fidelius protecting user secrets from compromised browsers
play

Fidelius: Protecting User Secrets from Compromised Browsers Saba - PowerPoint PPT Presentation

Aug 01, 2023 •429 likes •718 views

Fidelius: Protecting User Secrets from Compromised Browsers Saba Eskandarian , Jonathan Cogan, Sawyer Birnbaum, Peh Chang Wei Brandon, Dillon Franke, Forest Fraser, Gaspar Garcia, Eric Gong, Hung T. Nguyen, Taresh K. Sethi, Vishal Subbiah,

  1. Fidelius: Protecting User Secrets from Compromised Browsers Saba Eskandarian , Jonathan Cogan, Sawyer Birnbaum, Peh Chang Wei Brandon, Dillon Franke, Forest Fraser, Gaspar Garcia, Eric Gong, Hung T. Nguyen, Taresh K. Sethi, Vishal Subbiah, Michael Backes, Giancarlo Pellegrino, Dan Boneh 1

  2. In Browsers we Trust 2

  3. In Browsers we Trust Can we stop malware from reading the secrets we type in the browser window? 3

  4. Hardware Enclaves A trusted component in an untrusted system ● Protected memory isolates enclave from compromised OS ● Proves authenticity via attestation ● Enclaves in our implementation use Intel SGX Untrusted System Secure Enclave Channel Attestation/ -Data Adversary who controls OS Communication -Secrets still can’t see inside enclave 4

  5. Challenges 1. Enclave only interacts with outside world through OS User Computer Enclave -Data -Secrets Secrets Intercepted 5

  6. Challenges 2. Browsers have a LOT of code and many bugs/vulnerabilities. User Computer Enclave -Data -Secrets -Browser? 6

  7. Challenges 2. Browsers have a LOT of code and many bugs/vulnerabilities. Vulnerable code in enclave → super-malware! User Computer Enclave -Data -Secrets -Browser? 7

  8. The Fidelius System Goal: protect user keyboard inputs to browser from fully compromised OS User Computer Enclave -Data -Secrets -Fidelius 8

  9. The Fidelius System Keeps browser outside of hardware enclave User Computer Enclave -Data -Secrets -Fidelius 9 Related earlier approach: Microsoft Palladium...

  10. The Fidelius System Support for HTML forms, simple JavaScript, local storage, and XmlHttpRequests User Computer Enclave -Data -Secrets -Fidelius 10

  11. The Fidelius System Minimal changes for developers Untrusted System Enclave -Data -Secrets -Fidelius 11

  12. The Fidelius System Trusted path from enclave to secure I/O devices Minimal changes for developers User Computer Enclave -Data -Secrets -Fidelius 12

  13. Trusted Path to/from Enclave Keyboard/display dongles built from Raspberry PIs Dongles switch between trusted/untrusted modes Display Dongle Keyboard Dongle

  14. Trusted Path to/from Enclave Keyboard/display dongles built from Raspberry PIs Dongle Dongles switch between trusted/untrusted modes User Computer Keyboard: encrypt keystrokes at constant rate Enclave -Data -Secrets -Fidelius Display Dongle Keyboard Dongle

  15. Trusted Path to/from Enclave Keyboard/display dongles built from Raspberry PIs Dongle Dongles switch between trusted/untrusted modes User Computer Keyboard: encrypt keystrokes at constant rate Enclave -Data Display: decrypt overlays sent by enclave -Secrets -Fidelius Display Dongle Keyboard Dongle

  16. Fidelius for Users Security indicator lights for keyboard and display Schechter and Dhamija, The Emperor’s New Security Indicators. S&P 2007. Whalen and Inkpen, Gathering Evidence: Use of Visual Security Cues in Web Browsers. GI 2005.

  17. Fidelius for Users Security indicator lights for keyboard and display Green overlay verifies who gets data and what data you are giving Schechter and Dhamija, The Emperor’s New Security Indicators. S&P 2007. Whalen and Inkpen, Gathering Evidence: Use of Visual Security Cues in Web Browsers. GI 2005.

  18. Fidelius for Users Security indicator lights for keyboard and display Green overlay verifies who gets data and what data you are giving Security relies on users watching indicators (in our prototype) Schechter and Dhamija, The Emperor’s New Security Indicators. S&P 2007. Whalen and Inkpen, Gathering Evidence: Use of Visual Security Cues in Web Browsers. GI 2005.

  19. Example User view (photograph) Malware view (screen capture) See video demo at https://crypto.stanford.edu/fidelius 19

  20. What Fidelius Does ● Secure user I/O against tampering, eavesdropping, replay, etc. ● Give trusted Javascript local access to sensitive data ● Only allow data to be sent to designated destination 20

  21. What Fidelius Does Not Do ● Secure hardware enclave against side-channel attacks [XCP’15,GESM’17,BMD+’17,WKPK’17,LSG+’17,CCX+’18,BMW+’18] 21

  22. What Fidelius Does Not Do ● Secure hardware enclave against side-channel attacks [XCP’15,GESM’17,BMD+’17,WKPK’17,LSG+’17,CCX+’18,BMW+’18] ● Protect against dumb web sites 22

  23. Performance TCB: ~8,500 lines of C++ 23

  24. Performance TCB: ~8,500 lines of C++ Display Latency Scaling Doubling trusted display size only slightly increases display latency 24

  25. Performance TCB: ~8,500 lines of C++ Display Latency Scaling Doubling trusted display size only slightly increases display latency Display Bottlenecks Expensive Render/Refresh due to implementation hacks, easily improvable 25

  26. Performance TCB: ~8,500 lines of C++ Display Latency Scaling Doubling trusted display size only slightly increases display latency Display Bottlenecks Expensive Render/Refresh due to implementation hacks, easily improvable 26

  27. Performance Display Latency (Unoptimized) refresh rate 2.8x faster than latest Kindle Speed due to only sending small overlay rather than encrypting full display Graph shows latency for Fidelius rendering a username/password login form 27

  28. Summary Fidelius uses enclave to protect user secrets even if entire OS compromised Support for forms, JS, persistent local storage, and XmlHttpRequests Trusted path to enclave for user I/O (other projects welcome to use) https://crypto.stanford.edu/fidelius https://github.com/SabaEskandarian/Fidelius 28

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Your Secrets Are Safe : How Browsers Explanations Impact Misconceptions About Private Browsing

Your Secrets Are Safe : How Browsers Explanations Impact Misconceptions About Private Browsing

Your Secrets Are Safe : How Browsers Explanations Impact Misconceptions About Private Browsing Mode Yuxi Wu, Panya Gupta, Miranda Wei, Yasemin Acar, Sascha Fahl, Blase Ur https://FancyWines.com 2 Yuxi Wu, Miranda Wei | Your Secrets Are

851 views • 51 slides
Enforceable Nondisclosure Agreements: Protecting Trade Secrets and Other Confidential Business

Enforceable Nondisclosure Agreements: Protecting Trade Secrets and Other Confidential Business

Presenting a live 90-minute webinar with interactive Q&A Enforceable Nondisclosure Agreements: Protecting Trade Secrets and Other Confidential Business Information TUESDAY, AUGUST 9, 2016 1pm Eastern | 12pm Central | 11am Mountain

928 views • 56 slides
Structuring Enforceable Nondisclosure Agreements: Protecting Trade Secrets and Other Confidential

Structuring Enforceable Nondisclosure Agreements: Protecting Trade Secrets and Other Confidential

Presenting a live 90-minute webinar with interactive Q&A Structuring Enforceable Nondisclosure Agreements: Protecting Trade Secrets and Other Confidential Business Information TUES DAY, MARCH 18, 2014 1pm East ern | 12pm Cent ral |

1.11k views • 52 slides
Trade Secrets, Confidential Information and NDAs in China Protecting Confidential Information,

Trade Secrets, Confidential Information and NDAs in China Protecting Confidential Information,

Presenting a live 90-minute webinar with interactive Q&A Trade Secrets, Confidential Information and NDAs in China Protecting Confidential Information, Preventing Infringement, and Enforcing Trade Secret Rights TUES DAY, APRIL 10, 2012 1pm

965 views • 58 slides
RUN groupadd -r user && useradd -r -g user user USER user $ docker run --read-only debian

RUN groupadd -r user && useradd -r -g user user USER user $ docker run --read-only debian

RUN groupadd -r user && useradd -r -g user user USER user $ docker run --read-only debian touch x touch: cannot touch 'x': Read-only file system $ docker run -v $(pwd)/secrets:/secrets:ro \ debian touch /secrets/x touch: cannot touch

780 views • 76 slides
Protecting Trade Secrets, Confidential Information and NDAs in China Maintaining Confidential

Protecting Trade Secrets, Confidential Information and NDAs in China Maintaining Confidential

Presenting a live 90-minute webinar with interactive Q&A Protecting Trade Secrets, Confidential Information and NDAs in China Maintaining Confidential Information, Preventing Infringement, and Enforcing Trade Secret Rights TUESDAY, JULY 22,

485 views • 35 slides
Protecting Your Trade Secrets Under the DTSA Reginald R. Goeke Trent L. Menning Partner

Protecting Your Trade Secrets Under the DTSA Reginald R. Goeke Trent L. Menning Partner

Protecting Your Trade Secrets Under the DTSA Reginald R. Goeke Trent L. Menning Partner Associate rgoeke@mayerbrown.com tmenning@mayerbrown.com Sharon A. Israel Lori Zahalka Partner Partner September 14, 2016 sisrael@mayerbrown.com

572 views • 26 slides
1 and exempt status of "work papers," extending such status only "until the

1 and exempt status of "work papers," extending such status only "until the

1 and exempt status of "work papers," extending such status only "until the examination report is filed, or until PROTECTING TRADE SECRETS: PROTECTING TRADE SECRETS: Problems at the Intersection of Florida's Public Records Laws and

381 views • 5 slides
Harmonize Your Trade Directive that governs and harmonizes trade secret protections throughout

Harmonize Your Trade Directive that governs and harmonizes trade secret protections throughout

CHEAT SHEET The DTSA. Recognizing the importance of protecting trade secrets, Congress recently passed the Defend Trade Secrets Act (DTSA), creating a federal, private civil cause of action for trade secret misappropriation. EU

230 views • 8 slides
Whispered Secrets Eleanor McHugh Whispered Secrets @feyeleanor http://leanpub.com/GoNotebook

Whispered Secrets Eleanor McHugh Whispered Secrets @feyeleanor http://leanpub.com/GoNotebook

Whispered Secrets Eleanor McHugh Whispered Secrets @feyeleanor http://leanpub.com/GoNotebook we all have secrets and these secrets matter to us thats what makes them secrets software should keep our secrets some secrets are awful

1k views • 75 slides
Print Books with Browsers Designing books in browsers using Paged.js Julie Blanc (@julieblancfr)

Print Books with Browsers Designing books in browsers using Paged.js Julie Blanc (@julieblancfr)

Print Books with Browsers Designing books in browsers using Paged.js Julie Blanc (@julieblancfr) Digital Publishing Summit May 26, 2019 Automated typesetting and pagination for print Make PDF outputs of HTML contents from browsers Flux

823 views • 67 slides
Protecting Trade Secrets When Key Employees Move to Competitors Recovering Confidential Business

Protecting Trade Secrets When Key Employees Move to Competitors Recovering Confidential Business

Protecting Trade Secrets When Key Employees Move to Competitors Recovering Confidential Business Information and Recovering Confidential Business Information and presents presents Defending Against Misappropriation A Live 90-Minute

495 views • 31 slides
Presentation Secrets Presentation Secrets Filesize: 9.28 MB Reviews Reviews Just no phrases to

Presentation Secrets Presentation Secrets Filesize: 9.28 MB Reviews Reviews Just no phrases to

NAHPXXJI6KNA Book ^ Presentation Secrets Presentation Secrets Presentation Secrets Filesize: 9.28 MB Reviews Reviews Just no phrases to describe. It typically does not price an excessive amount of. It is extremely difficult to leave it before

260 views • 3 slides
Identity Fraud Valuing Compromised Data Identity Fraud Valuing Compromised Data 2008 Chicago

Identity Fraud Valuing Compromised Data Identity Fraud Valuing Compromised Data 2008 Chicago

Identity Fraud Valuing Compromised Data Identity Fraud Valuing Compromised Data 2008 Chicago Federal Reserve Payments Conference Jeff Schmidt, MBA, CISSP jschmidt@jschmidt.org j @j g (Most) Security problems are actually The

500 views • 11 slides
Beauty and the Beast: Diverting modern web browsers to build unique browser fingerprints Pierre

Beauty and the Beast: Diverting modern web browsers to build unique browser fingerprints Pierre

Beauty and the Beast: Diverting modern web browsers to build unique browser fingerprints Pierre Laperdrix, Walter Rudametkin, Benoit Baudry 2/19 Example of a fingerprint Attribute Value User agent Mozilla/5.0 (X11; Linux i686; rv:25.0)

215 views • 19 slides
Presentation Secrets Presentation Secrets Filesize: 8.11 MB Reviews Reviews It is really an

Presentation Secrets Presentation Secrets Filesize: 8.11 MB Reviews Reviews It is really an

XUECRQXNRXVS Book Presentation Secrets Presentation Secrets Presentation Secrets Filesize: 8.11 MB Reviews Reviews It is really an remarkable book which i have ever go through. It can be writter in simple terms and not difficult to

343 views • 3 slides
Inca At its peak, the Incan empire stretched more than 2,500 miles, almost the entire The Inca

Inca At its peak, the Incan empire stretched more than 2,500 miles, almost the entire The Inca

February 14, 2012 Inca At its peak, the Incan empire stretched more than 2,500 miles, almost the entire The Inca controlled a vast empire covering parts of modern length of the Andes day Peru, Ecudor, Bolivia, Chile, and Argentina.

514 views • 4 slides
Usable Security Fall 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan

Usable Security Fall 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan

CSE 484 / CSE M 584: Computer Security and Privacy Usable Security Fall 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, Ada Lerner, John Manferdelli, John Mitchell,

715 views • 34 slides
The Computational Paradigm 2. Why did computing need to be an academic discipline? of

The Computational Paradigm 2. Why did computing need to be an academic discipline? of

This Talk 1. Computer science: Definition The Computational Paradigm 2. Why did computing need to be an academic discipline? of Science 3. What characterizes computing as a discipline? ECSS 2015 4. Is everything computing? Matti Tedre

637 views • 24 slides
Diabetes Treatment and Heart Failure From Preventing Harm to Increasing Survival Jonathan D

Diabetes Treatment and Heart Failure From Preventing Harm to Increasing Survival Jonathan D

Diabetes Treatment and Heart Failure From Preventing Harm to Increasing Survival Jonathan D Davis, MD, MPHS Director, Heart Failure Program Assistant Clinical Professor | Division of Cardiology Zuckerberg San Francisco General Hospital

599 views • 36 slides
17/03/2020 1 2 Vienna 1683 3 4 Sobieski and the Emperor 5 6 1 17/03/2020 7 8 9 10 11

17/03/2020 1 2 Vienna 1683 3 4 Sobieski and the Emperor 5 6 1 17/03/2020 7 8 9 10 11

17/03/2020 1 2 Vienna 1683 3 4 Sobieski and the Emperor 5 6 1 17/03/2020 7 8 9 10 11 12 2 17/03/2020 13 14 15 16 17 18 3 17/03/2020 Fleurus 1690 19 20 21 22 Neerwinden 1693 Steenkirchen 1692 23 24 4 17/03/2020

605 views • 5 slides
The implementation of AArch64 NEON Instruction Set Ana Pazos Senior Staff Engineer, QuIC

The implementation of AArch64 NEON Instruction Set Ana Pazos Senior Staff Engineer, QuIC

The implementation of AArch64 NEON Instruction Set Ana Pazos Senior Staff Engineer, QuIC (Qualcomm Innovation Center) Jiangning Liu Principal software engineer, ARM 1 Implementation Goals Support all instructions in

322 views • 7 slides
David Teplow, Integra Technology Consul9ng 11/20/12 11/20/12 -

David Teplow, Integra Technology Consul9ng 11/20/12 11/20/12 -

David Teplow, Integra Technology Consul9ng 11/20/12 11/20/12 - The Database Emperor Has No Clothes 11/20/12 - The Database Emperor Has No Clothes

496 views • 20 slides
The Byzantine Generals Problem Leslie Lamport , Robert Shostak , Marshall Pease ACM Transactions

The Byzantine Generals Problem Leslie Lamport , Robert Shostak , Marshall Pease ACM Transactions

The Byzantine Generals Problem Leslie Lamport , Robert Shostak , Marshall Pease ACM Transactions on Programming Languages and Systems (TOPLAS), v.4 n.3, p.382-401, July 1982 Citation Count: 734 The aim : to make a reliable computer system

895 views • 46 slides

More recommend