Post on 15-Dec-2015
1
A Security Analysis of Two Commercial Browser and Cloud
Based Password Managers
Rui Zhao1, Chuan Yue1, Kun Sun2
University of Colorado Colorado Springs1
George Mason University2
2013 ASE/IEEE International Conference on Privacy, Security, Risk and Trust
PASSAT’13Washington D.C.
2
Background• Different types of password managers:
o Browser’s built-in featureo Browser’s extensiono Stand-alone program
• Our focus: Browser-extension based password managers!
3
Background• LastPass on Firefox & Chrome• RoboForm on Firefox & Chrome
• Storageo LastPass stores both locally and remotelyo RoboForm stores on either locally or remotely
• Online mode• Offline mode
• Browser and Cloud based Password Managers (BCPMs)
4
Our Goal• Do they well protect users’ passwords?
o How do they protect passwords?
o Do they have security vulnerabilities?
o How severe are those vulnerabilities?
5
Threat Model
• The types of credentials
• The types of attackers
• The types of attacks under consideration
6
Security Analysis Methodology
• Win 7 platform
• Open-source in JavaScript: Eclipse IDE
• De-obfuscation: JS Beautify
• Other toolso Debug tools on Firefox and Chromeo Network traffic capture tool: HTTP Analyzer
7
Security Analysis Methodology
• Theoretically estimate the computational effort for performing different attacks
o <Cryptography and Network Security: Principles and Practice> by William Stallings.• One microsecond (μs) to perform a basic cryptographic operation• One microsecond (μs) to perform a million basic cryptographic
operations
o DES, AES, SHA-1, SHA-2: a basic cryptographic operation
8
LastPass Security Design and Vulnerability Analysis
• LastPass-Vul-1: Outsider Attackers’ Local Decryption Attacks ← insecure design of the master password remembering mechanism in LastPass
LastPass-Vul-1
9
LastPass Security Design and Vulnerability Analysis
• LastPass-Vul-2: Outsider Attackers’ Brute Force Attacks ← insecure design of the local user authentication mechanism and the insecure application of the PBKDF2 function in LastPass
LastPass-Vul-2
10
LastPass Security Design and Vulnerability Analysis
• LastPass-Vul-3: Insider Attackers’ Brute Force Attacks ← insecure association of the master password with authenticators in LastPass
LastPass-Vul-3
11
LastPass Security Design and Vulnerability Analysis• The master password brute force attack
effort for LastPass-Vul-2 and LastPass-Vul-3
LastPass-Vul-2 LastPass-Vul-3
12
RoboForm Security Design and Vulnerability Analysis
• RoboForm-Vul-1: Outsider Attackers’ Local Decoding Attacks ← zero protection to local storage when a master password is not used in RoboForm
RoboForm-Vul-1
Website Credentials
*.rfpEncoding
13
RoboForm Security Design and Vulnerability Analysis
• RoboForm-Vul-2: Outsider Attackers’ Brute Force Attacks ← weak protection to local storage when a master password is used in RoboForm
RoboForm-Vul-2-rfo
RoboForm-Vul-2-rfp
14
RoboForm Security Design and Vulnerability Analysis
• RoboForm-Vul-3: Insider Attackers’ Server-side Request Monitoring Attacks ← zero protection to the data received by the insiders of RoboForm
RoboForm-Vul-3
RoboForm-Vul-3
RoboForm-Vul-3
15
RoboForm Security Design and Vulnerability Analysis• The master password brute force attack
effort
RoboForm-Vul-2-rfp RoboForm-Vul-2-rfo
16
Likelihood, impact, and overall risk ratings
• OWASP (Open Web Application Security Project)o Risk rating methodology
o Likelihood: how likely this particular vulnerability is to be uncovered and exploited by an attacker. HIGH, MEDIUM, LOW.
o Impact: the impact of a successful attack: technical impact, business impact. HIGH, MEDIUM, LOW
o Overall Risk Severity: from Likelihood and Impact
17
Suggestions• 1. User data should be protected with
confidentiality and authenticity mechanisms before being sent to cloud storage servers o RoboForm-Vul-3
• 2. Outsider attackers’ client-side stealing capability should be seriously consideredo LastPass-Vul-1o RoboForm-Vul-1
18
Suggestions• 3. A master password mechanism must be
provided in a BCPM, and users should be mandated to use a strong master password with the strength assured by a pure client-side proactive password checkero RoboForm-Vul-1o LastPass-Vul-3o LastPass-Vul-2o RoboForm-Vul-2
19
Suggestions• 4. Large iteration count values should be used in
the password based key derivation functionso LastPass-Vul-3o LastPass-Vul-2o RoboForm-Vul-2
• 5. A user’s master password should be used to authenticate a user, but it should not be insecurely associated with any authenticator that will be sent to the cloud storage servers or saved locally to the user’s computero LastPass-Vul-2o RoboForm-Vul-2
20
Suggestions• 6. Data authenticity should be assured and
authenticity verification should not weaken confidentialityo RoboForm-Vul-2
21
Conclusion• Define a threat model for analyzing the security of
BCPMs• Investigate the design and implementation of two
very popular commercial BCPMs: LastPass, RoboForm• Identify several vulnerabilities of these two BCPMs
that could be exploited by outsider and insider attackers to obtain users’ saved website passwords
• Detailed figures, risk analysis and suggestions are in “Vulnerability and Risk Analysis of Two Commercial Browser and Cloud Based Password Managers” (invited paper), ASE Science Journal, 1(4): pages 1--15, 2013.
22