SECURITY IN ONLINE BANKING

Joel Fendrick

Overview

Encryption Methods AES (Advanced Encryption Standard) SSL (Secure Socket Layer) TLS (Transport Layer Security) TLS Advantage Over SSL Security Example Attacks Countermeasure

Encryption Methods

Asymmetric

Symmetric

Hashing

Asymmetric

Each user has two keysPrivatePublic

Public key stored in public databaseMessages encrypted with public key can

only be decrypted with private key.Encrypted with private -> decrypted with

public

Symmetric

No private/public Only means of decryption is if you have

the right key

Security issue in exchanging the key

Hashing Unique fixed length string of characters from

selected text

One way processCannot recreate document from hash

If anything changes in text, hash would change

Can be used to determine integrity of file

Suppose hash of a document was:

9c5292056062f70a2f14330cf4d30c7f

If anything at all changes in document a new hash is formed

91857f37a636882c78de9961e791c81a

Making it easy to tell if the message has been altered in any way

AES (Advanced Encryption Standard) Cryptographic algorithm used to protect

electronic data Block cipher that can encrypt and

decrypt information Capable of using keys of 128, 192, and

256 bits Encrypts data into blocks of 128 bits

Pseudo code

http://www.garykessler.net/library/crypto.html#fig17

in[] and out[]16-byte arrays with the plaintext and cipher text,

respectively. (According to the specification, both of these arrays are actually 4*Nb bytes in length but Nb=4 in AES.)

w[] array containing the key material and is 4*(Nr+1)

words in length. (Again, according to the specification, the multiplier is actually Nb.)

state[] a 2-dimensional array containing bytes in 4 rows

and 4 columns. (According to the specification, this arrays is 4 rows by Nb columns.)

SubBytes takes the value of a word within a State and

substitutes it with another value by a predefined S-box ShiftRows

circularly shifts each row in the State by some number of predefined bytes

MixColumnstakes the value of a 4-word column within the State

and changes the four values using a predefined mathematical function

AddRoundKeyXORs a key that is the same length as the block, using

an Expanded Key derived from the original Cipher Key

Walkthrough

This walkthrough is of Rijndael encryptionRijndael allows for both key and block sizes to

be chosen independently from the set of { 128, 160, 192, 224,  256 } bits.  (And the key size does not in fact have to match the block size). 

However, the block size must always be 128 bits in AES, and the key size may be either 128, 192, or 256 bits. 

http://www.formaestudio.com/rijndaelinspector/

AES Flaw

2009 weakness identified Interesting in mathematical P.O.V.

Not really relevant in application Finding the key of AES is four times

easier than previously believed Steps to find = 8 followed by 37 zeroes

1 trillion machines each test 1 billion keys per second Would take more than 2 billion years to

recover AES-128 key  Andrey Bogdanov (K.U.Leuven), Dmitry Khovratovich (Microsoft

Research), Christian Rechberger (ENS Paris)

SSL (Secure Socket Layer)

3 basic propertiesConnection is privatePeer’s identity can be authenticated using

asymmetric cryptographyConnection is reliable

○ message check using keyed Message Authentication Code (MAC)

Two layers: can include length description and content

Lowest Layer = SSL Record Protocol

Second Layer = Handshake Protocol

TLS (Transport Layer Security)

Two layersTLS Record ProtocolTLS Handshake Protocol

Encapsulates higher level protocols

TLS Record Protocol

Two basic properties

The connection is private○ Symmetric Data encryption

The connection is reliable○ Keyed MAC included in each message

TLS Handshake Protocol

Three basic properties Peer’s identity can be authenticated using

asymmetric or public key cryptography

The negotiation of a shared secret is secure

The negotiation is reliable

Advantage over SSL

Application protocol independentHigher level protocols can layer on top of it

transparently○ Decisions on how to initiate TLS handshaking

and how to interpret authentication certificates are left up to the designers of the higher level protocols

Security Example

Either SSL or TLS protocolWe’ll focus on SSL since it is the basis for

TLS

Browser sends message via SSL to bank server

Bank responds by sending a certificateIncludes banks public key

Browser authenticates certificate and generate random session keyUses this key to encrypt the data

Bank’s server receives session key and decryptsKey was sent encrypted by bank’s public keyBank uses private key to decrypt

Session key that now both bank and client know is used for rest of communication

Banks Didn’t Use SSL?As of 2006 a number of big banks were not requiring the use of SSL authentication

Bank of America Wachovia US Bank Chase American Express Etc.

SSL login form listed as optional

Outside the US at this time HSBC was the only known bank not to use SSL authentication

○ British multinational banking and financial services company

Attacks

Man-in-the-middle

Man-in-the-browser

Man-in-the-middle

Someone intercepts the communication between two systems

Specific MITM Attack

Victim visits site that uses TLS 1.0 and receives a cookie, this cookie injects the client-side BEAST (Browser Exploit Against SSL/TLS)

Attacker can now use a network sniffer to look for active TLS connectionsGrabs and decrypts the HTTPS cookie

○ Allows attacker to hijack victim’s session with that site.

Solution

DifficultAttacks confidentiality VS authenticity like

most attacks

Requires major change in the protocol itself

There are some fixes, but they cause compatibility issue with some existing SSL applications

Man-in-the-browser

Malware already infecting user computerKicks in after user has logged onto siteHijack money and siphon it into criminal

accounts

Solution

Use a trusted browser

Can be stored on a flash drive

Since stored in own secure environment it is not susceptible to malware in the same way as a traditional browser

Countermeasure

Historically piecemeal approach

Generally recommends several defenses that support each other

Often creates gaps within the layer architecture leaving some elements exposed to threats

Some banks implement a secure USB token“provides secure online banking session even if

computer is riddled with malware”

Read-only portable USB device○ When plugged in encrypts the customers

keystrokes○ Launches virtualized OS○ Launches secure browser○ Launches a secure network between client and

bank server

This is an attempt to create a virtual machine that is walled off from the rest of the PC

Protection from clients system

Makes sense that banks would want to protect their customers, as they are often the weakest link and biggest threat vector

Conclusion

Be careful and aware

Pay attention and confirm site is legitimate

Security is evolving , but so are the attacks

References [1] HIPAA Collaborative of Wisconsin. (2010). The Basics of Encryption. Retrieved on March 22, 2012, from http://www.hipaacow.org/docs/encryption%20whitepaper%207.7.10.doc   [2] NIST. (2001). Retrieved on March 22, 2012, from FIPS Publications website: http://csrc.nist.gov/publications/fips/fips197/fips-197.pdf   [3] Katholieke Universiteit Leuven (2011, August 17). First flaws in the Advanced Encryption Standard used for internet banking identified. ScienceDaily.

Retrieved on March 22, 2012, from http://www.sciencedaily.com /releases/2011/08/110817075424.htm   [4] Dierks, T., & Rescorla, E. (2008, August). The Transport Layer Security (TLS) Protocol Version 1.2. Retrieved on March 22, 2012, from http://tools.ietf.org/html/rfc5246   [5] Freier, A., & Karlton, P. (2011, August). The Secure Sockets Layer (SSL) Protocol Version 3.0. Retrieved on March 22, 2012, from http://tools.ietf.org/html/rfc6101   [6] Onyszko, T. (2002, July 19). WindowsSecurity.com. Retrieved on March 23, 2012, from http://www.windowsecurity.com/articles/secure_socket_layer.html   [7] Online banking security and technical frequently asked questions. (2012). Retrieved on March 23, 2012, from

http://www.bankofamerica.com/onlinebanking/index.cfm?adlink=&context=en&locale=&statecheck=WI&template=faq_security&cm_mmc=&cm_sp=   [8] Ou, G. (2006, April 27). Many banks failing to use ssl authentication. Retrieved on March 23, 2012, from http://www.zdnet.com/blog/ou/many-banks-failing-to-use-ssl-authentication/201   [9] OWASP. (2009, April 23). The open web application security project. Retrieved on March 23, 2012, from https://www.owasp.org/index.php/Man-in-the-middle_attack   [10] Fisher, D. (2011, September 19). threatpost. Retrieved on March 23, 2012, from

http://threatpost.com/en_us/blogs/new-attack-breaks-confidentiality-model-ssl-allows-theft-encrypted-cookies-091911

[11] Bethlehem, D. (2012, February 12). Strong authentication by itself is not enough to prevent man-in-the-browser attacks. Retrieved on March 24, 2012, from http://data-protection.safenet-inc.com/2012/02/strong-

  [12] Ramirez, D. (2007). Case study: Itu-t recommendation x.805 applied to an enterprise environment— banking. Bell Labs Technical Journal, 12(3), 55-64.   [13] (2011). Securing the weakest link. Bank Technology News,24(6), 1 & 35.