This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: Perspectives : Improving SSH-style Host Authentication with Multi-Path Probing Dan Wendlandt David G. Andersen Adrian Perrig Carnegie Mellon University Abstract The popularity of “Trust-on-first-use” (Tofu) authentica- tion, used by SSH and HTTPS with self-signed certificates, demonstrates significant demand for host authentication that is low-cost and simple to deploy. While Tofu-based applications are a clear improvement over completely inse- cure protocols, they can leave users vulnerable to even simple network attacks. Our system, PERSPECTIVES, thwarts many of these attacks by using a collection of “no- tary” hosts that observes a server’s public key via multiple network vantage points (detecting localized attacks) and keeps a record of the server’s key over time (recognizing short-lived attacks). Clients can download these records on-demand and compare them against an unauthenticated key, detecting many common attacks. PERSPECTIVES ex- plores a promising part of the host authentication design space: Trust-on-first-use applications gain significant at- tack robustness without sacrificing their ease-of-use. We also analyze the security provided by PERSPECTIVES and describe our experience building and deploying a publicly available implementation. 1 Introduction Despite decades of research into techniques for establish- ing secure communication channels for networked applica- tions, many of today’s popular protocols remain vulnerable to Man-in-the-Middle (MitM) attacks. Some applications provide no security whatsoever (e.g., HTTP), and others rely on self-signed keys or Diffie-Hellman-like key ex- change that can protect against eavesdroppers, but not against active adversaries who can interpose on communi- cation between the two parties. While MitM attacks are not new, widespread use of shared wireless networks coupled with recent discoveries of automated MitM attacks in the wild indicate that the threat is increasingly relevant. For example, the Arpiframe worm uses ARP poisoning to interpose on the HTTP traffic of other hosts on the same LAN [ 26 ], while worms exploit- ing simple vulnerabilities in home routers exposed end- hosts to “drive-by pharming” attacks that use DNS to redi- rect clients fake versions of security-sensitive websites [ 9 ]. Furthermore, a study by Reis et al. used client-side mea- surements to confirm that real-time snooping and modifi- cation of web traffic is a reality in today’s networks . In this paper, we examine a novel approach to authen- ticating a server’s public key. Traditional approaches to server key authentication, such as a public-key infrastruc- ture (PKI) [ 7 , 5 ], rely on trusted entities (e.g., Verisign) that grant certificates based on the validation of real-world identities. When done securely, such verification requires significant (often manual) effort. While some network hosts, primarily commercial websites, can afford to pay the high verification cost for these certificates, clients have...
View Full Document
- Spring '08
- Public key infrastructure, Public-key cryptography, Secure Shell, P ERSPECTIVES, notary servers