The Emperor’s New Password Manager - USENIX · Zhiwei Li, Warren He, Devdatta Akhawe, Dawn Song...
Transcript of The Emperor’s New Password Manager - USENIX · Zhiwei Li, Warren He, Devdatta Akhawe, Dawn Song...
![Page 1: The Emperor’s New Password Manager - USENIX · Zhiwei Li, Warren He, Devdatta Akhawe, Dawn Song University of California, Berkeley The Emperor’s New Password Manager. 20 Years](https://reader034.fdocuments.us/reader034/viewer/2022042305/5ed09c5a63bbdc2ace6f1068/html5/thumbnails/1.jpg)
Security Analysis of Web-based Password Managers
Zhiwei Li, Warren He, Devdatta Akhawe, Dawn Song
University of California, Berkeley
The Emperor’s New Password Manager
![Page 2: The Emperor’s New Password Manager - USENIX · Zhiwei Li, Warren He, Devdatta Akhawe, Dawn Song University of California, Berkeley The Emperor’s New Password Manager. 20 Years](https://reader034.fdocuments.us/reader034/viewer/2022042305/5ed09c5a63bbdc2ace6f1068/html5/thumbnails/2.jpg)
20 Years later ...
![Page 3: The Emperor’s New Password Manager - USENIX · Zhiwei Li, Warren He, Devdatta Akhawe, Dawn Song University of California, Berkeley The Emperor’s New Password Manager. 20 Years](https://reader034.fdocuments.us/reader034/viewer/2022042305/5ed09c5a63bbdc2ace6f1068/html5/thumbnails/3.jpg)
![Page 4: The Emperor’s New Password Manager - USENIX · Zhiwei Li, Warren He, Devdatta Akhawe, Dawn Song University of California, Berkeley The Emperor’s New Password Manager. 20 Years](https://reader034.fdocuments.us/reader034/viewer/2022042305/5ed09c5a63bbdc2ace6f1068/html5/thumbnails/4.jpg)
![Page 5: The Emperor’s New Password Manager - USENIX · Zhiwei Li, Warren He, Devdatta Akhawe, Dawn Song University of California, Berkeley The Emperor’s New Password Manager. 20 Years](https://reader034.fdocuments.us/reader034/viewer/2022042305/5ed09c5a63bbdc2ace6f1068/html5/thumbnails/5.jpg)
Benefits of Password Managers • Memorywise-Effortless • Scalable-for-Users
• Physically-Effortless
• Resilient-to-Physical-Observation
• Resilient-to-Throttled-Guessing
• Resilient-to-Unthrottled-Guessing
• Resilient-to-Leaks-from-Other-Verifiers
• Resilient-to-Phishing
• …
![Page 6: The Emperor’s New Password Manager - USENIX · Zhiwei Li, Warren He, Devdatta Akhawe, Dawn Song University of California, Berkeley The Emperor’s New Password Manager. 20 Years](https://reader034.fdocuments.us/reader034/viewer/2022042305/5ed09c5a63bbdc2ace6f1068/html5/thumbnails/6.jpg)
Keep All of Your Logins Secure With XXXX
XXXX Offers NSA-Level Protection for Your Passwords
XXXX: Unbreakable Passwords That You Don’t Have to Remember
XXXX Wins Best Mobile App at CES 2014
XXXX Never Forget a Password Again
XXXX Surpasses Gmail for Top Productivity App
XXXX is a must-use freeware tool that supports multiple operating systems and browsers
Apps to Protect Your Array of Passwords
![Page 7: The Emperor’s New Password Manager - USENIX · Zhiwei Li, Warren He, Devdatta Akhawe, Dawn Song University of California, Berkeley The Emperor’s New Password Manager. 20 Years](https://reader034.fdocuments.us/reader034/viewer/2022042305/5ed09c5a63bbdc2ace6f1068/html5/thumbnails/7.jpg)
![Page 8: The Emperor’s New Password Manager - USENIX · Zhiwei Li, Warren He, Devdatta Akhawe, Dawn Song University of California, Berkeley The Emperor’s New Password Manager. 20 Years](https://reader034.fdocuments.us/reader034/viewer/2022042305/5ed09c5a63bbdc2ace6f1068/html5/thumbnails/8.jpg)
Are they truly secure?
![Page 9: The Emperor’s New Password Manager - USENIX · Zhiwei Li, Warren He, Devdatta Akhawe, Dawn Song University of California, Berkeley The Emperor’s New Password Manager. 20 Years](https://reader034.fdocuments.us/reader034/viewer/2022042305/5ed09c5a63bbdc2ace6f1068/html5/thumbnails/9.jpg)
How it works
Alice Alice Bob(Collaborator)
dropbox.com
![Page 10: The Emperor’s New Password Manager - USENIX · Zhiwei Li, Warren He, Devdatta Akhawe, Dawn Song University of California, Berkeley The Emperor’s New Password Manager. 20 Years](https://reader034.fdocuments.us/reader034/viewer/2022042305/5ed09c5a63bbdc2ace6f1068/html5/thumbnails/10.jpg)
Security Goals • Master Account Security • impossible for an attacker to authenticate as the
user to the password manager
• Credential Database Security • ensure the CIA of the credential
database
• Unlinkability • Use of password manager should not
allow colluding web applications to track a single user across websites
![Page 11: The Emperor’s New Password Manager - USENIX · Zhiwei Li, Warren He, Devdatta Akhawe, Dawn Song University of California, Berkeley The Emperor’s New Password Manager. 20 Years](https://reader034.fdocuments.us/reader034/viewer/2022042305/5ed09c5a63bbdc2ace6f1068/html5/thumbnails/11.jpg)
Threat model
• Web attacker
• Control web servers
• DNS domains
• get a victim to visit controlled domains
![Page 12: The Emperor’s New Password Manager - USENIX · Zhiwei Li, Warren He, Devdatta Akhawe, Dawn Song University of California, Berkeley The Emperor’s New Password Manager. 20 Years](https://reader034.fdocuments.us/reader034/viewer/2022042305/5ed09c5a63bbdc2ace6f1068/html5/thumbnails/12.jpg)
bookmarklet vulnerabilities
classic web vulnerabilities
authorization vulnerabilities
user interface vulnerabilities
NO product was safe against all four
3/3
3/5
2/3
2/5
Four classes of vulnerabilities
![Page 13: The Emperor’s New Password Manager - USENIX · Zhiwei Li, Warren He, Devdatta Akhawe, Dawn Song University of California, Berkeley The Emperor’s New Password Manager. 20 Years](https://reader034.fdocuments.us/reader034/viewer/2022042305/5ed09c5a63bbdc2ace6f1068/html5/thumbnails/13.jpg)
authorization vulnerabilities
classic web vulnerabilities
user interface vulnerabilities
bookmarklet vulnerabilities
![Page 14: The Emperor’s New Password Manager - USENIX · Zhiwei Li, Warren He, Devdatta Akhawe, Dawn Song University of California, Berkeley The Emperor’s New Password Manager. 20 Years](https://reader034.fdocuments.us/reader034/viewer/2022042305/5ed09c5a63bbdc2ace6f1068/html5/thumbnails/14.jpg)
Bookmarklet • A bookmarklet is a snippet of JavaScript code • installs as a bookmark • when clicked, runs in the context of the current page • interact with a login form
![Page 15: The Emperor’s New Password Manager - USENIX · Zhiwei Li, Warren He, Devdatta Akhawe, Dawn Song University of California, Berkeley The Emperor’s New Password Manager. 20 Years](https://reader034.fdocuments.us/reader034/viewer/2022042305/5ed09c5a63bbdc2ace6f1068/html5/thumbnails/15.jpg)
“dropbox.com”
The iframe loads Alice’s encrypted master key and encrypted credential for dropbox.com (specified by
a URL parameter).
This is done using a <script> tag in the iframe.
Bookmarklet loads a LastPass page in an iframe
Bookmarklet code is a stub that loads the main code from lastpass.com
Alice clicks bookmarklet, which includes _LASTPASS_RAND and h
PostMessage communicates the decryption key to the iframe, which decrypts the credential and sends it
back through PostMessage.
![Page 16: The Emperor’s New Password Manager - USENIX · Zhiwei Li, Warren He, Devdatta Akhawe, Dawn Song University of California, Berkeley The Emperor’s New Password Manager. 20 Years](https://reader034.fdocuments.us/reader034/viewer/2022042305/5ed09c5a63bbdc2ace6f1068/html5/thumbnails/16.jpg)
LastPass Bookmarklet Attack
![Page 17: The Emperor’s New Password Manager - USENIX · Zhiwei Li, Warren He, Devdatta Akhawe, Dawn Song University of California, Berkeley The Emperor’s New Password Manager. 20 Years](https://reader034.fdocuments.us/reader034/viewer/2022042305/5ed09c5a63bbdc2ace6f1068/html5/thumbnails/17.jpg)
Leaking sensitive data into untrusted pages
• All password managers that support bookmarklet leak their credentials • LastPass • RoboForm • My1login
![Page 18: The Emperor’s New Password Manager - USENIX · Zhiwei Li, Warren He, Devdatta Akhawe, Dawn Song University of California, Berkeley The Emperor’s New Password Manager. 20 Years](https://reader034.fdocuments.us/reader034/viewer/2022042305/5ed09c5a63bbdc2ace6f1068/html5/thumbnails/18.jpg)
authorization vulnerabilities
classic web vulnerabilities
user interface vulnerabilities
bookmarklet vulnerabilities
![Page 19: The Emperor’s New Password Manager - USENIX · Zhiwei Li, Warren He, Devdatta Akhawe, Dawn Song University of California, Berkeley The Emperor’s New Password Manager. 20 Years](https://reader034.fdocuments.us/reader034/viewer/2022042305/5ed09c5a63bbdc2ace6f1068/html5/thumbnails/19.jpg)
Web Vulnerabilities
• Subtleties of the web platform • Focus on CSRF and XSS
• CSRF vulnerabilities • LastPass, RoboForm, and NeedMyPassword
• XSS vulnerability • NeedMyPassword
![Page 20: The Emperor’s New Password Manager - USENIX · Zhiwei Li, Warren He, Devdatta Akhawe, Dawn Song University of California, Berkeley The Emperor’s New Password Manager. 20 Years](https://reader034.fdocuments.us/reader034/viewer/2022042305/5ed09c5a63bbdc2ace6f1068/html5/thumbnails/20.jpg)
LastPass One-Time Password
• OTP feature • authentication code for the master account • only valid for one use
![Page 21: The Emperor’s New Password Manager - USENIX · Zhiwei Li, Warren He, Devdatta Akhawe, Dawn Song University of California, Berkeley The Emperor’s New Password Manager. 20 Years](https://reader034.fdocuments.us/reader034/viewer/2022042305/5ed09c5a63bbdc2ace6f1068/html5/thumbnails/21.jpg)
h = hash(hash(alice|otp)|otp) rand_encrypted_key = encrypt(masterkey, hash(alice|otp))
![Page 22: The Emperor’s New Password Manager - USENIX · Zhiwei Li, Warren He, Devdatta Akhawe, Dawn Song University of California, Berkeley The Emperor’s New Password Manager. 20 Years](https://reader034.fdocuments.us/reader034/viewer/2022042305/5ed09c5a63bbdc2ace6f1068/html5/thumbnails/22.jpg)
OTP Attack h = hash(hash(alice|otp)|any_otp) rand_encrypted_key = encrypt(dummy, hash(alice|any_otp))
The attacker can then log into Alice’s master account to view unencrypted information and delete credentials
![Page 23: The Emperor’s New Password Manager - USENIX · Zhiwei Li, Warren He, Devdatta Akhawe, Dawn Song University of California, Berkeley The Emperor’s New Password Manager. 20 Years](https://reader034.fdocuments.us/reader034/viewer/2022042305/5ed09c5a63bbdc2ace6f1068/html5/thumbnails/23.jpg)
authorization vulnerabilities
classic web vulnerabilities
user interface vulnerabilities
bookmarklet vulnerabilities
![Page 24: The Emperor’s New Password Manager - USENIX · Zhiwei Li, Warren He, Devdatta Akhawe, Dawn Song University of California, Berkeley The Emperor’s New Password Manager. 20 Years](https://reader034.fdocuments.us/reader034/viewer/2022042305/5ed09c5a63bbdc2ace6f1068/html5/thumbnails/24.jpg)
Collaboration
Alice Bob(Collaborator)
• Ability to share passwords with a collaborator
• Alice requests to share a credential with Bob • Password manager forwards the credential to Bob • Both need accounts with the password manager
![Page 25: The Emperor’s New Password Manager - USENIX · Zhiwei Li, Warren He, Devdatta Akhawe, Dawn Song University of California, Berkeley The Emperor’s New Password Manager. 20 Years](https://reader034.fdocuments.us/reader034/viewer/2022042305/5ed09c5a63bbdc2ace6f1068/html5/thumbnails/25.jpg)
Authorization Vulnerabilities
• Three support collaboration
• Both My1login and PasswordBox mistook authentication for authorization
![Page 26: The Emperor’s New Password Manager - USENIX · Zhiwei Li, Warren He, Devdatta Akhawe, Dawn Song University of California, Berkeley The Emperor’s New Password Manager. 20 Years](https://reader034.fdocuments.us/reader034/viewer/2022042305/5ed09c5a63bbdc2ace6f1068/html5/thumbnails/26.jpg)
![Page 27: The Emperor’s New Password Manager - USENIX · Zhiwei Li, Warren He, Devdatta Akhawe, Dawn Song University of California, Berkeley The Emperor’s New Password Manager. 20 Years](https://reader034.fdocuments.us/reader034/viewer/2022042305/5ed09c5a63bbdc2ace6f1068/html5/thumbnails/27.jpg)
![Page 28: The Emperor’s New Password Manager - USENIX · Zhiwei Li, Warren He, Devdatta Akhawe, Dawn Song University of California, Berkeley The Emperor’s New Password Manager. 20 Years](https://reader034.fdocuments.us/reader034/viewer/2022042305/5ed09c5a63bbdc2ace6f1068/html5/thumbnails/28.jpg)
authorization vulnerabilities
classic web vulnerabilities
user interface vulnerabilities
bookmarklet vulnerabilities
![Page 29: The Emperor’s New Password Manager - USENIX · Zhiwei Li, Warren He, Devdatta Akhawe, Dawn Song University of California, Berkeley The Emperor’s New Password Manager. 20 Years](https://reader034.fdocuments.us/reader034/viewer/2022042305/5ed09c5a63bbdc2ace6f1068/html5/thumbnails/29.jpg)
User Interface Vulnerabilities • Resilient-to-Phishing • a major benefit of password managers • detects application • (auto-)fill the right password
• Vulnerable • LastPass • RoboForm
![Page 30: The Emperor’s New Password Manager - USENIX · Zhiwei Li, Warren He, Devdatta Akhawe, Dawn Song University of California, Berkeley The Emperor’s New Password Manager. 20 Years](https://reader034.fdocuments.us/reader034/viewer/2022042305/5ed09c5a63bbdc2ace6f1068/html5/thumbnails/30.jpg)
Logging into RoboForm
• Creates an iframe in the current web application to login the user
• Attack • block the iframe • spoof an authentication dialog • steal master credentials
iframe
![Page 31: The Emperor’s New Password Manager - USENIX · Zhiwei Li, Warren He, Devdatta Akhawe, Dawn Song University of California, Berkeley The Emperor’s New Password Manager. 20 Years](https://reader034.fdocuments.us/reader034/viewer/2022042305/5ed09c5a63bbdc2ace6f1068/html5/thumbnails/31.jpg)
LastPass UI Vulnerability
• (Demo)
![Page 32: The Emperor’s New Password Manager - USENIX · Zhiwei Li, Warren He, Devdatta Akhawe, Dawn Song University of California, Berkeley The Emperor’s New Password Manager. 20 Years](https://reader034.fdocuments.us/reader034/viewer/2022042305/5ed09c5a63bbdc2ace6f1068/html5/thumbnails/32.jpg)
authorization vulnerabilities
classic web vulnerabilities
user interface vulnerabilities
bookmarklet vulnerabilities
Mitigations
![Page 33: The Emperor’s New Password Manager - USENIX · Zhiwei Li, Warren He, Devdatta Akhawe, Dawn Song University of California, Berkeley The Emperor’s New Password Manager. 20 Years](https://reader034.fdocuments.us/reader034/viewer/2022042305/5ed09c5a63bbdc2ace6f1068/html5/thumbnails/33.jpg)
Mitigations • Bookmarklet Vulnerabilities • loads the password manager code in an iframe • postMessage with the right target
• Web Vulnerabilities • Content Security Policy (CSP) • CSRF prevention
• Authorization Vulnerabilities • a simpler sharing mode
• UI Vulnerabilities • manually open a new tab
![Page 34: The Emperor’s New Password Manager - USENIX · Zhiwei Li, Warren He, Devdatta Akhawe, Dawn Song University of California, Berkeley The Emperor’s New Password Manager. 20 Years](https://reader034.fdocuments.us/reader034/viewer/2022042305/5ed09c5a63bbdc2ace6f1068/html5/thumbnails/34.jpg)
Conclusions
• The wide spectrum of discovered vulnerabilities • logic mistakes • misunderstanding about the web security model • typical vulnerabilities like CSRF and XSS
• A single solution unlikely
• Developing password manager entails a systematic, defense-in-depth approach