Enrico Budianto Yaoqi Jia Xinshu Dong Prateek Saxena Zhenkai Liang School of Computing National University of Singapore Advanced Digital Sciences Center ID: 793783
Download The PPT/PDF document "You Can’t Be Me: Enabling Trusted Path..." is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Slide1
You Can’t Be Me: Enabling Trusted Paths and User Sub-origins in Web Browsers
Enrico Budianto* Yaoqi Jia* Xinshu Dong‡ Prateek Saxena* Zhenkai Liang**School of Computing, National University of Singapore‡Advanced Digital Sciences Center
1
Slide2Motivation (1)
Bank XYZWelcome, AliceAccount No: 123-55xyz.com
sessionID = 12345abc
Target 1 : Sensitive user-owned data
Target 2 : Privileged requests tied to a user
“The
scripts
can be me”
2
Slide3Motivation (2)
Prevalence
Damage
9.6%
25%
websites vulnerable
to DOM-XSS
(CCS, 2013)
(Cenzic, 2014)
reported bugs
are XSS
3
Slide4Insufficiency of Existing Solutions
SSL indicator for MixedContent VulnerabilitySame-origin policyFirst-line defensesSanitizationSecond-line defenses
Content Security Policy
(Not sufficient)
How can we protect sensitive user-owned
resources effectively?
XSS Auditor
4
Slide5Vulnerable Channels on the Web
Origin OAmountBank Acct NoSEND
1
Input Channel
2
Display Channel
3
Session Data
Channel
Web Server
123-445
100000
2
0000
Browser Services
4
Request
Channel
5
Slide6Our Approach & Contributions
Missing notions on the webUser Authority: adds a notion of “user” principal besides web originSub-origin: isolate privilege data state/code within a web originTrusted path: secure data channel between web user to the web serverOur approach achievesHigh compatibility & easy adoption (149 LOC)High TCB reduction (8x – 264x)Negligible performance overhead (2.3%)
❶
❷
6
Slide7Scope & Assumptions
In-scopeWeb attackerUncompromised server [SP’09][ASIACCS’11]Benign userJS-based attacks
Out of scope
Uncompromised web browser
Flash and JAVA-based attacks
7
Slide8Solution Overview
8
Slide9Protecting User Credentials (1)
Authentication PageUsernamePassword
Bank XYZ
LOGIN
Browser
Services
Problem : Attacker compromises the input data
Solution : Tamper proof HTML element for input data
9
xyz.com
Slide10Protecting User Credentials (2)
Problem: Spoofing for user credentialsBrowserServicesUsername
Password
LOGIN
CVV
Solution: Special display element with color indicator
Username
10
xyz.com
Slide11Protecting User Credentials (3)
Authentication PageUsernamePassword
Bank XYZ
LOGIN
Browser
Services
Problem: Leaking credentials to the bad websites
Web
Server
11
xyzi.com
Slide12Protecting User Credentials (3)
Authentication PageUsernamePassword
Bank XYZ
LOGIN
Browser
Services
Solution : Mutual authentication using zero-knowledge
proof protocol
Web
Server
PAKE
Protocol
Ks
Ks
12
xyz.com
Slide13Secure Authority Delegation (1)
Web ServerKs
Ks
Browser
Services
HTML+JS
Present web: origin manages user-owned resources
Account No : 123-445
123-445
Problem: injected scripts have access to user-owned resources
13
xyz.com
Slide14Secure Authority Delegation (2)
Web ServerKs
Ks
Browser
Services
HTML+JS
Solution: Separate sensitive data and trusted code
123-445
Data + Code
Account No :
123-445
Solution: Component with higher privilege than origin
14
xyz.com
Slide15End-to-end Trusted Path
KsBrowserServices
Name : Alice Bob
Account No : 123-445
Balance : USD 100000
Web Server
Ks
Problem : Fake HTTP request from the attacker
Solution: Authorized HTTP request
15
xyz.com
Slide16UserPath Implementation
16
Slide17Establishing Secure Channels (1)
Origin O
Browser Services
Username
Password
Secure Input Channel
Secure Display Channel
17
xyz.com
Slide18Establishing Secure Channels (2)
Origin OAmountBank Acct No
SEND
100000
Browser Services
Secure Session Data Channel
UFrame = User authority + Sub-origin
Secure Input / Display Channel
18
xyz.com
Slide19Establishing Secure Channels (3)
Origin OAmountBank Acct No
SEND
100000
Browser Services
UFrame
Web Server
Secure Request Channel
19
xyz.com
Slide20Establishing Secure Channels (4)
Origin O
Browser Kernel
Username
Password
Secure Input
Secure Display
Origin
O
Browser Kernel
UFrame
Web Server
Secure Request
Secure Session Data
Building four secure channels
Trusted Path on the web
20
User + Sub-Origin + Trusted Path = UserPath
Slide21Implementation Summary
Patched Chromium v12 added 475 lines of C++ codeClient-side PAKE plug-inServer-side PAKE module21
Slide22UserPath Evaluation
22
Slide23Evaluation
Questions to be answered (w.r.t web applications):How many lines of code to adopt UserPath? (Adoption effort) How big is TCB reduction after adopting UserPath? (TCB reduction) How big is the performance overhead after adopting UserPath? (Performance)23
Slide24Evaluation Setup
ApplicationLOC #Application LOC #Elgg114375Magento928991Friendica144555ZenCart95381Roundcube109663osCommerce
60081
OpenEMR
495987
StoreSprite
30350
OwnCloud
337192
CubeCart
11942
HotCRP
36333
WordPress135540OpenConf17589Joomla227351PrestaShop250660
Drupal43835OpenCart93770Piwigo143144AstroSpaces6972X2CRM
747261
Phone number, e-mail data, Admin options (set user as admin, add new user)
24
Slide25Reported Vulnerabilities
Sensitive user-owned data protected from 325 reported XSS and CSRF Vulnerabilities (CVE)325 Vulnerabilities25
Slide26Adoption Effort
Successfully retrofitted 20 applicationsModify web page that contains sensitive user-owned resourcesMeasure the LOC number of PHP code (mostly JS code)Application CategoryUserPath LOC (PHP)Social Network App188.3E-mail App96Health Information System141File Management System161
Conference
Mgmt
System
145
E-Commerce
158.1
Content
Mgmt
System
87
CRM217
# LOC : 14926
Slide27TCB Reduction
Initial TCB : Size of web page without UserPathFinal TCB : Size of the UFrame Code (size in KB)TCB Reduction : 8x – 264x27
Performance
Performance testing conducted on Chromium v.12Time taken during login with and without UserPathMeasured in secondsPerformance overhead: 2.3%28
Slide29Conclusion
Augment the web with the three missing notions:User authority || Sub-origins || Trusted PathComplete second line of defense to protect sensitive user-owned resourcesPractical Applications evaluated on 20 PHP applications
TCB Reduction
Performance
Adoption Effort
29
Slide30Enrico Budianto
enricob@comp.nus.edu.sghttps://github.com/ebudianto/UserPath
Slide31References
[SP’09] B. Parno, J. McCune, D. Wendlandt, et.a.CLAMP: Practical Prevention of Large-Scale Data Leaks[ASIACCS’11] A.P. Felt, M. Finifter, J. Weinberger, and D. WagnerDiesel: Applying Privilege Separation to Database Access[CCS’13] S. Lekies, B. Stock, M. Johns.25 Million Flows Later: Large-scale Detection of DOM-based XSS
31
Slide32References
[ESORICS’13] D. Akhawe, F. Li, W. He, et.al.Data-confined HTML5 Applications[SEC’12] M Dietz, A. Czeskis, D. Balfanz, and D.S. WallachOrigin-Bound Certificates: A Fresh Approach to Strong Client Authentication for the Web[NDSS’12] Y. Cao, V. Yegneswaran, P. Porras, and Y. ChenPathCutter: Severing the Self-Propagation Path of XSS JavaScript Worms in Social Web Networks[ICECCS’13] X. Dong, K. Patil, J. Mao, and Z. LiangA Comprehensive Client-side Behavior Model for Diagnosing Attacks in Ajax Applications
[NDSS’97]
T. Wu
The Secure Remote Password
Protocol
[WWW’09
] Y.
Oiwa
, H. Watanabe, and H. Takagi
PAKE-based mutual HTTP authentication for preventing phishing
attacks
32
Slide33UserPath : Secure Login
Web Server
PAKE
Protocol
Ks
Ks
Browser kernel
How to securely login
and
authenticate user
to
a web application
?
Authentication Page
Username
Password
Bank XYZ
33
Slide34Attack Channels 1:
Input & Display ChannelAlice BobAuthentication PageUsername
Password
123-4456
Input Channel
Display Channel
No secure channel for data
Trusted path
Bank XYZ
34
Slide35Attack Channels 2:
Session Data ChannelAlice BobMoney TransferReceiving Party : Charles
Amount : USD 10000
No isolation of sensitive data & trusted code within an origin
Sub-origins
Bank XYZ
Browser
Kernel
SEND
Charles – Acct No: 155-246
Charles – Acct No: 155-246
35
Slide36Attack Channels 3:
Request ChannelBrowser Kernel
Alice Bob
Money Transfer
Bank Acct No : 145-222
Amount : USD 10000
Bank XYZ
SEND
Bank Acct No : 145-222
Amount : USD 10000
Web Server
“Please send to Mallory’s
a
ccount with amount =
USD 20”
OK!
XHR API
No End-to-end user authority
Trusted
path,
Sub-origins
,User authority
Binding Token for Network Request
36
Slide37UserPath Design
37
Slide38UserPath: Overview
Browser Kernel
Web Server
UFrame
Web Page Instance
Alice Bob
Money Transfer
Bank Acct No : 145-222
Amount : USD 10000
Bank XYZ
SEND
Secure
UI
User-authority + Sub-Origins
=
UFrame
(1)
Building secure data channels
from browser I/O to program
at web server
Trusted Path
(2)
38
Slide39UserPath : Secure Login
Web Server
PAKE
Protocol
Ks
Ks
Browser kernel
How to securely login
and
authenticate user
to
a web application
?
39
Slide40Alice
Money TransferBank Acct No : 145-222Amount : USD 10000
Bank XYZ
SEND
Illustration of a UFrame
Web Server
Origin
O
<html>
</html>
<
uframe
>
s
ign =
abcdefgh
</
uframe
>
UFrame code won’t be accessible to any scripts running outside UFrame
❶
❷
UFrame code is verified by web browser on its authenticity and integrity
40
Slide41O
AliceHTML
<
uframe
>
Token =
‘qvrz1clw’
x
hr.send
()
<body>
…
</body>
Use Case: Creating Authenticated HTTP Request
Origin
O
Web Server
Browser
Kernel
Secure
UI
Display name,
username, e-mail,
Etc.
Token = ‘
qvrz1clw
’
41
Slide42Sensitive User-owned Resources
Welcome Alice Bob,Balance $10000
Phone No
Credit Card No
User’s Bio
Inputted Data :
Username, password
Profile Picture
Display Data :
Bank account #, phone number
Binding Token :
Request token
Bank Acct No. 123-3456
42
Slide43A PAKE Protocol
Browser
Kernel
Server-side
Module
Verifier
v
[NDSS’97] [WWW’09]
Ks
Ks
Zero-knowledge Protocol
43
Slide44A PAKE Protocol
441. Carol sends Steve her username, (e.g. carol).2. Steve looks up Carol's password entry and fetches her password verifier v and her salt s. He sends s to Carol. Carol computes her long-term private
key
x
using
s
and
her
real
password
P.
3. Carol generates a random number a, 1 < a < n, computes her ephemeral
public key A = g^a, and sends it to Steve. 4. Steve generates his own random number b, 1 < b <
n, computes his ephemeral public key B = v + g^b, and sends it back to Carol, along with the randomly generated parameter
u. 5. Carol and Steve compute the common exponential value
S = g^(
ab + bux) using the values available to each of them. If Carol's password
P
entered
in
Step
2
matches the one she originally used to
generate
v
, then both
values
of
S
will match.
6. Both
sides hash the exponential
S
into a cryptographically strong session key.
7. Carol
sends Steve
M
[1] as evidence that she has the correct session key. Steve
computes
M
[1] himself and verifies that it matches what Carol sent him.
8. Steve
sends Carol
M
[2] as evidence that he also has the correct session key.
Carol
also verifies
M
[2] herself, accepting only if it matches Steve's value.
Slide45Security Analysis of UserPath
Web Server O
O
Alice
HTML
<
uframe
token
=
‘qvrz1clwo90xiud’
s
ign
= ‘8d4f9a3112e70043’></uframe>
❶
❷
❸
❹
x
hr.send
()
Compromise UFrame content
Phish and intercept UI
Access session or
other sensitive date
45