Have they forgotten about PKC’s and SSL?

I just read an article in IEEE Computer, June 2005, called “Security Technologies Go Phishing”. It’s about new ways of stopping phishing attacks. Among other things, they present a system that lets a bank (for instance) have their users choose a picture from an album. That picture is then included in email that the bank sends out, so the user knows that the email is for real and not spoofed. To me, there are many things wrong with this idea and any similar developments. (Please note: the article mentions other interesting systems and the given company has other interesting products. I’m only picking on this one idea, here.)

First, let’s break the back of the included-image idea. Assume that the bank has an album of 100 pictures to choose between. That means that if a phisher sent out an email with one random picture to a large number of users, one in a hundred would recognize his own picture. That may well be enough for the phisher to live on. Especially since that one user will not be suspicious at all about the email, so the image idea may have worsened the situation instead of improving it.

The second part of the PassMark idea is the presentation of this same image to the user as he logs in to the banks web systems. That way the user knows he’s talking to the bank system. But the same argument applies here too. If the email held the right image by pure luck, the web page it links to will hold the right image by necessity. It will be the same one, right?

If you replace each image, in your mind, with a password, you soon realize that what you have is in effect a password the bank sends in plain text email to the user to “log in to the user’s mind”. We already know that sending passwords in plain text is not a good idea. On top of that, this particular password comes from a generally known dictionary of only a hundred passwords. The scheme, put this way, begins to look really weak, doesn’t it?

About the web page: if the bank implemented an SSL server correctly, which they usually do, and the user’s browser would actually check the SSL certificate in all aspects and tell the user if it didn’t match expectations, there would be no way someone could spoof the bank’s website. The only way it can happen today is because browsers are far too lax about the properties of the certificates and because browsers allow SSL proxies.

More generally, why do we even need schemes like this image thing? If the bank digitally signed all their outgoing email messages and the users could verify those signatures, not one single message could be spoofed by anyone. So, why doesn’t the bank do that?

Well, in large part because public key cryptosystems are hard to install. But I’m sure it’s much easier to make an easy to use installation program for a good PKC system than to reinvent the wheel (and making it square in the process).

There are only two major PKC systems around: PGP in several variants and S/MIME. Most relevant patents have expired. All necessary code is available as open source or as libraries. Certificates can be obtained cheaply or for nothing. Trust models can be anything you want them to be. And it all works. So, what needs to be done?

Well, browsers, for one, need to properly check certificates of websites and really present their findings to the user in an understandable way. Websites need to take care to implement the certificates right; the domains in the certificates need to match the real domain the server is in, for instance.

Email programs need to come with public key crypto preinstalled. Is it really too much asked that an email program installation would, by default:

  1. Generate or import a keypair
  2. Upload public key to standard servers
  3. Prompt the user to encrypt to any destination the email program finds a public key for in the standard servers
  4. Prompt the user to sign any outbound email
  5. Loudly complain and offer to delete any unsigned or unencrypted received email
  6. Check and display the result of comparing signatures to origin domains, and the name on the public certificate

We don’t need new systems to protect us from phishing. We need correctly implemented and used old systems. That’s much better and probably much easier. And certainly more secure.

2 thoughts on “Have they forgotten about PKC’s and SSL?”

  1. The image idea does bring to mind the concept of watermarking. Not that it would prove any more useful than digital signatures and proper SSL. But, if a watermark were to be embedded in another picture, it makes me wonder if a functionality similar to that of the anti-OCR images generated as human only readable could not be produced. Also a machine decipherable embedded watermark might prove effective (until the bad guys figure out how to read and produce those).

    Just thinking out loud here.

  2. But as soon as you need software to verify the watermark, you’re in the same situation as with digital signatures. And, since the watermark is actually a digital signature on the image, you’ve signed the image, not the email contents. That is, more complicated technology of the same kind with less result.

Comments are closed.