all your browser saved passwords could belong to us n.
Skip this Video
Loading SlideShow in 5 Seconds..
All Your Browser-saved Passwords Could Belong to Us PowerPoint Presentation
Download Presentation
All Your Browser-saved Passwords Could Belong to Us

All Your Browser-saved Passwords Could Belong to Us

120 Views Download Presentation
Download Presentation

All Your Browser-saved Passwords Could Belong to Us

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. All Your Browser-saved Passwords Could Belong to Us - A Security Analysis and a Cloud-based New Design By Rui Zhao, Chuan Yue ACM Conference on Data and Applications Security (CODASPY), 2013

  2. Text Passwords: the Dominant Position in Online User Authentication [1] [1] J. Bonneau et al., The quest to replace passwords: A framework for comparative evaluation of web authentication schemes. In Proc. of IEEE S&P Symposium, 2012

  3. Password Security • The something you know authentication factor • Expectations: strong, protected from beingstolen

  4. Problems of Passwords • The Dilemma • Weak passwords suffer from brute-force and dictionary attacks • Strong passwords are difficult to remember • Vulnerable to harvesting attacks such as phishing • Web users have more online accounts than before • The reality: use weak passwords, share passwords, write down passwords, etc. [2,3] [2] D. Florˆencio and C. Herley. A large-scale study of web password habits. In Proc. of WWW, 2007 [3] S. Komanduri et al. Of passwords and people: Measuring the effect of password-composition policies. In Proc. of CHI, 2011.

  5. Some Popular Solutions • Graphical passwords • security and usability concerns • Password hashing systems • security and usability concerns • Single sign-on systems • security concerns, business model limitations • Browser-based password managers • save and autofill, users don’t need to remember • potentially protect against phishing attacks[4] [4] C. Yue. Preventing the Revealing of Online Passwords to Inappropriate Websites with LoginInspector. In Proc. of LISA, 2012.

  6. Browser-based Password Managers (BPMs)

  7. Outline • Introduction and Background • Vulnerability Analysis • Design of Cloud-based Storage-Free BPM (CSF-BPM) • Implementation , Evaluation, Security Analysis • Conclusion, Current and Future Work

  8. Are those passwordssaved by BPMs secure?

  9. Threat Model - Basic • “Where a threat intersects with a vulnerability, risk is present.” – NIST Information Security Handbook: A Guide for Managers. • Threat sources - attackers who want to steal the sensitive login information stored in BPMs • Basic threat model: • Attackers can temporarily install malware on a user’s computer using very popular attacks such as drive-by downloads [5,6] • The installed malware can then steal the data [5] N. Provos et al., All your iframes point to us. In Proc. of USENIX Security Symposium, 2008. [6] Y.-M. Wang et al., Automated web patrol with strider honeymonkeys: Finding websites that exploit browser vulnerabilities. In Proc. of NDSS, 2006

  10. Threat Model - Assumptions • The installed malware can be removed from the system in a timely manner • Anti-malware software, such as Microsoft Forefront Endpoint Protection • Solutions such as Back to the Future framework [7] • Same assumption as in Google’s 2-step-verification [8] • Hard to identify cryptographic keys from memory [9] • DNS systems are secure and reliable [7] F. Hsu et al., Back to the future: A framework for automatic malware removal and system repair. In Proc. of ACSAC, 2006. [8] Eric Grosse, MayankUpadhyay, Authentication at Scale, IEEE S&P Magazine, 2012 [9] J. A. Halderman et al., Lest we remember: Cold boot attacks on encryption keys. In Proc. of USENIX Security Symposium, 2008.

  11. The Essential Problem of Existing BPMs • Computer  Home • A BPM  The Safe • A Master Password  The Combination • Google Chrome, Internet Explorer and Safari: • No combination at all • Firefox and Opera: • No mandatory combination • Brute-force attacks and phishing attacks to the master password The encrypted passwords stored by BPMs of the five browsers are very weakly protected!

  12. More Details on Attacks - 1 • Firefox without master password • steal signons.sqliteand key3.db, decrypt on any computer • Opera without master password • steal wand.dat, decrypt on any computer • Firefox and Opera with master password • the computation time for verifying a master password is very small • phishing attacks against the master password

  13. The (a) genuine and (b) fake master password entry dialog box in Firefox. • Created by the JavaScript prompt() function on any regular page • More sophisticated ones can be created by JavaScript and CSS (Cascading Style Sheets)

  14. More Details on Attacks - 2 • Internet Explorer, Google Chrome, and Safari • use the Windows API functions CryptProtectData and CryptUnprotectData • typically, only a user with the same Windows logon credential can decrypt the data • attackers steal the ciphertext, decrypt it on the victim’s computer, send back plaintext

  15. Overall Security Analysis Results • All your browser-saved passwords could belong to us! • We have developed tools and verified these security risks!

  16. Responses to our Responsible Vulnerability Disclosure • Firefox: asked for a development proposal • IE: forwarded to their development team • Safari: it is the limitation of Windows APIs • Opera: “a convenience feature, not a security feature”, do not assume drive-by download, will improve usability • Google Chrome: engineers quoted Law #1 from Microsoft “If a bad guy can persuade you to run his program on your computer, it's not your computer anymore”; upper-level researchers have different views

  17. Cloud-based Storage-Free BPM (CSF-BPM) Design High-level Architecture

  18. CSF-BPM Design Details Proactive password checker Password-based Key Derivation Function 2 (PBKDF-2) – RFC 2898 Single Strong Master Password (SSMP) mainKey mainSalt aeSalt PBKDF-params PBKDF-id E-id E-params recordKey AE-id AE-params recordKey recordKey aeKey Websites Credentials Encryption Header ELIR ELIR … Authenticated Encryption protectedELIRs siteURl siteUsername encryptedSitePassword recordSalt

  19. Security Analysis • Reduces the opportunities for attackers to steal and further crack regular users’ saved passwords • Makes it computationally infeasible for attackers to decrypt the stolen data • Accurately detects any invalid SSMP try and any modification to a saved PUPE data object • Requires a user to remember SSMP • Offers better security than Firefox and Opera with master password • They save encrypted data locally • They do not have strong key derivation • They do not detect any modification to the saved data • They need specific storage service