Abstract
Computer security protocols usually terminate in a computer; however, the human-based services which they support usually terminate in a human. The gap between the human and the computer creates potential for security problems. We examine this gap, as it is manifested in secure Web servers. Felten et al. demonstrated the potential, in 1996, for malicious servers to impersonate honest servers. In this paper, we show how malicious servers can still do this---and can also forge the existence of an SSL session and the contents of the alleged server certificate. We then consider how to systematically defend against Web spoofing, by creating a trusted path from the browser to the human user. We present potential designs, propose a new one, prototype it in open-source Mozilla, and demonstrate its effectiveness via user studies.
- Alsaid, A. and Marti, D. 2002. Detecting web bugs with bugnosis: Privacy advocacy through education. In Proceedings of the 2nd Workshop on Privacy Enhancing Technologies, San Fransicsco, CA. Springer-Verlag, Berlin. Google Scholar
- ArticSoft Limited. 2000 WebAssurity. Online resource. http://www.articsoft.com/webassurity. htm.Google Scholar
- Barbalac, R. 2000. Making something look hacked when it isn't. The Risks Digest 21, 16 (Dec.).Google Scholar
- Bonisteel, S. 2001. Microsoft browser slips up on SSL certificates. Online resource. http://www.computeruser.com/news/01/12/27/news4.html.Google Scholar
- Dean, D. and Wallach, D. 2001. Personal communication.Google Scholar
- Department of Defense. 1985. Trusted Computer System Evaluation Criteria. DoD 5200.28-STD.Google Scholar
- Dix, A., Finlay, J., Abowd, G., and Beale, R. 1997. Human-Computer Interaction, 2 ed. Prentice Hall, Englewood Cliffs, NJ. Google Scholar
- Ellison, C. 1999. The nature of a usable PKI. Computer Networks 31. Google Scholar
- Ellison, C. 2000. Personal communication.Google Scholar
- Ellison, C., Hall, C., Milbert, R., and Schneier, B. 2000. Protecting secret keys with personal entropy. Future Generation Computer Systems 16. Google Scholar
- Felten, E., Balfanz, D., Dean, D., and Wallach, D. 1997. Web spoofing: An internet con game. In The 20th National Information Systems Security Conference, Baltimore, MD.Google Scholar
- Fogg, B., Soohoo, C., Danielson, D., Marable, L., Stanford, J., and Tauber, E. 2002. How do People Evaluate a Web Site's Credibility? Results from a Large Study. Tech. Rep., Consumer WebWatch/Stanford Persuasive Technology Lab.Google Scholar
- Friedman, B., Hurley, D., Howe, D., Felten, E., and Nissenbaum, H. 2003. User's conceptions of web security: A comparative study. In ACM/CHI2002 Conference on Human Factors and Computing Systems, Minneapolis, MN. Extended abstracts. Google Scholar
- GeoTrust, Inc. 2003. True site: Identity assurance for Web sites. Online resource. http://www.geotrust.com/true_site/index.htm.Google Scholar
- Herzberg, A. and Gbara, A. 2004. Protecting (even) naive Web users, or: preventing spoofing and establishing credentials of Web sites. Draft.Google Scholar
- Jiang, S., Smith, S., and Minami, K. 2001. Securing Web servers against insider attack. In the 17th ACSA/ACM Computer Security Applications Conference, New Orleans, LA. Google Scholar
- Kain, K., Smith, S., and Asokan, R. 2002. Digital signatures and electronic documents: A cautionary tale. In Advanced Communications and Multimedia Security. Kluwer Academic, Norwell, MA. Google Scholar
- Lefranc, S. and Naccache, D. 2003. Cut-&-paste attacks with JAVA. In Information Security and Cryptology---ICISC 2002. LNCS 2587, Springer-Verlag, Berlin. Google Scholar
- Marchesini, J., Smith., S., and Zhao, M. 2003. Keyjacking: Risks of the current client-side infrastructure. In Proceedings of the 2nd Annual PKI Research Workshop, Gaithersburg, MD.Google Scholar
- Maremont, M. 1999. Extra! extra!: Internet hoax, get the details. The Wall Street Journal.Google Scholar
- Mozilla Organization, the. 2001. Gecko DOM reference. Online resource. http://www.mozilla.org/docs/dom/domref/dom_window_ref.html.Google Scholar
- Norman, E. 2002. Personal communication.Google Scholar
- Paoli, F. D., DosSantos, A., and Kemmerer, R. 1997. Vulnerability of ‘secure’ web browsers. In Proceedings of the National Information Systems Security Conference.Google Scholar
- Perrig, A. and Song, D. 1999. Hash visualization: A new technique to improve real-world security. In Proceedings of the 1999 International Workshop on Cryptographic Techniques and E-Commerce.Google Scholar
- Rescorla, E. 2001. SSL and TLS: Designing and building secure systems. Addison Wesley, Reading, MA. Google Scholar
- Rome, J. 1995. Compartmented mode workstations. Online resource. http://www.ornl.gov/~jar/doecmw.pdf.Google Scholar
- Secunia. 2004. Mozilla/mozilla firefox user interface spoofing vulnerability. Secunia Advisory SA12188. http://secunia.com/advisories/12188/.Google Scholar
- Secure Software, Inc. EGADS homepage. Online resource. http://www.securesoftware.com/download_form_egads.htm.Google Scholar
- Smith, S. 2000. WebALPS: Using Trusted Co-Servers to Enhance Privacy and Security of Web Interactions. Tech. Rep. IBM T.J. Watson Research Center Research Report RC 21851.Google Scholar
- Smith, S. 2001. WebALPS: A survey of e-commerce privacy and security applications. ACM SIGecom Exchanges 2.3. Google Scholar
- Smith, S. and Safford, D. 2001. Practical server privacy using secure coprocessors. IBM Systems Journal 40. Google Scholar
- Sullivan, B. 2000. Scam artist copies payPal Web site. The page expired, but related discussion exists at http://www.landfield.com/isn/mail-archive/2000/Jul/0100.html.Google Scholar
- Turner, C. 2003. How do consumers form their judgments of the security of e-commerce web sites? In ACM/CHI2003 Workshop on Human-Computer Interaction and Security Systems, Fort Lauderdale, FL. http://www.andrewpatrick.ca/CHI2003/HCISEC/index.html.Google Scholar
- Tygar, J. and Whitten, A. 1996. WWW electronic commerce and Java trojan horses. In Proceeding of the 2nd USENIX Workshop on Electronic Commerce. Google Scholar
- United States Securities And Exchange Commission. 1999. Litigation release no. 16266. Online Resource. http://www.sec.gov/litigation/litreleases/lr16266.htm.Google Scholar
- Weiser, R. 2001. Personal communication.Google Scholar
- Whitten, A. and Tygar, J. 1999. Why johnny can't encrypt: A usability evaluation of PGP 5.0. In Proceeding of the 8th USENIX Security Symposium (Washington D.C.). Google Scholar
- Ye, Z. 2002. Building trusted paths for Web browsers. M.S. Thesis, Department of Computer Science, Dartmouth College, Hanover, NH.Google Scholar
- Ye, Z. and Smith, S. 2002. Trusted paths for browsers. In Proceeding of the 11th USENIX Security Symposium, San Francisco, CA. Google Scholar
- Ye, Z., Yuan, Y., and Smith, S. 2002. Web Spoofing Revisited: SSL and Beyond. Tech. Rep. Department of Computer Science, Dartmouth College, TR2002-417.Google Scholar
- Yee, K. 2002. User interaction design for secure systems. In Proceedings of the 4th International Conference on Information and Communications Security, Singapore. Google Scholar
Index Terms
- Trusted paths for browsers
Recommendations
Securing legacy firefox extensions with SENTINEL
DIMVA'13: Proceedings of the 10th international conference on Detection of Intrusions and Malware, and Vulnerability AssessmentA poorly designed web browser extension with a security vulnerability may expose the whole system to an attacker. Therefore, attacks directed at "benign-but-buggy" extensions, as well as extensions that have been written with malicious intents pose ...
Protecting browsers from cross-origin CSS attacks
CCS '10: Proceedings of the 17th ACM conference on Computer and communications securityCross-origin CSS attacks use style sheet import to steal confidential information from a victim website, hijacking a user's existing authenticated session; existing XSS defenses are ineffective. We show how to conduct these attacks with any browser, ...
Comments