Dynamic Security Skins
July 8, 2005 by PingThis paper proposes a scheme called Dynamic Security Skins to combat phishing.
Rachna calls phishing the “ultimate SOUPS problem” because phishers and security designers battle in the user interface, because attacks are rapidly evolving, and because it’s a real-world problem. Phishers rapidly iterate on HCI designs, exactly as we are taught to do in HCI, to discover the best ways to exploit human limitations.
The technique here is a proposed solution to phishing that involves changes on both the browser and server. There are two parts:
- The user chooses a personal image to be used as the background for login forms.
- The user compares a pattern in the login form to a pattern displayed in the page border to verify that the connection is encrypted.
July 8th, 2005 at 07:01
The talk compared DSS to the SiteKey and Petname schemes. SiteKey requires the user to select a secret image, which is shared with the server. The Petname toolbar requires the user to assign a label to the site, which is stored only locally.
The concern with the SiteKey scheme is that, because the image is transmitted to the server, it is vulnerable to attack. The concern mentioned with both schemes is that the user is required to perform customization. However, I’m doubtful that user customization can be entirely avoided.
I think part 1 of this scheme is a good idea. As long as the personal image is stored only locally and the user selects the personal image, this is a decent way of establishing a trusted path.
My main issue with DSS is part 2. The matching patterns show that the connection is encrypted, but don’t tell you anything about who you are talking to. This leaves you vulnerable to impersonation as with today’s phishing attacks.