/
You Can’t Be Me: Enabling Trusted Paths and User Sub-origins in Web Browsers You Can’t Be Me: Enabling Trusted Paths and User Sub-origins in Web Browsers

You Can’t Be Me: Enabling Trusted Paths and User Sub-origins in Web Browsers - PowerPoint Presentation

risilvia
risilvia . @risilvia
Follow
350 views
Uploaded On 2020-07-03

You Can’t Be Me: Enabling Trusted Paths and User Sub-origins in Web Browsers - PPT Presentation

Enrico Budianto Yaoqi Jia Xinshu Dong Prateek Saxena Zhenkai Liang School of Computing National University of Singapore Advanced Digital Sciences Center ID: 793783

user web browser secure web user secure browser data xyz server uframe bank origin channel userpath carol password acct

Share:

Link:

Embed:

Download Presentation from below link

Download The PPT/PDF document "You Can’t Be Me: Enabling Trusted Path..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.


Presentation Transcript

Slide1

You Can’t Be Me: Enabling Trusted Paths and User Sub-origins in Web Browsers

Enrico Budianto* Yaoqi Jia* Xinshu Dong‡ Prateek Saxena* Zhenkai Liang**School of Computing, National University of Singapore‡Advanced Digital Sciences Center

1

Slide2

Motivation (1)

Bank XYZWelcome, AliceAccount No: 123-55xyz.com

sessionID = 12345abc

Target 1 : Sensitive user-owned data

Target 2 : Privileged requests tied to a user

“The

scripts

can be me”

2

Slide3

Motivation (2)

Prevalence

Damage

9.6%

25%

websites vulnerable

to DOM-XSS

(CCS, 2013)

(Cenzic, 2014)

reported bugs

are XSS

3

Slide4

Insufficiency of Existing Solutions

SSL indicator for MixedContent VulnerabilitySame-origin policyFirst-line defensesSanitizationSecond-line defenses

Content Security Policy

(Not sufficient)

How can we protect sensitive user-owned

resources effectively?

XSS Auditor

4

Slide5

Vulnerable Channels on the Web

Origin OAmountBank Acct NoSEND

1

Input Channel

2

Display Channel

3

Session Data

Channel

Web Server

123-445

100000

2

0000

Browser Services

4

Request

Channel

5

Slide6

Our Approach & Contributions

Missing notions on the webUser Authority: adds a notion of “user” principal besides web originSub-origin: isolate privilege data state/code within a web originTrusted path: secure data channel between web user to the web serverOur approach achievesHigh compatibility & easy adoption (149 LOC)High TCB reduction (8x – 264x)Negligible performance overhead (2.3%)

6

Slide7

Scope & Assumptions

In-scopeWeb attackerUncompromised server [SP’09][ASIACCS’11]Benign userJS-based attacks

Out of scope

Uncompromised web browser

Flash and JAVA-based attacks

7

Slide8

Solution Overview

8

Slide9

Protecting User Credentials (1)

Authentication PageUsernamePassword

Bank XYZ

LOGIN

Browser

Services

Problem : Attacker compromises the input data

Solution : Tamper proof HTML element for input data

9

xyz.com

Slide10

Protecting User Credentials (2)

Problem: Spoofing for user credentialsBrowserServicesUsername

Password

LOGIN

CVV

Solution: Special display element with color indicator

Username

10

xyz.com

Slide11

Protecting User Credentials (3)

Authentication PageUsernamePassword

Bank XYZ

LOGIN

Browser

Services

Problem: Leaking credentials to the bad websites

Web

Server

11

xyzi.com

Slide12

Protecting User Credentials (3)

Authentication PageUsernamePassword

Bank XYZ

LOGIN

Browser

Services

Solution : Mutual authentication using zero-knowledge

proof protocol

Web

Server

PAKE

Protocol

Ks

Ks

12

xyz.com

Slide13

Secure Authority Delegation (1)

Web ServerKs

Ks

Browser

Services

HTML+JS

Present web: origin manages user-owned resources

Account No : 123-445

123-445

Problem: injected scripts have access to user-owned resources

13

xyz.com

Slide14

Secure Authority Delegation (2)

Web ServerKs

Ks

Browser

Services

HTML+JS

Solution: Separate sensitive data and trusted code

123-445

Data + Code

Account No :

123-445

Solution: Component with higher privilege than origin

14

xyz.com

Slide15

End-to-end Trusted Path

KsBrowserServices

Name : Alice Bob

Account No : 123-445

Balance : USD 100000

Web Server

Ks

Problem : Fake HTTP request from the attacker

Solution: Authorized HTTP request

15

xyz.com

Slide16

UserPath Implementation

16

Slide17

Establishing Secure Channels (1)

Origin O

Browser Services

Username

Password

Secure Input Channel

Secure Display Channel

17

xyz.com

Slide18

Establishing Secure Channels (2)

Origin OAmountBank Acct No

SEND

100000

Browser Services

Secure Session Data Channel

UFrame = User authority + Sub-origin

Secure Input / Display Channel

18

xyz.com

Slide19

Establishing Secure Channels (3)

Origin OAmountBank Acct No

SEND

100000

Browser Services

UFrame

Web Server

Secure Request Channel

19

xyz.com

Slide20

Establishing Secure Channels (4)

Origin O

Browser Kernel

Username

Password

Secure Input

Secure Display

Origin

O

Browser Kernel

UFrame

Web Server

Secure Request

Secure Session Data

Building four secure channels

Trusted Path on the web

20

User + Sub-Origin + Trusted Path = UserPath

Slide21

Implementation Summary

Patched Chromium v12  added 475 lines of C++ codeClient-side PAKE plug-inServer-side PAKE module21

Slide22

UserPath Evaluation

22

Slide23

Evaluation

Questions to be answered (w.r.t web applications):How many lines of code to adopt UserPath? (Adoption effort) How big is TCB reduction after adopting UserPath? (TCB reduction) How big is the performance overhead after adopting UserPath? (Performance)23

Slide24

Evaluation Setup

ApplicationLOC #Application LOC #Elgg114375Magento928991Friendica144555ZenCart95381Roundcube109663osCommerce

60081

OpenEMR

495987

StoreSprite

30350

OwnCloud

337192

CubeCart

11942

HotCRP

36333

WordPress135540OpenConf17589Joomla227351PrestaShop250660

Drupal43835OpenCart93770Piwigo143144AstroSpaces6972X2CRM

747261

Phone number, e-mail data, Admin options (set user as admin, add new user)

24

Slide25

Reported Vulnerabilities

Sensitive user-owned data protected from 325 reported XSS and CSRF Vulnerabilities (CVE)325 Vulnerabilities25

Slide26

Adoption Effort

Successfully retrofitted 20 applicationsModify web page that contains sensitive user-owned resourcesMeasure the LOC number of PHP code (mostly JS code)Application CategoryUserPath LOC (PHP)Social Network App188.3E-mail App96Health Information System141File Management System161

Conference

Mgmt

System

145

E-Commerce

158.1

Content

Mgmt

System

87

CRM217

# LOC : 14926

Slide27

TCB Reduction

Initial TCB : Size of web page without UserPathFinal TCB : Size of the UFrame Code (size in KB)TCB Reduction : 8x – 264x27

 

Slide28

Performance

Performance testing conducted on Chromium v.12Time taken during login with and without UserPathMeasured in secondsPerformance overhead: 2.3%28

Slide29

Conclusion

Augment the web with the three missing notions:User authority || Sub-origins || Trusted PathComplete second line of defense to protect sensitive user-owned resourcesPractical Applications  evaluated on 20 PHP applications

TCB Reduction

Performance

Adoption Effort

29

Slide30

Enrico Budianto

enricob@comp.nus.edu.sghttps://github.com/ebudianto/UserPath

Slide31

References

[SP’09] B. Parno, J. McCune, D. Wendlandt, et.a.CLAMP: Practical Prevention of Large-Scale Data Leaks[ASIACCS’11] A.P. Felt, M. Finifter, J. Weinberger, and D. WagnerDiesel: Applying Privilege Separation to Database Access[CCS’13] S. Lekies, B. Stock, M. Johns.25 Million Flows Later: Large-scale Detection of DOM-based XSS

31

Slide32

References

[ESORICS’13] D. Akhawe, F. Li, W. He, et.al.Data-confined HTML5 Applications[SEC’12] M Dietz, A. Czeskis, D. Balfanz, and D.S. WallachOrigin-Bound Certificates: A Fresh Approach to Strong Client Authentication for the Web[NDSS’12] Y. Cao, V. Yegneswaran, P. Porras, and Y. ChenPathCutter: Severing the Self-Propagation Path of XSS JavaScript Worms in Social Web Networks[ICECCS’13] X. Dong, K. Patil, J. Mao, and Z. LiangA Comprehensive Client-side Behavior Model for Diagnosing Attacks in Ajax Applications

[NDSS’97]

T. Wu

The Secure Remote Password

Protocol

[WWW’09

] Y.

Oiwa

, H. Watanabe, and H. Takagi

PAKE-based mutual HTTP authentication for preventing phishing

attacks

32

Slide33

UserPath : Secure Login

Web Server

PAKE

Protocol

Ks

Ks

Browser kernel

How to securely login

and

authenticate user

to

a web application

?

Authentication Page

Username

Password

Bank XYZ

33

Slide34

Attack Channels 1:

Input & Display ChannelAlice BobAuthentication PageUsername

Password

123-4456

Input Channel

Display Channel

No secure channel for data

 Trusted path

Bank XYZ

34

Slide35

Attack Channels 2:

Session Data ChannelAlice BobMoney TransferReceiving Party : Charles

Amount : USD 10000

No isolation of sensitive data & trusted code within an origin

 Sub-origins

Bank XYZ

Browser

Kernel

SEND

Charles – Acct No: 155-246

Charles – Acct No: 155-246

35

Slide36

Attack Channels 3:

Request ChannelBrowser Kernel

Alice Bob

Money Transfer

Bank Acct No : 145-222

Amount : USD 10000

Bank XYZ

SEND

Bank Acct No : 145-222

Amount : USD 10000

Web Server

“Please send to Mallory’s

a

ccount with amount =

USD 20”

OK!

XHR API

No End-to-end user authority

Trusted

path,

Sub-origins

,User authority

Binding Token for Network Request

36

Slide37

UserPath Design

37

Slide38

UserPath: Overview

Browser Kernel

Web Server

UFrame

Web Page Instance

Alice Bob

Money Transfer

Bank Acct No : 145-222

Amount : USD 10000

Bank XYZ

SEND

Secure

UI

User-authority + Sub-Origins

=

UFrame

(1)

Building secure data channels

from browser I/O to program

at web server 

Trusted Path

(2)

38

Slide39

UserPath : Secure Login

Web Server

PAKE

Protocol

Ks

Ks

Browser kernel

How to securely login

and

authenticate user

to

a web application

?

39

Slide40

Alice

Money TransferBank Acct No : 145-222Amount : USD 10000

Bank XYZ

SEND

Illustration of a UFrame

Web Server

Origin

O

<html>

</html>

<

uframe

>

s

ign =

abcdefgh

</

uframe

>

UFrame code won’t be accessible to any scripts running outside UFrame

UFrame code is verified by web browser on its authenticity and integrity

40

Slide41

O

AliceHTML

<

uframe

>

Token =

‘qvrz1clw’

x

hr.send

()

<body>

</body>

Use Case: Creating Authenticated HTTP Request

Origin

O

Web Server

Browser

Kernel

Secure

UI

Display name,

username, e-mail,

Etc.

Token = ‘

qvrz1clw

41

Slide42

Sensitive User-owned Resources

Welcome Alice Bob,Balance $10000

Phone No

Credit Card No

User’s Bio

Inputted Data :

Username, password

Profile Picture

Display Data :

Bank account #, phone number

Binding Token :

Request token

Bank Acct No. 123-3456

42

Slide43

A PAKE Protocol

Browser

Kernel

Server-side

Module

Verifier

v

[NDSS’97] [WWW’09]

Ks

Ks

Zero-knowledge Protocol

43

Slide44

A PAKE Protocol

441. Carol sends Steve her username, (e.g. carol).2. Steve looks up Carol's password entry and fetches her password verifier v and her salt s. He sends s to Carol. Carol computes her long-term private

key 

x

 using 

s

 and

her

real

password

 

P.  

3. Carol generates a random number a, 1 < a < n, computes her ephemeral

public key A = g^a, and sends it to Steve.  4. Steve generates his own random number b, 1 < b < 

n, computes his ephemeral public key B = v + g^b, and sends it back to Carol, along with the randomly generated parameter 

u.  5. Carol and Steve compute the common exponential value 

S = g^(

ab + bux) using the values available to each of them. If Carol's password

 

P

 entered

in

Step 

2

 matches the one she originally used to

generate

 

v

, then both

values

of 

S

 will match.  

6. Both

sides hash the exponential 

S

 into a cryptographically strong session key.

7. Carol

sends Steve 

M

[1] as evidence that she has the correct session key. Steve

computes

 

M

[1] himself and verifies that it matches what Carol sent him.

8. Steve

sends Carol 

M

[2] as evidence that he also has the correct session key.

Carol

also verifies 

M

[2] herself, accepting only if it matches Steve's value.

Slide45

Security Analysis of UserPath

Web Server O

O

Alice

HTML

<

uframe

token

=

‘qvrz1clwo90xiud’

s

ign

= ‘8d4f9a3112e70043’></uframe>

x

hr.send

()

Compromise UFrame content

Phish and intercept UI

Access session or

other sensitive date

45