Slashdot Mirror

← Back to Stories (view on slashdot.org)

Browser Extension Defeats Internet Eavesdropping

Posted by ScuttleMonkey on from the until-they-build-a-better-idiot dept.

Pickens writes to tell us that researchers at Carnegie Mellon University have created a simple system to help prevent man-in-the-middle attacks. Using a preset list of friendly sites called 'notaries,' the new 'Perspectives' system helps users to authenticate sites that require secure communications. Additionally this should help with the recently debated solution implemented by Firefox that has so many users frustrated and confused. "By independently querying the desired target site, the notaries can check whether each is receiving the same authentication information (a digital certificate), in response. If one or more notaries report authentication information that is different than that received by the browser or other notaries, a computer user would have reason to suspect that an attacker has compromised the connection."

17 of 194 comments (clear)

  1. Excellent!! by shaitand · · Score: 2, Insightful

    Now certs can finally be about the way they are actually used. Encryption. This should put an end to the argument that verifying encryption without verifying the identity of the third party allows man-in-middle attacks.

    1. Re:Excellent!! by kestasjk · · Score: 4, Insightful

      Problem is it doesn't work if the Man-in-the-middle is between both the "notary" trusted authority and the end-user client. (i.e. the MITM attack is done on the server-end)

      It does make the attacks less realistic to perform, to be sure, but it still doesn't provide the same assurances which signed certificates claim to. In a sense it's the same system, except the only check performed is that the "notary" (i.e. certificate authority) only does a fairly simple check.

      So; it'd be good, it'd improve things, but it wouldn't end the debate, and you can bet VeriSign would oppose it in any way they can.

      --
      // MD_Update(&m,buf,j);
    2. Re:Excellent!! by Anonymous Coward · · Score: 1, Insightful

      A private key cert, without any trust, defeats a very common attack: The eavesdropping man in the middle. If they are unable to alert the data stream, but can listen in, a public-private key session is all that's needed. It defeats such notable attacks as the NSA Wiretapping.

      Certs, theoretically, were about trust, but quite frankly? Trust no one. Nobody wants actual verification and safeguards: They're too expensive, and not worth it. People want a warm fuzzy feeling.

    3. Re:Excellent!! by Anonymous Coward · · Score: 1, Insightful

      I think the best part of this idea is not the technical part, but that of referring to the authentication server as a "Notary". This is a term that is much more familiar to novices.

      Sometimes simply using a more well-known term for a process is enough to help people understand, and subsequently use with the proper understanding and suspicion.

    4. Re:Excellent!! by Anonymous Coward · · Score: 2, Insightful

      You are still completely missing the point here. You cannot (securely) use asymmetric encryption without knowing that the public key provided to you ACTUALLY BELONGS TO THE PERSON WHO YOU ARE TRYING TO COMMUNICATE WITH. This is the point of certificate authorities. They're a trusted third party who verifies someone's identity, thus allowing secure communication. So no, certificates are not USED to provide encryption. It's USED to verify identity. Yes, it is vital to the encryption process, but you are not correct in your assumption and the AC is correct in questioning your intelligence.

    5. Re:Excellent!! by shaitand · · Score: 2, Insightful

      'You are still completely missing the point here.'

      You are still completely missing the point here. It doesn't matter whether you can securely use the encryption without assurance the public key belongs to the person who you are trying to communicate with. That was a given and understood point from the start, both you and the other AC are obsessed with a point that was never in dispute.

      The point is that the certificate authorities FAIL to provide that assurance and further represent a burden that this technology now alleviates. With this technology that assurance is provided without the need for the biased and profit motivated certificate authorities.

      Since the certificate authorities FAILED to provide that assurance, implementing the process only served to provide a less than secure encryption process that did at least prevent sniffing without a man in the middle attack. That much could be provided without the authorities at all.

      With this new extension the level of security and assurance envisioned for browser security (and pretended by those who chose to ignore the problems with the certificate agencies) can finally be achieved.

      Problem solved, both sniffing and man-in-middle attacks thwarted. I won't go around questioning the intelligence of an individual who I believe to be ignorant. I will say that you have displayed a density that is rather impressive. I won't say as much for the other AC (who might actually be you) since he hasn't claimed credit for yet another post beating a dead horse that was adequately explained IN MY ORIGINAL POST.

    6. Re:Excellent!! by DragonWriter · · Score: 3, Insightful

      The MITM attack would have to be in-place from the moment the self-signed cert is first used, because the "notaries" keep logs and would notice a change.

      No, it would need to be in place before the moment that the self-signed cert is first reported to the notaries, if the functionality of reporting such mismatches were enabled, which it apparently is not by default at least now.

      But what do they do even if it has changed over time? After all, if the idea is to render authority-signed certs unnecessary, wouldn't you expect servers to abandon them as they expire, replacing them with self-signed certs? Is that going to be flagged as risky?

    7. Re:Excellent!! by sofla · · Score: 3, Insightful

      They're too expensive, and not worth it. People want a warm fuzzy feeling.

      And impossible. You forgot to mention impossible. Identity is not provable. All that is provable, is possession of a token (or, multiple tokens, such as access to email address, telephone, an apparently valid photo id...) that supposedly establishes identity. But most (all?) of these tokens can be faked. That's where trust comes in - sooner or later you have to blindly assume that an identity is genuine (if not for the token itself, then for the issuer of the token, or the issuer of the issuer...). So hang on to that warm fuzzy feeling. Its the best that we can hope for.

    8. Re:Excellent!! by JesseMcDonald · · Score: 2, Insightful

      I'm not trying to say that a CA-signed certificate is an absolute guarantee of identity. If you can actually trust the certification authority, and everyone follows all the rules and keeps their private keys secure, and the private keys aren't broken by brute force or cryptoanalysis, then the authentication will be valid. These conditions are implied in any security arrangement, and pointing out that they may not hold in any given implementation adds nothing useful to the discussion. Everyone is already quite well aware of that fact.

      You aren't going to find absolute security anywhere. There is always the possibility that someone, somewhere, may fail to uphold their part of the protocol. TLS/SSL is still a significant improvement over systems without certificates or CAs, which would be insecure even if perfectly implemented.

      P.S. A certificate signed by the actual CA is not a forgery. If such a certificate is false it merely means that particular CA cannot be absolutely trusted.

      --
      "The state is that great fiction by which everyone tries to live at the expense of everyone else." - Bastiat
    9. Re:Excellent!! by QuoteMstr · · Score: 2, Insightful

      As others have mentioned, this "technology" (how I loathe that word) is still vulnerable to MitM attacks. It doesn't matter what you ask Alice and Bob when Eve controls all the responses. As for "biased and for-profit": there's no evidence they're biased. If you don't like one CA, see another. And as for being for-profit: unfortunately, money changing hands is by far the best authenticators available today.

  2. Yea, that, or SITES CAN UPDATE THEIR CERTS! by HaeMaker · · Score: 1, Insightful

    Stupid solution for a stupid problem.

    1. Re:Yea, that, or SITES CAN UPDATE THEIR CERTS! by Anonymous Coward · · Score: 1, Insightful

      Except the hundreds of millions of sites that can't even use authority-signed certs, if they're embedded in a package or piece of hardware, like a firewall. Stupid response.

  3. Too much centralized trust by Animats · · Score: 4, Insightful

    If you have a central trusted key server, there's no problem, and you don't need this. The whole point of public-key encryption is to eliminate the need for a central key server. How vulnerable is this new thing in a world with a large number of phony "notary" sites?

    People used to talk about voting-based "web of trust" approaches, but that stopped working when the bad guys got zombie farms.

  4. Re:Now all ... by Atriqus · · Score: 2, Insightful

    Well, as far as I can tell, the current system assumes verisign won't be compromised either.

    --
    Hey, look! It's Bono's brother.
  5. That's what certificates are for. by rew · · Score: 2, Insightful

    Certificates from trusted parties should be used to certify that the certificate signed to belong to www.yourbank.com actually does belong to yourbank.

    When certificate authorities break down, and issue www.yourbank.com certificates to somecrook, things break down.

    The master certificate of the certificate authority that issues such bad nonsense should be revoked ASAP, and things can go on as designed.

  6. Re:Does not work if comprimised on site side by spotter · · Score: 2, Insightful

    this is probably a stupid question.

    Making a (possibly incorrect) assumption
    ---
    In general, a MITM attack is either going to attack a user or a site. Namely, I'm going to interpose between the site and all users, or between a user and all sites.
    ---
    In the former, if the attacker gets there early enough, how does the notary help? Especially as most sites where this would be in play are only single homed.

    In the latter, doesn't this just add an additional burden to MITM attacking the notaries (i.e. intercept the request to the notaries and return a hunky dory a-o-k message). Don't attack the notaries, just prevent the message from ever reaching them. This can be solved with ssl, but then you've just moved the need for ssl to a different location.

    I could be totally misunderstanding, haven't read the paper (trying to write my thesis to get out of school :), slashdot was a temporary distraction).

  7. Defeats Internet Eavesdropping? by Valdrax · · Score: 2, Insightful

    So, the way to defeat internet eavesdropping is to have a centralized service that double-checks all the websites you go to?

    Does anyone else think this is mutually incompatible with any concept of anonymity online? In other words, this reduces the risk of one form of eavesdropping by having you accept an entirely different form of eavesdropping.

    --
    If it's for-profit but free, you're not the customer -- you're the product (e.g., the Slashdot Beta's "audience").