Poster: Preventing SSLstripping Attack using Visual Security Cues

The Secure Socket Layer (SSL) protocol has been the most widely used security mechanism enabling safe web browsing. A new attack, called SSLstripping, reported by Moxie Malinspike at the Blackhat conference in 2009 [2], effectively defeats the SSL security by exploiting either users’ browsing habits or websites’ SSL policy, rather than a technological flaw in the protocol. For the former, most users do not write in the address bar the full address of a website that they want to visit securely, instead relying on their browser and the website to redirect them to a proper secure location. For the latter, many websites do not support SSL by default, only having login forms use a secure connection. As a type of man-in-the-middle (MITM) attack, the SSLstripping attack has the potential to affect tens of millions of online users that login to those websites protected by SSL. Facebook.com is one of the vulnerable websites. Two solutions have been proposed that could be used to address the SSLstripping attack. The first one, ForceHTTPS [1] makes the websites notify a user’s web browser that they require a secure connection to operate, and therefore the browser will always establish a secure connection with those websites that required so. The problem is that many websites do not require HTTPS, and if the attack is launched before the website is first contacted, the browser will never get the notification. Another solution, HProxy [3] relies on the browser’s history information to compare the current and past security mechanisms used by a website already visited. Once again, this solution will not work if the attack is deployed before a browsing history is established or if the history does not exist. We present a novel approach to addressing the SSLstripping attack through the use of visually augmented security. Motivated by the design of typical traffic lights, we introduce a set of visual cues aimed at thwarting the attack. The visual cues can be used to boost the user’s trust against her browser when sensitive credentials need to be entered and submitted to websites for the purpose of authentication. Our contributions are as follows: we propose visual cue based solutions that help address the SSLstriping attack; we propose a better solution to inform users about websites that request sensitive login credentials through an insecure channel by design. Users can then be constantly aware of websites with secure and insecure login, and make informed decisions on how they choose and use their credentials; and we also conduct a user study to explore whether our approach is more effective and promising than the existing pop-up method. 2. APPROACH