An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks - PowerPoint PPT Presentation

1 / 22
About This Presentation
Title:

An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks

Description:

... Homograph with suspicious page warning A known Homograph attack that makes IE change the address bar to yellow Picture-in-Picture attack Web Browser is ... – PowerPoint PPT presentation

Number of Views:205
Avg rating:3.0/5.0
Slides: 23
Provided by: facultyC90
Category:

less

Transcript and Presenter's Notes

Title: An Evaluation of Extended Validation and Picture-in-Picture Phishing Attacks


1
An Evaluation of Extended Validation and
Picture-in-Picture Phishing Attacks
  • Collin Jackson et. all
  • Presented by Roy Ford

2
Extended Validation Certificates
  • Enhanced Certificates
  • Validate the owner of a domain
  • Also validates that the owner is a legitimate
    business
  • Business must be legally incorporated and have a
    business address

3
Extended Validation
  • List of sites that use Verisign Extended
    Validation
  • http//www.verisign.com/ssl/ssl-information-center
    /ssl-case-studies/ev-ssl-customers/index.html

4
Picture-in-Picture
  • Normally, a user can tell the web page they are
    on or the security of the page by looking at
    their address bar or looking for a padlock
  • Hackers can get around this by overlaying the
    browser window with a JPEG that contains a valid
    URL and security indicators
  • JavaScript can also be used to add functionality
    to the falsified page

5
Picture-in-Picture
6
http//www.technicalinfo.net/papers/images/WP.Imag
eOverlays.png
7
Study
  • See how people classify web sites as safe or
    unsafe
  • See if Extended Validation Works
  • See if training on security helps people identify
    bad web sites

8
Setup
  • 27 participates were recruited and broken into 3
    groups
  • Trained Group
  • Untrained Group
  • Control Group
  • Each user was shown 12 web pages and ask to
    classify them as legitimate or not

9
User Classifications
  • Trained group
  • Shown the Extended Validation bar
  • Asked to read the Internet Explorer help file on
    Extended Validation and Phishing
  • Untrained group
  • Just shown the Extended Validation bar, without
    an explanation
  • Control Group
  • Not shown extended validation
  • Were not asked the do the tasks that included EV

10
Web Site ClassificationsLegitimate
  • Real
  • The correct bank web site
  • Real, but Confusing
  • A real site that when linked to gives a warning,
    prompts for a password but not for a login
  • Looks fake, but it is real

11
Web Site ClassificationIllegitimate
  • Homograph attack
  • Subtly different URL to attack site
    (www.bankofthevvest.com)
  • Homograph with suspicious page warning
  • A known Homograph attack that makes IE change the
    address bar to yellow
  • Picture-in-Picture attack
  • Web Browser is overlaid with a JPEG and JavaScript

12
Web Site ClassificationIllegitimate
  • Mismatched Picture-in-Picture
  • A Picture-in-Picture attack where the colors of
    the browser are different from the users
    configured colors
  • IP address blocked by Phishing Filter
  • URL contains IP address that is known the IE
    phishing filter. This forces IE to highlight the
    address with Red and browse away from it

13
Results
14
Results
  • Trained Participants
  • More likely to classify the real confusing site
    as legitimate
  • Picture-in-Picture attacks more likely to succeed
  • More likely to identify real and spoofed sites as
    legitimate

15
Results
  • Only 3 participants identified the 3
    Picture-in-Picture attacks
  • Two tried to use an un-implemented browser
    feature
  • One did not trust pop-ups

16
Browser Documentation
  • Authors felt that the trained users did poorly
    because the browser documentation for extended
    validation gave a false sense of security

17
From the IE Documentation
How can I tell if I have a secure connection? In
Internet Explorer, you will see a lock icon
     in the Security Status bar. The Security
Status bar is located on the right side of the
Address bar. The certificate that is used to
encrypt the connection also contains information
about the identity of the website owner or
organization. You can click the lock to view the
identity of the website.
18
Extended Validation
  • Did not provide much advantage
  • Untrained and Control groups did not
    statistically vary in their use of the feature

19
Homograph Attack
  • Were the browser font distinguished the two vs
    in bankofthevvest, it was not effective
  • One certificate pop-up did have a poor font in
    it, and the user mistakenly accepted it

20
Phishing Warnings
  • Some users did not even notice them and marked
    phishing sites as legitimate
  • They give a false sense of security, since they
    are not 100 accurate

21
Picture-in-Picture
  • Ways to reduce
  • Eliminate pop-ups to make address field on the
    browser more consistent
  • Make browsers more customizable to generate more
    mismatched chrome
  • Teach users to validate that the browser window
    has focus when it is bright
  • Drag the window or maximize it, since the
    Picture-in-Picture cannot be resized

22
Conclusion
  • Extended Validation and Training did not improve
    the users ability to recognize illegitimate sites
  • The visual clues of Extended Validation, if they
    catch on, may be countered with
    Picture-in-picture attacks
Write a Comment
User Comments (0)
About PowerShow.com