Slashdot Mirror

← Back to Stories (view on slashdot.org)

Browser Extension Defeats Internet Eavesdropping

Posted by ScuttleMonkey on from the until-they-build-a-better-idiot dept.

Pickens writes to tell us that researchers at Carnegie Mellon University have created a simple system to help prevent man-in-the-middle attacks. Using a preset list of friendly sites called 'notaries,' the new 'Perspectives' system helps users to authenticate sites that require secure communications. Additionally this should help with the recently debated solution implemented by Firefox that has so many users frustrated and confused. "By independently querying the desired target site, the notaries can check whether each is receiving the same authentication information (a digital certificate), in response. If one or more notaries report authentication information that is different than that received by the browser or other notaries, a computer user would have reason to suspect that an attacker has compromised the connection."

4 of 194 comments (clear)

  1. Too much centralized trust by Animats · · Score: 4, Insightful

    If you have a central trusted key server, there's no problem, and you don't need this. The whole point of public-key encryption is to eliminate the need for a central key server. How vulnerable is this new thing in a world with a large number of phony "notary" sites?

    People used to talk about voting-based "web of trust" approaches, but that stopped working when the bad guys got zombie farms.

  2. Re:Excellent!! by kestasjk · · Score: 4, Insightful

    Problem is it doesn't work if the Man-in-the-middle is between both the "notary" trusted authority and the end-user client. (i.e. the MITM attack is done on the server-end)

    It does make the attacks less realistic to perform, to be sure, but it still doesn't provide the same assurances which signed certificates claim to. In a sense it's the same system, except the only check performed is that the "notary" (i.e. certificate authority) only does a fairly simple check.

    So; it'd be good, it'd improve things, but it wouldn't end the debate, and you can bet VeriSign would oppose it in any way they can.

    --
    // MD_Update(&m,buf,j);
  3. Re:Excellent!! by DragonWriter · · Score: 3, Insightful

    The MITM attack would have to be in-place from the moment the self-signed cert is first used, because the "notaries" keep logs and would notice a change.

    No, it would need to be in place before the moment that the self-signed cert is first reported to the notaries, if the functionality of reporting such mismatches were enabled, which it apparently is not by default at least now.

    But what do they do even if it has changed over time? After all, if the idea is to render authority-signed certs unnecessary, wouldn't you expect servers to abandon them as they expire, replacing them with self-signed certs? Is that going to be flagged as risky?

  4. Re:Excellent!! by sofla · · Score: 3, Insightful

    They're too expensive, and not worth it. People want a warm fuzzy feeling.

    And impossible. You forgot to mention impossible. Identity is not provable. All that is provable, is possession of a token (or, multiple tokens, such as access to email address, telephone, an apparently valid photo id...) that supposedly establishes identity. But most (all?) of these tokens can be faked. That's where trust comes in - sooner or later you have to blindly assume that an identity is genuine (if not for the token itself, then for the issuer of the token, or the issuer of the issuer...). So hang on to that warm fuzzy feeling. Its the best that we can hope for.