1 / 24

SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld

SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld. Motivation. Phishing caused 3 Billion $ damages in 2007 alone Current solutions are not effective enough. What is Phishing?. Any attempt to masquerade as a legitimate server in order to obtain sensitive information

trent
Download Presentation

SAPHE Secure Anti-Phishing Environment Presented by Uri Sternfeld

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. SAPHESecure Anti-Phishing EnvironmentPresented by Uri Sternfeld Saphe surfing!

  2. Motivation • Phishing caused 3 Billion $ damages in 2007 alone • Current solutions are not effective enough Saphe surfing!

  3. What is Phishing? • Any attempt to masquerade as a legitimate server in order to obtain sensitive information • Usually done by soliciting an unsuspecting user to follow a fraudulent link From: your bank To: unsuspecting user There are problems in your account. Please follow attached link to solve them. Saphe surfing!

  4. Why Phishing works? • Users are naïve • Its hard to detect differences in URLs: http://www.myrealbankserver.co.il/login.asp http://www.myrea1bankserver.co.il/login.asp • Over-reliance on SSL security Did you notice the small lock icon in the corner? Saphe surfing!

  5. Current solutions • Maintaining black lists (Firefox & IE7) • Phishing solicitations detection • Idiosyncratic characteristics That’s me! Saphe surfing!

  6. A relevant warning • This was recently published in a major Israeli bank’s web site: click me Saphe surfing!

  7. The Saphe Solution • Relies on a password known only to the user and the real server • Protects against: • Any impersonation of the real server • DNS poisoning • Man-in-the-Middle attacks Saphe surfing!

  8. Security assumptions • AES is a strong encryption algorithm • SSLv3.0 is a secure protocol • Digital certificates positively identify the owner of a domain Saphe surfing!

  9. The general idea • Use the password to authenticate the server to the user before using it to authenticate the user to the server • Encrypt information about the current session to detect any tampering Saphe surfing!

  10. How it works • Client-side code (plugin) automatically guards the user • Server-side code creates data that authenticates the server to the plugin • All the user needs to do is notice the plugin dialog box (or the lack of it…) Saphe surfing!

  11. Saphe surfing!

  12. How it really works • Plugin automatically started when relevant MIME-type is detected • The password is NOT sent until the server is authenticatedand the connection is proven to be tamper-free • All links MUST be secure (HTTPS) Saphe surfing!

  13. How it really works (ctd) • Client-side and server-side random challenge buffers are used (to prevent replay attacks) • Encryption key is derived from the password and the challenges • Data integrity is guaranteed with HMAC Saphe surfing!

  14. How it really works (ctd2) • Key derivation function is computationally demanding to slow offline enumeration • The server encrypts the following: • Connection source IP address • URL requested during the connection • Login URL Saphe surfing!

  15. How it really works (ctd3) • User machine’s real IP address is retrieved from a secured (HTTPS) known server Saphe surfing!

  16. Next:Thwarting Phishing attacks! Saphe surfing!

  17. Phishing scenario #1 • Redirecting the user to a fraudulent domain • Forged web page similar to the real one • Passive Phishing • (Most common scenario) Saphe surfing!

  18. Phishing scenario #2 • Active Phishing Saphe surfing!

  19. Phishing scenario #3 • DNS poisoning Saphe surfing!

  20. Phishing scenario #4 • Man-in-the-Middle Saphe surfing!

  21. Implementation details • Firefox plugin written as a DLL in C++ • Server side code written in C++ • Test server written in Python • Tested on Windows XP with Firefox 1.5 Saphe surfing!

  22. Future versions • Support more browsers and operating systems • Automatic installer • Allow HTML code in Saphe data • Support password hashes Saphe surfing!

  23. How much is the phish? Questions? (How many fish are in this presentation?) Saphe surfing!

  24. For more details: http://tau-itw.wikidot.com/project:safelogin mailto:saphesolution@yahoo.com Saphe surfing!

More Related