Weekly Edition
Return to the Security page
| ||||||||||||||||
Perspectives: an extension to block man-in-the-middle attacks
Begin forwarded message:
From: "Byron Spice" <bspice@cs.cmu.edu>
Date: August 25, 2008 9:56:32 AM EDT
To: "'David Farber'" <dave@farber.net>
Subject: Carnegie Mellon System Thwarts Internet Eavesdropping
Dave:
We issued this release this morning. Thought it might be of particular
interest to IP.
Byron
Department
of Media Relations
Carnegie Mellon University
Alumni House
Pittsburgh, PA 15213
412-268-2900
Fax: 412-268-6929
Contact: Byron
Spice
For
immediate release:
412
-268
-9068
August 25, 2008
bspice@cs.cmu.edu
Chriss Swaney
412-268-5776
swaney@andrew.cmu.edu
Carnegie Mellon System Thwarts Internet Eavesdropping
Available as Free Download for Firefox Browser
PITTSBURGH-The growth of shared Wi-Fi and other
wireless computer networks has increased the risk of eavesdropping on
Internet communications, but researchers at Carnegie Mellon
University's School of Computer Science and College of Engineering
have devised a low-cost system that can thwart these "Man-in-the-
Middle" (MitM) attacks.
The system, called Perspectives, also can protect
against attacks related to a recently disclosed software flaw in the
Domain Name System (DNS), the Internet phone book used to route
messages between computers.
The researchers - David Andersen, assistant
professor of computer science, Adrian Perrig, associate professor of
electrical and computer engineering and public policy, and Dan
Wendlandt, a Ph.D. student in computer science - have incorporated
Perspectives into an extension for the popular Mozilla Firefox v3
browser than can be downloaded free of charge at www.cs.cmu.edu/~perspectives/firefox.html
.
Perspectives employs a set of friendly sites, or
"notaries," that can aid in authenticating Web sites for financial
services, online retailers and other transactions requiring secure
communications. By independently querying the desired target site, the
notaries can check whether each is receiving the same authentication
information, called a digital certificate, in response. If one or more
notaries report authentication information that is different than that
received by the browser or other notaries, a computer user would have
reason to suspect that an attacker has compromised the connection.
Certificate authorities, such as VeriSign, Comodo
and GoDaddy, already help authenticate Web sites and reduce the risk
of MitM attacks. The Perspectives system provides an extra measure of
security in those cases but will be especially useful for the growing
number of sites that do not use certificate authorities and instead
use less expensive "self-signed" certificates.
"When Firefox users click on a Web site that uses a
self-signed certificate, they get a security error message that leaves
many people bewildered," Andersen said. Once Perspectives has been
installed in the browser, however, it can automatically override the
security error page without disturbing the user if the site appears
legitimate.
The system also can detect if one of the certificate
authorities may have been tricked into authenticating a bogus Web site
and warn the Firefox user that the site is suspicious. "Perspectives
provides an additional level of safety to browse the Internet," Perrig
said. "To the security conscious user, that is a significant comfort."
Andersen said the increased use of wireless
connections to the Internet has increased the risk of MitM attacks.
These occur when an attacker tricks a computer user into believing
that the user has established a secure link with a target site, such
as a bank. In actuality, the computer user is communicating with the
attacker's computer, which can eavesdrop as it relays communications
between the user and the target site.
"It's very, very, very easy for someone to convince
you to go through their computer" when making connections through
public Wi-Fi, Andersen said. A user who thinks he is linked to an
airport or coffee shop "hot spot," for instance, might actually be
linked to a laptop of someone just a few seats away. "A lot of people
wouldn't even know they've been attacked," he added.
Most Internet communications, such as to standard
hypertext transfer protocol (HTTP) sites, are unsecured, but those
involving encryption over a secured socket layer (SSL) and those using
secure shell (SSH) protocol, which involves the use of a login and
password, require that sites authenticate themselves with a digital
certificate containing a so-called public key, which is used for
encryption.
The exchange of this security information typically
occurs without the computer user being aware of it. But when something
isn't quite right, a dialogue box such as "Unable to verify the
identity of XYZ.com as a trusted site" is displayed by the Web browser.
"Most users don't have a clue about what to do in
those cases," Wendlandt said. "A lot of them just shrug and go ahead
with the connection, potentially opening themselves up to attack."
A vulnerability disclosed in July in the DNS
software poses a different problem for computer users, but one that
also is addressed by Perspectives. The software flaw could enable an
attack against an Internet Service Provider (ISP) that would cause the
ISP to connect users with a malicious site instead of the legitimate
site they were seeking. "With Perspectives, even if a client's ISP has
fallen victim to the attack, the client will be able to detect that
the public key received from the fake site is inconsistent with the
results returned from the notaries," Wendlandt said.
Andersen, Perrig and Wendlandt have launched their
own publicly available network of notary sites. They anticipate that
ISPs, universities and large companies will eventually sponsor
additional notary sites, in the same way that they voluntarily provide
time servers and network diagnosis sites. More information is
available at www.cs.cmu.edu/~perspectives/
This work was supported in part by Carnegie Mellon's
CyLab under grants from the Army Research Office and the National
Science Foundation, as well as by the Department of Homeland Security.
###
About Carnegie Mellon: Carnegie Mellon is a private research
university with a distinctive mix of programs in engineering, computer
science, robotics, business, public policy, fine arts and the
humanities. More than 10,000 undergraduate and graduate students
receive an education characterized by its focus on creating and
implementing solutions for real problems, interdisciplinary
collaboration, and innovation. A small student-to-faculty ratio
provides an opportunity for close interaction between students and
professors. While technology is pervasive on its 144-acre Pittsburgh
campus, Carnegie Mellon is also distinctive among leading research
universities for the world-renowned programs in its College of Fine
Arts. A global university, Carnegie Mellon has campuses in Silicon
Valley, Calif., and Qatar, and programs in Asia, Australia and Europe.
For more, see www.cmu.edu.
-------------------------------------------
Archives: https://www.listbox.com/member/archive/247/=now
RSS Feed: https://www.listbox.com/member/archive/rss/247/
Powered by Listbox: http://www.listbox.com
(Log in to post comments)
Perspectives: an extension to block man-in-the-middle attacks Posted Aug 25, 2008 15:03 UTC (Mon) by ms (subscriber, #41272) [Link]
If someone is in a position to launch a man-in-the-middle attack, as they suggest, on a wireless network, they will also be in a position to divert requests to these notary servers.
Perspectives: an extension to block man-in-the-middle attacks Posted Aug 25, 2008 15:25 UTC (Mon) by bboissin (subscriber, #29506) [Link]
Unless they use SSL and whitelist their sites. I'm a bit more concerned about the privacy implications.
Perspectives: an extension to block man-in-the-middle attacks Posted Aug 25, 2008 15:26 UTC (Mon) by i3839 (guest, #31386) [Link]
I'd assume the replies of those servers are signed and that the public keys of these notary servers come with the extension, so a man-in-the-middle attack against those wouldn't be possible.
Perspectives: an extension to block man-in-the-middle attacks Posted Aug 25, 2008 15:29 UTC (Mon) by ms (subscriber, #41272) [Link]
In which case what happens when those certs expire. It would turn this into catch-22
Perspectives: an extension to block man-in-the-middle attacks Posted Aug 26, 2008 0:38 UTC (Tue) by i3839 (guest, #31386) [Link]
Well, I don't think Certification authority keys expire often, if at all. But this is a generic certification problem, not specific to this idea. I guess they can sign each other's new keys.
It's easier to let users upgrade to a compromised updated version of this extension, with "much improved performance" as main feature...
Perspectives: an extension to block man-in-the-middle attacks Posted Aug 26, 2008 1:14 UTC (Tue) by dlang (✭ supporter ✭, #313) [Link]
for the record they do expire, most that I've seen have a 10 year life, but I've seen ones that were shorter.
CA expiration Posted Aug 26, 2008 8:04 UTC (Tue) by man_ls (subscriber, #15091) [Link] When the certificate from the certificate authority expires, you upgrade to an upgraded version of the certificate which has been signed by the old one. That way there is no catch-22 -- the old cert signs the new cert before it expires.
CA expiration Posted Aug 26, 2008 23:07 UTC (Tue) by i3839 (guest, #31386) [Link]
Umm, but why change it then? I mean, what's the point if it's as valid as the old one?
CA expiration Posted Aug 26, 2008 23:34 UTC (Tue) by man_ls (subscriber, #15091) [Link] Suppose the first certificate expires in December 2008. During 2008 the CA issues a new certificate, signed using the old one, valid from 2008 until 2020. Now, both certificates are valid during a short period of overlap, but in 2009 the old one has expired and only the new one remains.Of course the usual way is to go to the vendor's website and download an upgraded certificate directly, without any effective way of authentication. But that doesn't mean it is not possible.
Perspectives: an extension to block man-in-the-middle attacks Posted Aug 25, 2008 16:04 UTC (Mon) by rob2000 (guest, #53550) [Link]
* ms
The handful of public keys to identify notaries ship with the extension, and can be securely updated using the standard Firefox extension update mechanism. This is exactly the same as the CA certs currently used for "root-signed" certificates in a browser like Firefox.
As I see it, your "catch-22" doesn't exist.
Perspectives: an extension to block man-in-the-middle attacks Posted Aug 25, 2008 16:34 UTC (Mon) by ms (subscriber, #41272) [Link]
Ok, I should absolutely read the papers before jumping to conclusions. :)
I think my general point is that a man-in-the-middle attack is made by an extremely privileged attacker, and is generally _very_ hard to defend against. If they are determined to defraud you they now need to a) get you to install a new version of the firefox plugin with the "wrong" CA certs, b) set up a compromised notary service, and c) fake the target website in question; whereas before they had to do c) and d) try to confuse a CA to signing a CSR erroneously. Sure, it's more effort, but if it's someone who's determined anyway ... they're probably better off just mugging their victim anyway.
Perspectives: an extension to block man-in-the-middle attacks Posted Aug 25, 2008 16:44 UTC (Mon) by rob2000 (guest, #53550) [Link]
* ms
I agree that a man-in-the-middle attack must be privileged to subvert a website that already has a root-signed cert.
However, to subvert a website that only uses self-signed certificates is almost trivial. They can launch an attack by ARP spoofing on a shared wireless network, by compromising an access-point or home router, or by subverting an ISP's DNS resolver using vulnerabilities that have recently seen a lot of publicity.
I think the point of perspectives is mainly to protect clients connecting to websites using self-signed certs. It sucks that I as a website administrator have to pay the "verisign tax" for each domain name I use just to be able to have people connect securely to my site.
Perspectives: an extension to block man-in-the-middle attacks Posted Aug 25, 2008 17:39 UTC (Mon) by iabervon (subscriber, #722) [Link]
What I'd like is an extension that will install for you a self-signed certificate (or a limited-applicability CA certificate) provided you can fill in a randomly-select half of the characters of the fingerprint of the certificate in a dialog box that encourages you to question the source of the information you're using.
That way, you could use a self-signed certificate, and publish the fingerprint in some way that reliably indicates the source of the information (e.g., print it on your business card and hand one to each of your friends, put it on your answering machine message, put it in your SEC filings, etc). Whatever criterion the user is using for specifying who you are that they want to communicate with you should be sufficient to give a way to identify that they've actually gotten the right fingerprint from you, at which point the channel is secure against a man-in-the-middle attack.
Perspectives: an extension to block man-in-the-middle attacks Posted Aug 25, 2008 22:31 UTC (Mon) by drag (subscriber, #31333) [Link]
Well if your just doing it for business or a bunch of friends you'd just set up your own CA. I do that all the time and it's not very difficult once you get the hang of it and remember to save openssl commands to a file for later reference. That way you can just 'Ascii Armor' your CACERT and get a text string that is printable and you can include on all sorts of different media.
That's something you can already do with existing protocols, pretty much.
The thing about self-signed cert is that your giving up most of the benefits of using SSL/TLS in the first place. Your only getting a encrypted tunnel. What is on either end of that tunnel is a mystery to both parties. So for small groups then you definately want to setup your own CA or get somebody else to sign it that you all trust.
For anonymous users then it's much more difficult.
Instead of doing self-signed, and you want it to work with anonymous folks, I suggest just going http://www.cacert.org/
-----------------------
The way I see it doing 'perspectives' to try to compensate for the crappiness of self-signing is a waste of time. All the time there is less and less reason why it makes sense to self-cert.
But 'perspectives' plus existing PKI would be fantastic.
Everybody knows that websites are always getting owned by hackers. One way or another. So if a online store or some https wiki gets hacked then 'perspectives' can be a semi-automatic measure to mitigate the damage.
Perspectives: an extension to block man-in-the-middle attacks Posted Aug 25, 2008 23:19 UTC (Mon) by tbrownaw (guest, #45457) [Link]
How much do you trust the least trustworthy/competent CA that has their cert shipped with a popular browser? How many people map website->person by looking at the cert details, vs mapping person->website with, say, the URL printed on their bank statements?
As long as you're mapping meatspace->cyberspace instead of cyberspace->meatspace, knowing that a site hasn't changed hands for a while (long enough for the people who pointed you there to notice) should be more than enough.
Perspectives: an extension to block man-in-the-middle attacks Posted Aug 25, 2008 23:36 UTC (Mon) by iabervon (subscriber, #722) [Link]
There's not all that much difference between having your own CA certificate and having a self-signed certificate, except that a CA certificate is marginally more work, looks marginally more scary, but you can authenticate a bunch of services with the same cert. Otherwise, it doesn't matter if you hand out the self-signed site certificate on different media or hand out the CA certificate on the same media. On the other hand, it's useful to be able to hand out 40 hex digits instead of the whole certificate, because it's a bit unwieldy to copy a certificate off of a printed page, while a scheme which allows a user to confirm 20 digits and type in 20 digits (preventing them from just hitting "whatever" and accepting the wrong certificate) and getting the actual cert from the site would be easy.
I think one common mode is that there's some random wiki out there, and random users will create accounts on it, and they don't care too much who it is, but they do care that they're later talking to whoever they created the account with. That is, when you later log in, you want to avoid revealing your password to anyone who doesn't already know it, and if someone subverted the original connection, and you've still got the same attacker in the middle, you just don't care because you didn't care what this wiki was in the first place.
I also think there's the case where you want to verify a web site to belong to your bank, and you shouldn't necessarily trust any root CA to make this determination. If the bank's (CA) cert fingerprint is printed on your ATM card, bank statements, checks, and their letterhead, you can be pretty certain that this is actually your bank and not a site that's convinced some CA that they have a name like your bank's name that you typed by mistake.
Of course, it would be a lot easier if X.509 supported additional organizations making signed statements about a certificate. If (1) FDIC had signed that a particular certificate belongs to the bank with routing number X, and (2) my browser knew how to present this information unforgably to me, and (3) my browser let me accept and keep for future use a certificate based on this information, I'd be able to take out my checkbook and confirm that this is actually my bank.
Perspectives: an extension to block man-in-the-middle attacks Posted Aug 25, 2008 17:10 UTC (Mon) by flewellyn (subscriber, #5047) [Link]
Interesting idea. I got the extension to test it out.
Apparently, LWN.net's login page does not pass the notary test.
Perspectives: an extension to block man-in-the-middle attacks Posted Aug 25, 2008 19:41 UTC (Mon) by mrshiny (subscriber, #4266) [Link]
Is that because the extension is new and the notaries haven't yet started collecting keys? So far I haven't found any sites that they accept, always because the keys are "too new"
Perspectives: an extension to block man-in-the-middle attacks Posted Aug 25, 2008 19:59 UTC (Mon) by flewellyn (subscriber, #5047) [Link]
That's probably it, yes. Hopefully it will become more useful as the servers accumulate recognized keys.
Perspectives: an extension to block man-in-the-middle attacks Posted Aug 26, 2008 7:03 UTC (Tue) by rob2000 (guest, #53550) [Link]
hi flewellyn and mrshiny,
i played with the extension quite a bit and it worked on every site for me (including lwn.net).
The "preferences" let you set how many notaries must agree on a key and how much key history they must have seen. By default, the settings require that at least 75% of notaries agree, but it does not require that the agreement be of any duration (this is "medium security").
If you're consistently getting failures and are using the default settings, that's probably a bug. I would email the developers.
Perspectives: an extension to block man-in-the-middle attacks Posted Aug 25, 2008 20:21 UTC (Mon) by jdell (guest, #25923) [Link]
Seems like a distributed known_hosts file on steroids.
Perspectives: an extension to block man-in-the-middle attacks Posted Aug 26, 2008 9:26 UTC (Tue) by tzafrir (subscriber, #11501) [Link]
Indeed it seems that this started as an extension for ssh's known hosts.
But then again, when the key changes for a legitimate reason, how long will notary servers still know of the old one?
Perspectives: an extension to block man-in-the-middle attacks Posted Aug 28, 2008 7:40 UTC (Thu) by deleteme (guest, #49633) [Link] Seems like a reincarnation of HOST.TXT, and we all know why DNS replaced a static /etc/hosts that you fetch via FTP.
Perspectives: an extension to block man-in-the-middle attacks Posted Aug 26, 2008 16:02 UTC (Tue) by sitaram (subscriber, #5959) [Link]
This is great.
The "known hosts file on steroids" description is great.
For people not (too) familiar with ssh/known_hosts, this can be thought of as "virtually updating" the root CA store, using consensus among multiple observers to determine validity.
As a result, a host using a self-signed cert essentially gets a few "character witnesses" to vouch for it.
This is how I explained it to someone just now, and they seemed to understand it. I think.
|
||||||||||||||||