Title

Shared Secret Trusted Path (shortname: sharedsecret)

Overview

A trusted path can be established between a web user agent or web site and the user through the use of a secret shared between the user and the agent or site. The shared secret may be an image selected by the user, or can be another type of secret (e.g., text or audio) to meet accessibility requirements. If the shared secret is difficult to guess, it is difficult to exactly emulate, so robust against that aspect of spoofing attacks. Having such a trusted path will not ensure that all users do not fall for phishing attacks (see Emporer's New Security Indicators on Passmark), but known attacks against these trusted paths do not include spoofing.

Goals

All robustness proposals (attempt to) satisfy the trusted-path goal.

Applicability

Any web user agent that (proactively) presents SCI to the user (or a channel presumed to eventually lead to the user, such as accessiblity aides).

Requirement | Good Practice

Web user agents MAY accept some presentation information from the user, and associate that information with parts of the user interface that are intended or commonly used to communicate trust information to users.

Presentation information is expected to be in a form that the user can recognize. For example, graphical, textual, audio.

Techniques

Examples of user customized website and browser interfaces are in the references below. One technique is to give the user a selection of backgrounds, skins, or tartans, and customize the graphical look of the web browser with them. Knowing the set of secrets the user can choose from can increase the attackers ability to spoof them, particularly if a small subset if popular. Another technique is to take user specific graphics an use them the same way. If a malicious site can get the user to customize it the same way, it might be possible for the site to spoof the browser.

Examples (informational)

Dynamic security skins.

Attack resistance and limitations

ThreatTrees 2.C.ii

References

TrustedBrowserComponent

Dynamic Security Skins, Dhamija and Tygar. iGoogle (Google ig), http://www.google.com/ig

Personas for Firefox, http://www.puffinlabs.com/personas/personas.html

PassMark's site authentication feature http://www.mypassmark.com/