Perspectives: Improving SSH-Style Host Authentication with Multi-Path ProbingAnalysis and CommentsGregory T. Hoffer

CS7123 – Research Seminar (Dr. Qi Tian)

Overview

Project Description Problem Objective Design

Security Analysis Future Work

Project Description

Problem SSL requires shared secret to be exchanged Diffie-Hellman key exchange subject to

MITM attack.

Project Description

SSL Certificate Acceptance (Tofu)

Project Description

Certificate Authority (CA) List embedded in client Certificate Revocation checks

Project Description

Problem Summary Rely upon the user’s discretion to

determine if unauthenticated key is valid Key authentication is based upon “known

good” list of trusted certs (“centralized trust brokers”), which have been shown to be insecure(http://nakedsecurity.sophos.com/2011/03/24/fraudulent-certificates-issued-by-comodo-is-it-time-to-rethink-who-we-trust/

) Certificate Revocation not always in use,

and itself susceptible to attack or becoming stale.

Project Description

Objective Create modular notary network Tolerate internal failures Tolerate compromises

Project Description

Design Network of notaries Each notary monitors and records keys

requested/sent, cryptographically signed. Multiple “Vantage Points” to provide fault

tolerance, rigor against compromise of single (or few) notaries.

Data redundancy by “shadowed” copies of notary data.

Project Description

Source: “With SSL, who can you really trust?”, 2011, Network World. (http://www.networkworld.com/news/2011/081811-ssl-249874.html?page=2)

Security Analysis

MitM attacks provide client with false public key.

Assume attacks are either Localized to a particular network scope, or Of a limited duration

Data Redundancy helps clients detect malicious notaries

Bootstrapping the observations? How to secure client operation (e.g.

Plugins)? How to manage notary trust?

Future Work

Description

Notary-Aware Services

Additional Protocols

DNSSEC

Performance (Client, Server)

Conclusion

Perspectives represents an interesting class of security in an interesting deployment – network of notaries.

While addressing some key security problems of authenticating servers, it raises other questions of security of the system.

Quis custodiet ipsos custodes?

Questions and Discussion

Any questions or comments?

References

Dan Wendlandt, David G. Andersen, and Adrian Perrig. 2008. Perspectives: improving SSH-style host authentication with multi-path probing. In USENIX 2008 Annual Technical Conference on Annual Technical Conference (ATC'08). USENIX Association, Berkeley, CA, USA, 321-334

J. Sunshine, S. Egelman, H. Almuhimedi, N. Atri, L. Cranor. 2009. Crying wolf: an empirical study of SSL warning effectiveness. In Proceedings of the 18th conference on USENIX security symposium (SSYM'09). USENIX Association, Berkeley, CA, USA, 399-416.