sec. 2 David Wang.

Implementation of a Two-way Authentication Protocol Using Shared Key with Hash CS265 Sec. 2 David Wang.
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
1 Managing Identity Threats May 2010. 2 Where are the threats ? Customer Web/App Server Vulnerabilities: Trojan sniffers Soliciting Email to enter credentials.

1 Managing Identity Threats May Where are the threats ? Customer Web/App Server Vulnerabilities: Trojan sniffers Soliciting to enter credentials.
A Third Party Service for Providing Trust on the Internet Work done in 2001 at HP Labs by Michael VanHilst and Ski Ilnicki.

A Third Party Service for Providing Trust on the Internet Work done in 2001 at HP Labs by Michael VanHilst and Ski Ilnicki.
16.1 © 2004 Pearson Education, Inc. Exam 70-294 Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
Online Security Tuesday April 8, 2003 Maxence Crossley.

Online Security Tuesday April 8, 2003 Maxence Crossley.
Stronger Password Authentication Using Browser Extensions Blake Ross, Collin Jackson, Nick Miyake, Dan Boneh, John Mitchell Stanford University

Stronger Password Authentication Using Browser Extensions Blake Ross, Collin Jackson, Nick Miyake, Dan Boneh, John Mitchell Stanford University
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Similar presentations

Ads by Google