article

Trusted paths for browsers

Authors:

Zishuang (Eileen) Ye,

Denise AnthonyAuthors Info & Claims

ACM Transactions on Information and System Security (TISSEC), Volume 8, Issue 2

Pages 153 - 186

https://doi.org/10.1145/1065545.1065546

Published: 01 May 2005 Publication History

Abstract

Computer security protocols usually terminate in a computer; however, the human-based services which they support usually terminate in a human. The gap between the human and the computer creates potential for security problems. We examine this gap, as it is manifested in secure Web servers. Felten et al. demonstrated the potential, in 1996, for malicious servers to impersonate honest servers. In this paper, we show how malicious servers can still do this---and can also forge the existence of an SSL session and the contents of the alleged server certificate. We then consider how to systematically defend against Web spoofing, by creating a trusted path from the browser to the human user. We present potential designs, propose a new one, prototype it in open-source Mozilla, and demonstrate its effectiveness via user studies.

References

[1]

Alsaid, A. and Marti, D. 2002. Detecting web bugs with bugnosis: Privacy advocacy through education. In Proceedings of the 2nd Workshop on Privacy Enhancing Technologies, San Fransicsco, CA. Springer-Verlag, Berlin.

[2]

ArticSoft Limited. 2000 WebAssurity. Online resource. http://www.articsoft.com/webassurity. htm.

[3]

Barbalac, R. 2000. Making something look hacked when it isn't. The Risks Digest 21, 16 (Dec.).

[4]

Bonisteel, S. 2001. Microsoft browser slips up on SSL certificates. Online resource. http://www.computeruser.com/news/01/12/27/news4.html.

[5]

Dean, D. and Wallach, D. 2001. Personal communication.

[6]

Department of Defense. 1985. Trusted Computer System Evaluation Criteria. DoD 5200.28-STD.

[7]

Dix, A., Finlay, J., Abowd, G., and Beale, R. 1997. Human-Computer Interaction, 2 ed. Prentice Hall, Englewood Cliffs, NJ.

[8]

Ellison, C. 1999. The nature of a usable PKI. Computer Networks 31.

[9]

Ellison, C. 2000. Personal communication.

[10]

Ellison, C., Hall, C., Milbert, R., and Schneier, B. 2000. Protecting secret keys with personal entropy. Future Generation Computer Systems 16.

[11]

Felten, E., Balfanz, D., Dean, D., and Wallach, D. 1997. Web spoofing: An internet con game. In The 20th National Information Systems Security Conference, Baltimore, MD.

[12]

Fogg, B., Soohoo, C., Danielson, D., Marable, L., Stanford, J., and Tauber, E. 2002. How do People Evaluate a Web Site's Credibility? Results from a Large Study. Tech. Rep., Consumer WebWatch/Stanford Persuasive Technology Lab.

[13]

Friedman, B., Hurley, D., Howe, D., Felten, E., and Nissenbaum, H. 2003. User's conceptions of web security: A comparative study. In ACM/CHI2002 Conference on Human Factors and Computing Systems, Minneapolis, MN. Extended abstracts.

[14]

GeoTrust, Inc. 2003. True site: Identity assurance for Web sites. Online resource. http://www.geotrust.com/true_site/index.htm.

[15]

Herzberg, A. and Gbara, A. 2004. Protecting (even) naive Web users, or: preventing spoofing and establishing credentials of Web sites. Draft.

[16]

Jiang, S., Smith, S., and Minami, K. 2001. Securing Web servers against insider attack. In the 17th ACSA/ACM Computer Security Applications Conference, New Orleans, LA.

[17]

Kain, K., Smith, S., and Asokan, R. 2002. Digital signatures and electronic documents: A cautionary tale. In Advanced Communications and Multimedia Security. Kluwer Academic, Norwell, MA.

[18]

Lefranc, S. and Naccache, D. 2003. Cut-&-paste attacks with JAVA. In Information Security and Cryptology---ICISC 2002. LNCS 2587, Springer-Verlag, Berlin.

[19]

Marchesini, J., Smith., S., and Zhao, M. 2003. Keyjacking: Risks of the current client-side infrastructure. In Proceedings of the 2nd Annual PKI Research Workshop, Gaithersburg, MD.

[20]

Maremont, M. 1999. Extra! extra!: Internet hoax, get the details. The Wall Street Journal.

[21]

Mozilla Organization, the. 2001. Gecko DOM reference. Online resource. http://www.mozilla.org/docs/dom/domref/dom_window_ref.html.

[22]

Norman, E. 2002. Personal communication.

[23]

Paoli, F. D., DosSantos, A., and Kemmerer, R. 1997. Vulnerability of ‘secure’ web browsers. In Proceedings of the National Information Systems Security Conference.

[24]

Perrig, A. and Song, D. 1999. Hash visualization: A new technique to improve real-world security. In Proceedings of the 1999 International Workshop on Cryptographic Techniques and E-Commerce.

[25]

Rescorla, E. 2001. SSL and TLS: Designing and building secure systems. Addison Wesley, Reading, MA.

[26]

Rome, J. 1995. Compartmented mode workstations. Online resource. http://www.ornl.gov/~jar/doecmw.pdf.

[27]

Secunia. 2004. Mozilla/mozilla firefox user interface spoofing vulnerability. Secunia Advisory SA12188. http://secunia.com/advisories/12188/.

[28]

Secure Software, Inc. EGADS homepage. Online resource. http://www.securesoftware.com/download_form_egads.htm.

[29]

Smith, S. 2000. WebALPS: Using Trusted Co-Servers to Enhance Privacy and Security of Web Interactions. Tech. Rep. IBM T.J. Watson Research Center Research Report RC 21851.

[30]

Smith, S. 2001. WebALPS: A survey of e-commerce privacy and security applications. ACM SIGecom Exchanges 2.3.

[31]

Smith, S. and Safford, D. 2001. Practical server privacy using secure coprocessors. IBM Systems Journal 40.

[32]

Sullivan, B. 2000. Scam artist copies payPal Web site. The page expired, but related discussion exists at http://www.landfield.com/isn/mail-archive/2000/Jul/0100.html.

[33]

Turner, C. 2003. How do consumers form their judgments of the security of e-commerce web sites? In ACM/CHI2003 Workshop on Human-Computer Interaction and Security Systems, Fort Lauderdale, FL. http://www.andrewpatrick.ca/CHI2003/HCISEC/index.html.

[34]

Tygar, J. and Whitten, A. 1996. WWW electronic commerce and Java trojan horses. In Proceeding of the 2nd USENIX Workshop on Electronic Commerce.

[35]

United States Securities And Exchange Commission. 1999. Litigation release no. 16266. Online Resource. http://www.sec.gov/litigation/litreleases/lr16266.htm.

[36]

Weiser, R. 2001. Personal communication.

[37]

Whitten, A. and Tygar, J. 1999. Why johnny can't encrypt: A usability evaluation of PGP 5.0. In Proceeding of the 8th USENIX Security Symposium (Washington D.C.).

[38]

Ye, Z. 2002. Building trusted paths for Web browsers. M.S. Thesis, Department of Computer Science, Dartmouth College, Hanover, NH.

[39]

Ye, Z. and Smith, S. 2002. Trusted paths for browsers. In Proceeding of the 11th USENIX Security Symposium, San Francisco, CA.

[40]

Ye, Z., Yuan, Y., and Smith, S. 2002. Web Spoofing Revisited: SSL and Beyond. Tech. Rep. Department of Computer Science, Dartmouth College, TR2002-417.

[41]

Yee, K. 2002. User interaction design for secure systems. In Proceedings of the 4th International Conference on Information and Communications Security, Singapore.

Cited By

Borges HAndrade DSilva JCorreia M(2023)TrustGlass: Human-Computer Trusted Paths with Augmented Reality Smart Glasses2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)10.1109/TrustCom60117.2023.00106(712-721)Online publication date: 1-Nov-2023
https://doi.org/10.1109/TrustCom60117.2023.00106
Petracca GSun YReineh AMcDaniel PGrossklags JJaeger THeninger NTraynor P(2019)EntrustProceedings of the 28th USENIX Conference on Security Symposium10.5555/3361338.3361378(567-584)Online publication date: 14-Aug-2019
https://dl.acm.org/doi/10.5555/3361338.3361378
Giustolisi RBella GLenzini G(2018)Invalid certificates in modern browsersJournal of Computer Security10.3233/JCS-1689126:4(509-541)Online publication date: 1-Jan-2018
https://dl.acm.org/doi/10.3233/JCS-16891
Show More Cited By

Index Terms

Trusted paths for browsers

Recommendations

SENTINEL

A poorly designed web browser extension with a security vulnerability may expose the whole system to an attacker. Therefore, attacks directed at "benign-but-buggy" extensions, as well as extensions that have been written with malicious intent, pose ...
Securing legacy firefox extensions with SENTINEL
DIMVA'13: Proceedings of the 10th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment

A poorly designed web browser extension with a security vulnerability may expose the whole system to an attacker. Therefore, attacks directed at "benign-but-buggy" extensions, as well as extensions that have been written with malicious intents pose ...
Protecting browsers from cross-origin CSS attacks
CCS '10: Proceedings of the 17th ACM conference on Computer and communications security

Cross-origin CSS attacks use style sheet import to steal confidential information from a victim website, hijacking a user's existing authenticated session; existing XSS defenses are ineffective. We show how to conduct these attacks with any browser, ...

Comments

Information & Contributors

Information

Published In

cover image ACM Transactions on Information and System Security

ACM Transactions on Information and System Security Volume 8, Issue 2

May 2005

106 pages

ISSN:1094-9224

EISSN:1557-7406

DOI:10.1145/1065545

Issue’s Table of Contents

Copyright © 2005 ACM.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 May 2005

Published in TISSEC Volume 8, Issue 2

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

60
Total Citations
View Citations
2,465
Total Downloads

Downloads (Last 12 months)19
Downloads (Last 6 weeks)3

Reflects downloads up to 27 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Borges HAndrade DSilva JCorreia M(2023)TrustGlass: Human-Computer Trusted Paths with Augmented Reality Smart Glasses2023 IEEE 22nd International Conference on Trust, Security and Privacy in Computing and Communications (TrustCom)10.1109/TrustCom60117.2023.00106(712-721)Online publication date: 1-Nov-2023
https://doi.org/10.1109/TrustCom60117.2023.00106
Petracca GSun YReineh AMcDaniel PGrossklags JJaeger THeninger NTraynor P(2019)EntrustProceedings of the 28th USENIX Conference on Security Symposium10.5555/3361338.3361378(567-584)Online publication date: 14-Aug-2019
https://dl.acm.org/doi/10.5555/3361338.3361378
Giustolisi RBella GLenzini G(2018)Invalid certificates in modern browsersJournal of Computer Security10.3233/JCS-1689126:4(509-541)Online publication date: 1-Jan-2018
https://dl.acm.org/doi/10.3233/JCS-16891
Freyberger MHe WAkhawe DMazurek MMittal P(2018)Cracking ShadowCrypt: Exploring the Limitations of Secure I/O Systems in Internet BrowsersProceedings on Privacy Enhancing Technologies10.1515/popets-2018-00122018:2(47-63)Online publication date: 20-Feb-2018
https://doi.org/10.1515/popets-2018-0012
Patil SWasnik KBagade S(2018)Pen-Drive Based Password Management System for Online AccountsEmerging Technologies in Data Mining and Information Security10.1007/978-981-13-1951-8_62(693-704)Online publication date: 12-Dec-2018
https://doi.org/10.1007/978-981-13-1951-8_62
Hussain MJin HHussien ZAbduljabbar ZAbbdal SIbrahim A(2017)Enc-DNS-HTTPSecurity and Communication Networks10.1155/2017/94794762017Online publication date: 3-Apr-2017
https://dl.acm.org/doi/10.1155/2017/9479476
Wazan ALaborde RChadwick DBarrere FBenzekri AKaiiali MHabbal A(2017)Trust Management for Public Key InfrastructuresSecurity and Communication Networks10.1155/2017/69071462017Online publication date: 1-Jan-2017
https://dl.acm.org/doi/10.1155/2017/6907146
Nwogugu M(2016)ReferencesIllegal Online File Sharing, Decision-Analysis, and the Pricing of Digital Goods10.1201/9781315383149-16(239-280)Online publication date: Nov-2016
https://doi.org/10.1201/9781315383149-16
Shaikh AShabut AHossain M(2016)A literature review on phishing crime, prevention review and investigation of gaps2016 10th International Conference on Software, Knowledge, Information Management & Applications (SKIMA)10.1109/SKIMA.2016.7916190(9-15)Online publication date: 2016
https://doi.org/10.1109/SKIMA.2016.7916190
Zhang-Kennedy LChiasson Svan Oorschot P(2016)Revisiting password rules: facilitating human management of passwords2016 APWG Symposium on Electronic Crime Research (eCrime)10.1109/ECRIME.2016.7487945(1-10)Online publication date: Jun-2016
https://doi.org/10.1109/ECRIME.2016.7487945
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Issue’s Table of Contents