One PC for Casual Surfing and Secure Banking
At least one bank, according to a recent report, is considering handing out a bootable Linux CD, so that customers can use that isolated environment for their banking. But how many customers will do that? Or buy a separate PC just for their "secure" activity?
We know from Javelin Research studies that customers want to protect themselves, but we also know, from a Microsoft Research study, that they often make what they consider to be reasonable decisions about the effort involved in doing so. Closing all their current work, booting a separate environment, doing their banking, and then restarting their "regular" activity is likely to be too big a burden for most people to tolerate. And we know that many fall victim to drive-by downloads, phishing attacks, Trojans, viruses and the like. So without better options, they'll continue to take risks with their personal data, including banking online from a potentially unsafe PC.
Without better options, they'll continue to take risks with their personal data, including banking online from a potentially unsafe PC.
If banks are truly going to help protect their customers, they need to offer solutions and options that are both safe and easy to use. Expecting customers to watch for the color of the address bar, or to inspect the contents of e-mail links, is a good starting point. But we know that customers won't be successful with those options 100% of the time, and we know that they are often told to ignore warnings.
Various approaches to safe banking have been discussed in numerous forums and literature. Some have been already implemented as a product, while some are more philosophical. All of these approaches assume that the client PC cannot be trusted, as it may have malware already resident due to inadvertent user actions. Despite all of the best protections, can we really think of a future where the PC has protection against all the known and zero day malware? It is possible, but cannot be broadly attainable.
Many solutions attempt to solve these issues by isolating the transaction and its intermediate results from a non-trusted device. We believe that these solutions, while addressing the issue of staying out of reach of malware resident on the PC, create fundamental user and usability issues. For example, significant user discipline is required for the approach of using a dedicated machine for online banking. The user must show determination not to do any casual browsing on these machines, to avoid any drive-by downloads and malware on the platform. Using auxiliary devices to address "insecurity" on the PC adds additional steps and burden for the user. As for one-time password tokens, could this lead to the "token chain" issue, where the user would have to carry a chain of tokens for authentication at various sites?
In general, security must be balanced with consumer usability for it to be effective - and the ultimate solution must be to make the platform fundamentally trustworthy using mechanisms that are user transparent. Our vision is that the user continues to use a single device for doing casual surfing (the usage ripe with downloadable malware) and can use the same device for doing sensitive online banking transactions. The user experience remains seamless and malware is contained in such a way that it cannot impact online transactions. This approach is cost effective, user friendly and thus has higher probability of broader user adoption.
Intel Labs' researchers are starting to look into this problem exploring various ways to embed the isolation mechanism via hardware technologies.
Let's review the issues: A chain of trust from human user sitting at terminal to the website has weak links. For example, today we have SSL/TLS from website to the PC. But once TLS terminates on client, malware on client can control the communications path. Intel Labs research is targeted at addressing these vulnerabilities. How can we store user secrets on client so that it can only be used with user's authorization? How can we prevent malware from modifying user's intended transactions "under the hood"? Can we provide some way of telling the website that human user -- and not the scripting malware -- intended these transactions?
Answering these questions requires finding mechanisms to protect communications and computation on device using hardware assisted isolation techniques.
In Intel Labs, we are exploring mechanisms to provide developers the capabilities of protecting the critical pieces of logic even in the presence of malware. These mechanisms provide protection of the user's private data, the user's interaction with the browser and secure communication endpoint on the platform. Mechanisms under exploration range from already available virtualization techniques to more hardware-ingrained techniques.
Beyond that, a much harder problem is to protect the interaction of the human user with these secure pieces of logic and to keep it out of reach of malware. This is a tricky problem, especially because past research indicates that many users overlook signals provided by the user interface. For example, many users do not pay attention to the SSL/TLS lock sign at the bottom of the browser. And in many cases, users tend to not carefully read pop up dialog boxes and instead just click OK regardless of the message.
The research further aims to identify reliable mechanisms to which user can be easily trained and that malware cannot spoof.
However this research also needs to consider the ecosystem realities - mechanisms need to fit into the today's infrastructure, especially the backend on the service provider side. The assumption that the ecosystem would change the infrastructure overnight is not practical. We also need to consider the real world scenario of mixed clients - ensuring that whatever solutions we come up with can work on both legacy and hardened clients.
Ultimately, our goal is to enable the world where a single device is enabled for usages ranging from casual browsing to secure banking. Let us know what you think.
Nikhil Deshpande is a Sr. Business Strategist at Intel Labs, focused on emerging platform technologies. This piece was co-authored by Vinay Phegade, Sr. Architect, Intel Labs, and Paul Witman, Assistant Professor, School of Business, California Lutheran University.