Embed Size (px)
DESCRIPTION
There are more then 20 000 000 of users of internet banking systems in Poland. More than 7 000 000 of them use such systems actively. They usually lack of technical knowledge and are not aware of the current threat landscape linked with such systems. As a result users of internet banking are often profitable targets for cybercriminals. Not all attacks are targeted against wealthy clients and highly sophisticated. It is more profitable to execute relatively simple mass attacks which affects as large population of targets as possible. The gain from single victim may be not very impressive, but number of users affected by such attacks yields a considerable outcome for the attackers. As in every system, there are some security controls implemented in internet banking. Two such mechanisms are: user authentication, and transaction authorization. The transaction authorization is the (last?) line of defense which should be able to stop such attacks even if the first line of defense, authentication, has failed. As we know this is not always the case. To design an effective control one needs to understand the environment in which this control will operate and the type of attacks it should withstand. To get this context we will analyze several typical attack scenarios and identify what weaknesses are exploited. Based on this analysis we will prepare a list of requirements for an effective control s which could be used in internet banking to thwart typical attacks. Next we will evaluate the typically used transaction authorization methods used in polish internet banking systems to check if they meet the requirements identified by us. Sample attack scenarios will be provided to demonstrate that if even one of these requirements is not met a gap is created which may lead to a successful attack. Finally, one important question needs to be answered – can this transaction authorization mechanism be efficient enough to be the last line of defense against these mass attacks?
Citation preview
Evaluation of
Transactional Controls in
e-Banking Systems
Kraków, 27.05.2014
Paweł Goleń
Arkadiusz Bolibok
How Transaction Integrity Verification should look like
Who are we?
• We don’t like to talk about ourselves
• We both have technical background
– In building
– In breaking
• Now we work in Risk Management area
Popularity of eBanking
• 38 million is the population of Poland
• 24 million – accounts with internet access
– 8 million active users
• Banks promote use of internet banking
– Easy, convinient, secure
• Ordinary users use Internet Banking
– Limited knowledge, limited awareness
– They may be easy targets
If there are targets...
• Targeted attacks
– May be very profitable
– More difficult to perform
– More risky to the attacker
• Mass attacks
– Single attack needn't be very profitable
– No specific targets (the more, the better)
– Many successful attacks in one campaign
How does eBanking look like?
eBanking use cases
eBanking user
Transfer Money
Send Application
View Account Information
Manage Defined Transfers
Manage Account Parameters
Transfer Internaly
Tranfer Externaly
Execute Define Transfer
Modify Define Transfer
Add New User
Order New Product
Add New Access ChannelChange Account Paramters
Create Time Deposite
Loan Repayment
Transfer to Other Own Account
Execute Domestic Transfer
Execute International Transfer
Transfer to Tax Office
eBanking misuse cases
eBanking User
Transfer Money
Send Application
View Account Information
Manage Defined Transfers
Manage Account Parameters
Attacker
Disclose Account Information
Transfer Money To Attacker
Change Account Parameters
Create New User
Add New Access Channel
Add New ProductModify Defined Transfer
<<extend>>
<<extend>>
<<extend>><<extend>>
<<extend>>
<<extend>>
<<extend>>
<<extend>>
Attacker's motivation
• Disclose information accessible through
eBanking interface
• Tranfer money to an account controlled by
the attacker
• Influence financial market
Scope of analysis
eBanking User
Transfer Money
Send Application
Manage Defined Transfers
Manage Account Parameters
Attacker
Transfer Money To Attacker
Change Account Parameters
Create New User
Add New Access Channel
Add New ProductModify Defined Transfer
<<extend>>
<<extend>>
<<extend>><<extend>>
<<extend>>
<<extend>>
<<extend>>
<<extend>>
User to system interaction
eBanking
User
: Web
Browser
: eBanking
System
1 .User provides transaction parameters
2. Transaction parameters are send
to system
5. User provides authorization
data
3. Summary of transaction is sent
4. Summary of transaction is presented
to user
6. Authorization data is sent
to system
7. Verifcation of authorization data
8. Execution of transaction
9. Transaction confirmation
10. Transaction confirmation
presented to user
Threats
• Malware installed on the machine of the ebanking
client (A1, A2)
• Unauthorized interception and modification of
information as it is transmitted over public
networks (B4, B5)
• Theft of access control information by means of
phishing and trademark spoofing (B10, C1, C3)
Based on Infromation Security Forum Treat List
Threats mapped to interaction
eBanking
User
: Web
Browser
: eBanking
System
1 .User provides transaction parameters
2. Transaction parameters are send
to system
5. User provides authorization
data
3. Summary of transaction is sent
4. Summary of transaction is presented
to user
6. Authorization data is sent
to system
7. Verifcation of authorization data
8. Execution of transaction
9. Transaction confirmation
10. Transaction confirmation
presented to user
Malware
Phishing
Man in the middle
Possible malicous activites
eBanking
User
: Web
Browser
: eBanking
System
1 .User provides transaction parameters
2. Transaction parameters are send
to system
5. User provides authorization
data
3. Summary of transaction is sent
4. Summary of transaction is presented
to user
6. Authorization data is sent
to system
7. Verifcation of authorization data
8. Execution of transaction
9. Transaction confirmation
10. Transaction confirmation
presented to user
Malware modifies transaction
paramters
MitM modifies transaction paramters
MitM forges transaction summary
Malware forges transaction summary
Malware eavesdrops authorization
data
(optional) Malware blocks transaction
execution
MitM forges transaction confirmation
Malware forges transaction
confirmation
MitM eavesdrops authorization data
(optional) MitM blocks transaction
execution
Attacker uses eavesdropped
authorization data (offline)
Attacker uses authorization data
aquired by phishing (offline)
Types of controls used
• Authentication controls
• Access controls
• Transaction Integrity Verification (TIV)
Transaction Integrity Verification
(...) generic term to describe (...) method of
verifying that the actual content of a
transaction has not been altered by the
fraudulent techniques (...)http://en.wikipedia.org/wiki/Transaction_verification
Reference to TIV in standards
• Requirements phase and testing phase
– OWASP ASVS 2.0
V1.22 Verify re-authentication, step up or adaptive
authentication, SMS or other two factor application, or
transaction signing is required before any application-
specific sensitive operations are permitted as per the
risk profile of the application
– Lack of sufficient requirements and guidelines
Possible 'high level' scenarios
• Offline execution based on acquired data
– Multiple operations
– Only one or very limited numer of operations
– Constrained operation
• Modification of operation in progress
– Unrestricted modification
– Constrained modification
• Replay of executed operation
Popular methods
• Classic Transaction Authentication Number
(TAN)
• One Time Password Generator
– Based on time
– Based on a challenge-response
• Digital signature
• Transaction Authentication Number
delivered by SMS (mTAN)
How we compare
Phishing MitM Malware
Offl ine execution of multiple operations based on
acquired data
Offl ine execution of single operation based on
acquired data
Unconstrained modification of operation in progress
Constrained offl ine execution of single operation
based on acquired data
Constrained modification of operation in progress
Replay of executed operation
>>
> I
mp
ac
t >
>>
>>> Difficulty >>>
Big impact, Bigger difficulty
Big impact, Low
difficulty
"Please take my
money"
Lower impact, Lower
difficulty
Lower impact, Bigger difficulty
"You wil l need to sweat for that"
Classic Transaction Authentication
Number (TAN)
• Delivered to user
via independent
channel
• Transaction data is
not related to
authentication code
Assumptions:
• Each code can be used only once
Transaction Authentication Number
Phishing MitM Malware
Offl ine execution of multiple operations based on
acquired data
Offl ine execution of single operation based on
acquired data
Unconstrained modification of operation in progress
Constrained offl ine execution of single operation
based on acquired data
Constrained modification of operation in progress
Replay of executed operation
>>> Difficulty >>>
>>
> I
mp
ac
t >
>>
One Time Password Generator based
on time
• No direct data
exchange between
token and eBanking
system
• Transaction data is
not related to
authentication code
Assumptions:
• Token value change triggered by time
• Each code can be used only once
Phishing MitM Malware
Offl ine execution of multiple operations based on
acquired data
Offl ine execution of single operation based on
acquired data
Unconstrained modification of operation in progress
Constrained offl ine execution of single operation
based on acquired data
Constrained modification of operation in progress
Replay of executed operation
>>> Difficulty >>>
>>
> I
mp
ac
t >
>>
One Time Password Generator based
on time
One Time Password Generator in
challenge-response mode
• No direct data
exchange between
token and eBanking
system
• Transaction data is
related to
authentication code
Assumptions:
• Response calculation does not take into account time
• Lenght of the challenge is limited (6-8 digits)
Phishing MitM Malware
Offl ine execution of multiple operations based on
acquired data
Offl ine execution of single operation based on
acquired data
Unconstrained modification of operation in progress
Constrained offl ine execution of single operation
based on acquired data
Constrained modification of operation in progress
Replay of executed operation
>>> Difficulty >>>
>>
> I
mp
ac
t >
>>
One Time Password Generator in
challenge-response mode
Digital signature
• SmartCard is attached
to the computer /
mobile phone
• Signature operation is
conrolled by software
installed on computer
/ mobile device
• Authentication code is based on all
important transaction parameters
Assumptions:
• Private key cannot be copied
• Signature is triggered by plugin/applet/ActiveX installed in the
browser
Phishing MitM Malware
Offl ine execution of multiple operations based on
acquired data
Offl ine execution of single operation based on
acquired data
Unconstrained modification of operation in progress
Constrained offl ine execution of single operation
based on acquired data
Constrained modification of operation in progress
Replay of executed operation
>>> Difficulty >>>
>>
> I
mp
ac
t >
>>
Digital signature
Transaction Authentication Number
delivered by SMS (mTAN)
• Transaction data is
related to
authentication code
• Some parameters are
presented in
shortened form
• SMS delivery is triggered by eBanking
system
Assumptions:
• Attacks on GSM network were not considered
• SIM card cloning was not considered
Phishing MitM Malware
Offl ine execution of multiple operations based on
acquired data
Offl ine execution of single operation based on
acquired data
Unconstrained modification of operation in progress
Constrained offl ine execution of single operation
based on acquired data
Constrained modification of operation in progress
Replay of executed operation
>>> Difficulty >>>
>>
> I
mp
ac
t >
>>
Digital signTransaction Authentication
Number delivered by SMS (mTAN)
Let's compare
Tan OTP token Challenge-Response
Digital signature mTan
What was effective
• Presenting operation parameters via out-of-
band channel
• Signing all the important parameters of
operation
• So what are the requirements?
– Out-of-band
– Transaction signing
The out-of-band requirements
• Trusted out-of-band channel must exist
• Operations should be presented explicitly
– What operation will be executed
– Important parameters of that operation
– „Collisions” should be avoided
• Unique codes should be used
– Code is generated when operation is initiated
– Code confirms only the operation for which it was generated
The signing device requirements
• User must know what is being signed
• All important parameteres should be signed
• User's action should be required
• It should be difficult to create a valid
signature without the secret
• Finding collisions should be difficult
• Replay should not be possible
Quick recap
• There are no perfect controls
– Some are easier to defeat than others
– Control effectiveness can be evaluated
– There is always the weakest link: user
• Use the defense-in-depth approach
– Next layer of defense is required
– Anomaly detection, big data, (...)
QUESTIONS?
