Published: 08 Oct 2009
Despite much recent progress in the area of user-centric design of secure systems, user error continues to cause a large number of security vulnerabilities in current systems. Both user education and technology can help to improve this situation.
At CyLab at Carnegie Mellon University, our goal is to improve security in all aspects of society. First, we developed educational programs to train students in security. Second, CyLab researchers also engage in several efforts to design systems that continue to remain secure despite human errors, as well as develop technologies that provide improved situational awareness to the user.
Using the Secure Socket Layer (SSL) / Transport Layer Security (TLS) protocols for secure https Web connections as a case study, we will first describe how education has helped improve Web security, followed by a description of the Perspectives project, which provides additional information for users to make better security decisions. To provide some background for our discussion, we briefly revisit some SSL/TLS security-relevant fundamentals.
SSL/TLS is a protocol to provide communication secrecy and authenticity, and is invoked whenever we access an https-based Web page. Although SSL/TLS is a well-designed protocol, it still needs to face the complexities and realities of our computing environment, which result in numerous opportunities for user error and the following vulnerabilities.
Probably the most fundamental threat to SSL/TLS security is a so-called man-in-the-middle (MitM) attack, where an adversary interposes in a connection between a client and a server to eavesdrop on communication or inject malicious data. Such MitM attacks can be mounted by any entity handling network packets, and is usually mounted in wireless networks in public environments, e.g., in coffee shops, airports, conferences, etc. The SSL/TLS protocol is designed to protect against man-in-the-middle attacks.
Unfortunately, many real-world issues still enable adversaries to mount attacks. For example, cryptographic vulnerabilities can enable attackers to mount MitM attacks, for example by exploiting the collision resistance of the MD5 hash function--researchers recently demonstrated a successful attack where they were able to obtain a bogus certificate that enabled creation of arbitrary additional certificates trusted by current browsers. Browser or OS vulnerabilities enable adversaries to inject bogus certificates into the trusted set of browser root certificates. Users can be tricked into visiting a bogus URL or to install bogus root certificates. CAs can be tricked into issuing certificates to the wrong entities. These are just a few examples that would enable an adversary to mount a successful man-in-the-middle attack. Given that we cannot redesign the current legacy computing environment in the near term, we need rely on education and technology to enhance the current state of SSL/TLS security.
Together with student education, technology that provides the user with additional information for improved security decision making can also enhance security. To improve security for https sites with self-signed certificates, as well as detect numerous attacks on https sites using bogus certificates, Dan Wendlandt, Dave Andersen and I designed and built Perspectives [http://www.cs.cmu.edu/~perspectives/] , a Firefox plug-in that connects to notary servers to assist in validating https credentials. Perspectives informs the user for how long an https credential has been observed for a given server [http://sparrow.ece.cmu.edu/group/pub/wendlandt-andersen-perrig-usenixatc08.pdf]. This simple user feedback enables users to make better security decisions, in fact, I gained more confidence in my personal Web browsing by knowing that the https credentials of the servers I visit had been in use for a while--which assures me of the absence of a variety of attacks.
In summary, by leveraging education and technology for improved user information, we can increase the security of our current systems in the short term. To achieve a stronger level of security in the long term, however, redesigning more robust systems seems to be necessary.
|SECURITY 7 AWARDS|
INFORMATION SECURITY MAGAZINE'S 5TH ANNUAL SECURITY 7 AWARDS
Make Critical Infrastructure a Priority: Critical infrastructure protection must be addressed today to protect our country tomorrow.
Government Must Keep Pace with Cybersecurity Threats: Securing the Internet means to much to the future of the U.S. economy and national security.
Report Security and Risk Metrics in a Business-Friendly Way: Security metrics must, not only provide a view of security posture, but must support security budgeting and investment processes.
Build a Security Control Framework for Predictable Compliance: Healthcare provider Humana Inc., has developed a security controls framework that addresses all of the industry and federal regulations it must comply with.
Improve SSL/TLS Security Through Education and Technology: Carnegie Mellon University's CyLab designs security to improve all aspects of society.
Communicate Effectively with Management About Risk: Learn how to communicate with senior management about risk; it's your job.
Prioritize Information Security over Compliance: Organizations need to prioritize security over compliance to ensure comprehensive risk mitigation.