gregory t. hoffer cs7123 – research seminar (dr. qi tian )
Post on 23-Feb-2016
37 Views
Preview:
DESCRIPTION
TRANSCRIPT
Perspectives: Improving SSH-Style Host Authentication with Multi-Path ProbingAnalysis and CommentsGregory T. HofferCS7123 – Research Seminar (Dr. Qi Tian)
Overview Project Description
Problem Objective Design
Security Analysis Future Work
Project Description Problem
SSL requires shared secret to be exchanged Diffie-Hellman key exchange subject to
MITM attack.
Project Description SSL Certificate Acceptance (Tofu)
Project Description Certificate Authority (CA)
List embedded in client Certificate Revocation checks
Project Description Problem Summary
Rely upon the user’s discretion to determine if unauthenticated key is valid
Key authentication is based upon “known good” list of trusted certs (“centralized trust brokers”), which have been shown to be insecure(http://nakedsecurity.sophos.com/2011/03/24/fraudulent-certificates-issued-by-comodo-is-it-time-to-rethink-who-we-trust/)
Certificate Revocation not always in use, and itself susceptible to attack or becoming stale.
Project Description Objective
Create modular notary network Tolerate internal failures Tolerate compromises
Project Description Design
Network of notaries Each notary monitors and records keys
requested/sent, cryptographically signed. Multiple “Vantage Points” to provide fault
tolerance, rigor against compromise of single (or few) notaries.
Data redundancy by “shadowed” copies of notary data.
Project Description
Source: “With SSL, who can you really trust?”, 2011, Network World. (http://www.networkworld.com/news/2011/081811-ssl-249874.html?page=2)
Security Analysis MitM attacks provide client with false public
key. Assume attacks are either
Localized to a particular network scope, or Of a limited duration
Data Redundancy helps clients detect malicious notaries
Bootstrapping the observations? How to secure client operation (e.g.
Plugins)? How to manage notary trust?
Future WorkDescription
Notary-Aware ServicesAdditional Protocols
DNSSECPerformance (Client, Server)
Conclusion Perspectives represents an interesting
class of security in an interesting deployment – network of notaries.
While addressing some key security problems of authenticating servers, it raises other questions of security of the system.
Quis custodiet ipsos custodes?
Questions and Discussion Any questions or comments?
References Dan Wendlandt, David G. Andersen, and Adrian
Perrig. 2008. Perspectives: improving SSH-style host authentication with multi-path probing. In USENIX 2008 Annual Technical Conference on Annual Technical Conference (ATC'08). USENIX Association, Berkeley, CA, USA, 321-334
J. Sunshine, S. Egelman, H. Almuhimedi, N. Atri, L. Cranor. 2009. Crying wolf: an empirical study of SSL warning effectiveness. In Proceedings of the 18th conference on USENIX security symposium (SSYM'09). USENIX Association, Berkeley, CA, USA, 399-416.
top related