The web is essential for business and personal activities well beyond information retrieval, such online banking, financial transactions, and payment authorization, but reliable user authentication remains a challenge. OpenID is a mainstream Web single sign-on (SSO) solution intended for Internet-scale adoption. There are currently over one billion OpenID-enabled user accounts provided by major content-hosting and service providers (CSPs), e.g., Yahoo!, Google, Facebook, but only a few relying parties that allow users to use their OpenID credentials for SSO. Why is that?
This talk will overview OpenID, and then discuss weaknesses of (1) the protocol and its implementations, (2) the business model behind it, and (3) the user interface. It will conclude with a discussion of a proposal for addressing some of OpenID issues.
Is OpenID too Open? Technical, Business, and Human Issues That Get in the Way of OpenID and Ways of Addressing Them
↧
↧
Password Managers, Single Sign-On, Federated ID: Have users signed up?
Users have not signed up for OpenId. This presentation describes results of interviews with some 50 participants of several user studies on Web SSO.
↧
Improving Malicious URL Re-Evaluation Scheduling Through an Empirical Study of Malware Download Centers
The retrieval and analysis of malicious content is an essential task for security researchers. At the same time, the distrib- utors of malicious files deploy countermeasures to evade the scrutiny of security researchers. This paper investigates two techniques used by malware download centers: frequently updating the malicious payload, and blacklisting (i.e., re- fusing HTTP requests from researchers based on their IP). To this end, we sent HTTP requests to malware download centers over a period of four months. The requests are dis- tributed across two pools of IPs, one exhibiting high volume research behaviour and another exhibiting semi-random, low volume behaviour. We identify several distinct update pat- terns, including sites that do not update the binary at all, sites that update the binary for each new client but then repeatedly serve a specific binary to the same client, sites that periodically update the binary with periods ranging from one hour to 84 days, and server-side polymorphic sites, that deliver new binaries for each HTTP request. From this classification we identify several guidelines for crawlers that re-query malware download centers looking for binary updates. We propose a scheduling algorithm that incorpo- rates these guidelines, and perform a limited evaluation of the algorithm using the data we collected. We analyze our data for evidence of blacklisting and find strong evidence that a small minority of URLs blacklisted our high volume IPs, but for the majority of malicious URLs studied, there was no observable blacklisting response, despite issuing over over 1.5 million requests to 5001 different malware download centers.
↧
The Socialbot Network: When Bots Socialize for Fame and Money
Online Social Networks (OSNs) have become an integral part of today's Web. Politicians, celebrities, revolutionists, and others use OSNs as a podium to deliver their message to millions of active web users. Unfortunately, in the wrong hands, OSNs can be used to run astroturf campaigns to spread misinformation and propaganda. Such campaigns usually start off by infiltrating a targeted OSN on a large scale. In this paper, we evaluate how vulnerable OSNs are to a large-scale infiltration by socialbots: computer programs that control OSN accounts and mimic real users. We adopt a traditional web-based botnet design and built a Socialbot Network (SbN): a group of adaptive socialbots that are orchestrated in a command-and-control fashion. We operated such an SbN on Facebook—a 750 million user OSN—for about 8 weeks. We collected data related to users' behavior in response to a large-scale infiltration where socialbots were used to connect to a large number of Facebook users. Our results show that (1) OSNs, such as Facebook, can be infiltrated with a success rate of up to 80%, (2) depending on users' privacy settings, a successful infiltration can result in privacy breaches where even more users' data are exposed when compared to a purely public access, and (3) in practice, OSN security defenses, such as the Facebook Immune System, are not effective enough in detecting or stopping a large-scale infiltration as it occurs.
↧
What Makes Users Refuse Web Single Sign-On? An Empirical Investigation of OpenID
OpenID is an open and promising Web single sign-on (SSO) solution. This work investigates the challenges and concerns web users face when using OpenID for authentication, and identifies what changes in the login flow could improve the users' experience and adoption incentives. We found our participants had several behaviors, concerns, and misconceptions that hinder the OpenID adoption process: (1) their existing password management strategies reduce the perceived usefulness of SSO; (2) many (26%) expressed concerns with single-point-of-failure related issues; (3) most (71%) held the incorrect belief that the OpenID credentials are being given to the content providers; (4) half exhibited an inability to distinguish a fake Google login form, even when prompted; (5) many (40%) were hesitant to consent to the release of their personal profile information; and (6) many (36%) expressed concern with the use of SSO on websites that contain valuable personal information or, conversely, are not trustworthy. We also found that with an improved affordance and privacy control, more than 60% of study participants would use Web SSO solutions on the websites they trust.
↧
↧
On the Challenges in Usable Security Lab Studies: Lessons Learned from Replicating a Study on SSL Warnings
We replicated and extended a 2008 study conducted at CMU that investigated the e effectiveness of SSL warnings. We adjusted the experimental design to mitigate some of the limitations of that prior study; adjustments include allowing participants to use their web browser of choice and recruiting a more representative user sample. However, during our study we observed a strong disparity between our participants actions during the laboratory tasks and their self-reported "would be" actions during similar tasks in every day computer practices. Our participants attributed this disparity to the laboratory environment and the security it offered.In this paper we discuss our results and how the introduced changes to the initial study design may have affected them.Also, we discuss the challenges of observing natural behavior in a study environment, as well as the challenges of replicating previous studies given the rapid changes in web technology. We also propose alternatives to traditional laboratory study methodologies that can be considered by the usable security research community when investigating research questions involving sensitive data where trust may influence behavior.
↧
Heuristics for Evaluating IT Security Management Tools
The usability of IT security management (ITSM) tools is hard to evaluate by regular methods, making heuristic evaluation attractive. However, standard usability heuristics are hard to apply as IT security management occurs within a complex and collaborative context that involves diverse stakeholders. We propose a set of ITSM usability heuristics that are based on activity theory, are supported by prior research, and consider the complex and cooperative nature of security management. In a between-subjects study, we compared the employment of the ITSM and Nielsen's heuristics for evaluation of a commercial identity management system. Participants who used the ITSM set found more problems categorized as severe than those who used Nielsen's. As evaluators identified different types of problems with the two sets of heuristics, we recommend employing both the ITSM and Nielsen's heuristics during evaluation of ITSM tools.
↧
A Brick Wall, a Locked Door, and a Bandit: A Physical Security Metaphor For Firewall Warnings
We used an iterative process to design firewall warnings in which the functionality of a personal firewall is visualized based on a physical security metaphor. We performed a study to determine the degree to which our proposed warnings are understandable for users, and the degree to which they convey the risks and encourage safe behavior as compared to text warnings based on those from a popular personal firewall. The evaluation results show that our warnings facilitate the comprehension of warning information, better communicate the risk, and increase the likelihood of safe behavior. Moreover, they provide participants with a better understanding of both the functionality of a personal firewall and the consequences of their actions.
↧
Analysis of ANSI RBAC Support in EJB
This paper analyzes access control mechanisms of the Enterprise Java Beans (EJB) architecture and defines a configuration of the EJB protection system in a more precise and less ambiguous language than the EJB 3.0 standard. Using this configuration, the authors suggest an algorithm that formally specifies the semantics of authorization decisions in EJB. The level of support is analyzed for the American National Standard Institute’s (ANSI) specification of Role-Based Access Control (RBAC) components and functional specification in EJB. The results indicate that the EJB specification falls short of supporting even Core ANSI RBAC. EJB extensions dependent on the operational environment are required in order to support ANSI RBAC required components. Other vendor-specific extensions are necessary to support ANSI RBAC optional components. Fundamental limitations exist, however, due to the impracticality of some aspects of the ANSI RBAC standard itself. This paper sets up a framework for assessing implementations of ANSI RBAC for EJB systems.
↧
↧
The Socialbot Network: When Bots Socialize for Fame and Money
Online Social Networks (OSNs) have become an integral part of today's Web. Politicians, celebrities, revolutionists, and others use OSNs as a podium to deliver their message to millions of active web users. Unfortunately, in the wrong hands, OSNs can be used to run astroturf campaigns to spread misinformation and propaganda. Such campaigns usually start off by infiltrating a targeted OSN on a large scale. In this paper, we evaluate how vulnerable OSNs are to a large-scale infiltration by socialbots: computer programs that control OSN accounts and mimic real users. We adopt a traditional web-based botnet design and built a Socialbot Network (SbN): a group of adaptive socialbots that are orchestrated in a command-and-control fashion. We operated such an SbN on Facebook—a 750 million user OSN—for about 8 weeks. We collected data related to users' behavior in response to a large-scale infiltration where socialbots were used to connect to a large number of Facebook users. Our results show that (1) OSNs, such as Facebook, can be infiltrated with a success rate of up to 80%, (2) depending on users' privacy settings, a successful infiltration can result in privacy breaches where even more users' data are exposed when compared to a purely public access, and (3) in practice, OSN security defenses, such as the Facebook Immune System, are not effective enough in detecting or stopping a large-scale infiltration as it occurs.
↧
[POSTER] The Socialbot Network: When Bots Socialize for Fame and Money
Online Social Networks (OSNs) have become an integral part of today's Web. Politicians, celebrities, revolutionists, and others use OSNs as a podium to deliver their message to millions of active web users. Unfortunately, in the wrong hands, OSNs can be used to run astroturf campaigns to spread misinformation and propaganda. Such campaigns usually start off by infiltrating a targeted OSN on a large scale. In this research, we evaluate how vulnerable OSNs are to a large-scale infiltration by socialbots: computer programs that control OSN accounts and mimic real users. We adopt a traditional web-based botnet design and built a Socialbot Network (SbN): a group of adaptive socialbots that are orchestrated in a command-and-control fashion. We operated such an SbN on Facebook—a 750 million user OSN—for about 8 weeks. We collected data related to users' behavior in response to a large-scale infiltration where socialbots were used to connect to a large number of Facebook users. Our results show that (1) OSNs, such as Facebook, can be infiltrated with a success rate of up to 80%, (2) depending on users' privacy settings, a successful infiltration can result in privacy breaches where even more users' data are exposed when compared to a purely public access, and (3) in practice, OSN security defenses, such as the Facebook Immune System, are not effective enough in detecting or stopping a large-scale infiltration as it occurs.
↧
Automated Social Engineering Attacks in OSNs
In this presentation, we outline the latest automated social engineering attacks in Online Social Networks (OSNs) such as Facebook. We review the techniques used by the adversaries and discuss the corresponding threat models. We then show a new attack where an adversary infiltrates a targeted OSN on a large scale. After that, we discuss the consequences of this attack and propose a socio-technical countermeasure, which enables the collaboration of security decisions among a circle of trusted friends.
↧
Strategies for Monitoring Fake AV Distribution Networks
We perform a study of Fake AV networks advertised via search engine optimization. We use a high interaction fetcher to repeatedly evaluate the networks by querying landing pages that redirect to Fake AV distribution sites. We identify several distinct Fake AV distribution networks, and we show that each network exhibits distinct updating behaviours. We propose optimizations for crawlers that explore Fake AV networks to leverage the strong fan-in property of these networks and, where possible, the periodic update behaviour of the network elements. We evaluate these optimizations and show that they can be used to drastically reduce the number of visits to the network, which in turn reduces the likelihood of being blacklisted.
↧
↧
Optimizing Re-Evaluation of Malware Distribution Networks
The retrieval and analysis of malicious content is an essential task for security researchers. Security labs use automated HTTP clients known as client honeypots to visit hundreds of thousands of suspicious URLs daily. The dynamic nature of malware distribution networks necessitate periodic re-evaluation of a subset of the confirmed malicious sites, which introduces two problems: 1) the number of URLs requiring re-evaluation exhaust available resources, and 2) repeated evaluation exposes the system to adversarial blacklisting, which affects the accuracy of the content collected. To address these problems, I propose optimizations to the re-evaluation logic that reduce the number of re-evaluations while maintaining a constant sample discovery rate during URLs re-evaluation. I study these problems in two adversarial scenarios: 1) monitoring malware repositories where no provenance is available, and 2) monitoring Fake Anti-Virus (AV) distribution networks. I perform a study of the adversary by repeatedly downloading content from the distribution networks. This re- veals trends in the update patterns and lifetimes of the distribution sites and malicious executa- bles. Using these observations I propose optimizations to reduce the amount of re-evaluations necessary to maintain a high malicious sample discovery rate. In the first scenario the proposed techniques, when evaluated versus a fixed interval scheduler, are shown to reduce the number of re-evaluations by 80-93% (assuming a re-evaluation interval of 1 hour to 1 day) with a corresponding impact on sample discovery rate of only 2-7% percent. In the second scenario, optimizations proposed are shown to reduce fetch volume by orders of magnitude and, more importantly, reduce the likelihood of blacklisting. During direct evaluation of malware repositories I observe multiple instances of blacklisting, but on the whole, less than 1% of the repositories studied show evidence of blacklisting. Fake AV dis- tribution networks actively blacklist IPs; I encountered repeated occurrences of IP blacklisting while monitoring Fake AV distribution networks.
↧
Towards Supporting Users in Assessing the Risk in Privilege Elevation
To better protect users from security incidents, the principle of least privilege (PLP) requires that users and programs be granted the most restrictive set of privileges possible to perform the required tasks. The low-privileged user accounts (LUA) and privilege elevation prompts are two practical implementations of PLP in the main-stream operating systems. However, there is anecdotal evidence suggesting that users do not employ these implementations correctly. Our research goal was to understand users' challenges and behavior in using these mechanisms and improve them so that average users of personal computers can follow the PLP correctly. For this purpose, we conducted a user study and contextual interviews to investigate the understanding, behavior, and challenges users face when working with user accounts and the privilege elevation prompts (called User Account Control (UAC) prompts) in Windows Vista and 7. We found that 69% of participants did not use and respond correctly to UAC prompts. Also, all our 45 participants used an admin user account, and 91% were not aware of the benefits of low-privileged user accounts or the risks of high-privileged ones. Their knowledge and experience were limited to the restricted rights of low-privileged accounts. Based on our findings, we offered recommendations to improve the UAC and LUA approaches. Since our study showed that users can benefit from UAC prompts, we investigated the information content for such prompts so that users can assess the risk of privilege elevation more accurately and consequently respond to the prompts correctly. We considered thirteen different information items for including on these prompts mostly based on the results of our first study. Our user study with 48 participants showed that program name, origin, description, digital certification, changes the program applies and the result of program scan by anti-virus are the most understandable, useful and preferred items for users. To avoid habituation, decrease cognitive load on users and improve users' response to the prompts, we recommend to employ a context-based UAC prompt which presents a subset of information items to users based on the context. A set of guidelines is provided for selecting the appropriate items in different contexts.
↧
Influencing User Password Choice Through Peer Pressure
Passwords are the main means of authenticating users in most systems today. How- ever, they have been identified as a weak link to the overall security of many sys- tems and much research has been done in order to enhance their security and usabil- ity. Although, many schemes have been proposed, users still find it challenging to keep up with password best practices. Our current work is based on recent research indicating that social navigation can be used to guide users to safer, more secure practices regarding computer security and privacy. Our goal is the evaluation of a novel concept for a proactive password checking mechanism that analyzes and presents to users, information about their peer’s password strength. Our proposed proactive password feedback mechanism is an effort to guide users in creating bet- ter passwords by relating their password strength to that of other system users. We hypothesized that this would enable users to have a better understanding of their password’s strength in regards to the system at hand and its users’ expectations in terms of account security. We evaluated our mechanism with two between- subjects laboratory studies, embedding our proactive password checking scheme in the Campus Wide Login (CWL) mechanism for changing an account’s pass- word. In our study, we compared the password entropy of participants assigned to our proposed mechanism to this of participants assigned to the current CWL imple- mentation (no feedback) as well as to the traditional horizontal bar, employed by many web sites, which provides feedback in the form of absolute password strength characterization. Our results revealed significant effect on improving password strength between our motivator and the control condition as well as between the group using the existing motivator and the control group. Although, we found a difference between the no feedback condition and the two feedback conditions, we did not find any difference between feedback conditions (i.e., relative vs. absolute strength assessment). However, our results show that relating password strength to that of one’s peers, while maintaining the standard visual cues, may yield certain advantages over lack of feedback or current practices.
↧
Understanding Users’ Requirements for Data Protection in Smartphones
Securing smartphones’ data is a new and growing concern, especially when this data represents valuable or sensitive information. Even though there are many data protection solutions for smartphones, there are no studies that investigate users’ requirements for such solutions. In this paper, we approach smartphones’ data protection problem in a user-centric way, and analyze the requirements of data protection systems from users’ perspectives. We elicit the data types that users desire to protect, investigate current users’ practices in protecting such data, and show how security requirements vary for different data types. We report the results of an exploratory user study, where we interviewed 22 participants. Overall, we found that users would like to secure their smartphone data, but find it inconvenient to do so in practice using solutions available today.
↧
↧
The Socialbot Network: When Bots Socialize for Fame and Money
Online Social Networks (OSNs) have attracted millions of active users and have become an integral part of today's Web ecosystem. Unfortunately, in the wrong hands, OSNs can be used to harvest private user data, distribute malware, control botnets, perform surveillance, influence algorithmic trading, and spread misinformation. Usually, an adversary starts off by running an infiltration campaign using hijacked or adversary-owned OSN accounts, with an objective to connect to a large number of users in the targeted OSN. In this paper, we evaluate how vulnerable OSNs are to a large-scale infiltration by socialbots: bots that control OSN accounts and mimic actions of real users. We adopted a traditional web-based botnet design and built a prototype of a Socialbot Network (SbN): a group of coordinated programmable socialbots. We operated our prototype on Facebook for eight weeks, and collected data about users' behavior in response to a large-scale infiltration by our socialbots. Our results show that (1) OSNs, such as Facebook, can be infiltrated with a success rate of up to 80%, (2) depending on users' privacy settings, a successful infiltration can result in privacy breaches where even more users' data are exposed, and (3) in practice, OSN security defenses, such as the Facebook Immune System, are not effective enough in detecting or stopping a large-scale infiltration as it occurs.
↧
The Socialbot Network: Are Social Botnets Possible?
In this invited piece at the ACM Interactions Magazine, we briefly describe our research into the use, impact, and implications of socialbots on Facebook.
↧
Systematically breaking and fixing OpenID security: Formal analysis, semi-automated empirical evaluation, and practical countermeasures
OpenID 2.0 is a user-centric Web single sign-on protocol with over one billion OpenID-enabled user accounts, and tens of thousands of supporting websites. While the security of the protocol is clearly critical, so far its security analysis has only been done in a partial and ad-hoc manner. This paper presents the results of a systematic analysis of the protocol using both formal model checking and an empirical evaluation of 132 popular websites that support OpenID. Our formal analysis reveals that the protocol does not guarantee the authenticity and integrity of the authentication request, and it lacks contextual bindings among the protocol messages and the browser. The results of our empirical evaluation suggest that many OpenID-enabled websites are vulnerable to a series of cross-site request forgery attacks (CSRF) that either allow an attacker to stealthily force a victim user to sign into the OpenID supporting website and launch subsequent CSRF attacks (81%), or force a victim to sign in as the attacker in order to spoof the victim's personal information (77%). With additional capabilities (e.g., controlling a wireless access point), the adversary can impersonate the victim on 80% of the evaluated websites, and manipulate the victim's profile attributes by forging the extension parameters on 45% of those sites. Based on the insights from this analysis, we propose and evaluate a simple and scalable mitigation technique for OpenID-enabled websites, and an alternative man-in-the-middle defense mechanism for deployments of OpenID without SSL.
↧
More Pages to Explore .....
