Enhancing End User Security - Attacks & Solutions

by Adil M. Alsaid

Abstract:

End user computing environments, e.g. web browsers and PC operating
systems, are the target of a large number of attacks, both online
and offline. The nature of these attacks varies from simple online
attacks, such as user tracking using cookies, to more sophisticated
attacks on security protocols and cryptographic algorithms. Other
methods of attack exist that target end user applications that
utilise and interact with cryptographic functions provided by the PC
operating system.

After providing a general introduction to the security techniques
and protocols used in this thesis, a review of possible threats to
end user computing environments is given, followed by a discussion
of the countermeasures needed to combat these threats. The
contributions of this thesis include three new approaches for
enhancing the security of end user systems, together with an
analysis and a prototype implementation of an end user security
enhancement tool. The following paragraphs summarise the three main
contributions of this thesis.

Digitally signing a digital document is a straightforward procedure;
however, when the digital document contains dynamic content, the
digital signature may remain valid but the viewed document may not
be the same as the document when viewed by the signer. A new
solution is proposed to solve the problem; the main idea behind the
solution is to make the application aware of the sensitive
cryptographic function being requested.

In order to verify a digital signature computed on a document or any
other object (e.g. an executable), access to the public key
corresponding to the private key used to sign the document is
required. Normally, the public part of the key is made available in
a digital 'certificate', which is made up of the public key of the
signer, the name of the signer, and other data, all signed using the
private signing key of a trusted third party known as a
Certification Authority (CA). To verify such a certificate, and
thereby obtain a trusted copy of the document signer's public key, a
trusted copy of the CA's public key is required. If a malicious
party can insert a fake CA public key into the list of CA public
keys stored in a PC, then this party could potentially do
considerable harm to that PC, since this malicious party could then
forge signatures apparently created by other entities. A method of
achieving such an attack without attracting the user's attention is
presented in this thesis. Countermeasures that can be deployed to
prevent the insertion of a fake root public key are discussed. A
suggested solution that can be used to detect and remove such fake
keys is presented, and a prototype implementation of this solution
is described.

SSL/TLS supports mutual authentication, i.e. both server and client
authentication, using public key certificates. However, this
optional feature of SSL/TLS is not widely used because most end
users do not have a certified public key. Certain attacks rely on
this fact, such as web spoofing and phishing attacks. A method for
supporting client-side SSL authentication using trusted computing
platforms is proposed. The proposed approach makes a class of
phishing attacks ineffective; moreover, the proposed method can also
be used to protect against other online attacks.