clickjacking: attacks & defences
DESCRIPTION
Clickjacking: Attacks & Defences. Lin-Shung Huang, Alex Moshchuk, Helen Wang, Stuart Schechter, and Collin Jackson Carnegie Mellon, Microsoft Research USENIX Security 2012. SIL765 paper presentation by: Rahul Goyal: 2008CS50222 Ravee Malla: 2008CS50224. Course Instructor: - PowerPoint PPT PresentationTRANSCRIPT
Clickjacking: Attacks & Defences
Lin-Shung Huang, Alex Moshchuk, Helen Wang, Stuart Schechter, and Collin JacksonCarnegie Mellon, Microsoft ResearchUSENIX Security 2012Clickjacking: Attacks & DefencesSIL765 paper presentation by:Rahul Goyal: 2008CS50222 Ravee Malla: 2008CS50224Course Instructor:Prof. Huzur SaranCSE, IIT Delhi
LikejackingThe user can be tricked into clicking button, on an attackers websiteUser visits attacker.comLike button hidden behind another button
Clickjacking: DefinitionPrerequisite: Multiple mutually distrusting applications sharing the same display, and having permission to manipulate each others visual appearanceAttacker comprimises context integrity of another apps UI componentsTemporal IntegrityVisual IntegrityTypes of Context IntegrityVisual IntegrityTemporal IntegrityWhat the user sees, is actually what is presentNo transparent, overlayed objectsEg should be visible should be visibleState of the UI between time of user checking and the time of initiating the click, remains the same
Compromising Visual IntegrityHide the targetPartial Overlays
Compromising Visual IntegrityMultiple cursor feedback known as cursorjacking
Fake CursorReal CursorCompromising Temporal IntegrityBait and switch: As mouse comes near Claim you.. button, Like moves to take its location before the user realizes it
Existing DefencesUser confirmationDegrades user experienceUI randomizationUnreliable & not user-friendly. (Multi-click attacks)Framebusting (X-Frame-Options)Incompatible with embedding 3rd-party widgetsOpaque overlay policyBreaks legitimate sitesVisibility detection on clickAllow clicks only on elements that are visibleProtecting temporal integrityImposing a delay after displaying a UIAnnoying to users
New Attacks DemonstratedAuthors conducted new exploits using Clickjacking & with and without their own patches using Amazon Mechanical TurksReported the effectiveness of the attackAttacks:Accessing users webcam: Attack success: 43%Stealing users email: Attack success: 47%Revealing users identity: Attack success: 98%
Accessing users webcam
Fake CursorReal CursorStealing users email
InContext DefenceDesign Goals:Should support 3rd party object embeddingShould not have to prompt users for actionsShould not break existing sitesShould be resilient to new attacks
Basic IdeaTechniques to ensure user is always InContext of the sensitive UI in interactionWebsites can indicate their sensitive UIBrowsers can enforce context integrity rules on these sensitive UIs
Ensuring visual integrity of targetOS can compare the screenshot of sensitive UI with the reference bitmap provided30ms overhead on click processing
Ensuring visual integrity of pointerRemove cursor customizationFreeze screen
Ensuring visual integrity of pointerLightbox effect around target on pointer entry
Ensuring temporal integrityUI DelayOn a visual change, all buttons are inactive for a certain timePointer Re-entry: On a visual change, invalidate clicks till pointer re-enters the UI
Conclusions & ExtensionsDemonstrate clickjacking variants and dangersShow effective defences (success 43-98%)Our Extensions:Replicate the studies and test the effectiveness of defencesExplore other methods/cases where Clickjacking can be used as an exploitQuestions & Comments.Thanks