1 / 14

Gregory T. Hoffer CS7123 – Research Seminar (Dr. Qi Tian )

Perspectives: Improving SSH-Style Host Authentication with Multi-Path Probing Analysis and Comments. Gregory T. Hoffer CS7123 – Research Seminar (Dr. Qi Tian ). Overview. Project Description Problem Objective Design Security Analysis Future Work. Project Description. Problem

cana
Download Presentation

Gregory T. Hoffer CS7123 – Research Seminar (Dr. Qi Tian )

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Perspectives: Improving SSH-Style Host Authentication with Multi-Path ProbingAnalysis and Comments Gregory T. Hoffer CS7123 – Research Seminar (Dr. QiTian)

  2. Overview • Project Description • Problem • Objective • Design • Security Analysis • Future Work

  3. Project Description • Problem • SSL requires shared secret to be exchanged • Diffie-Hellman key exchange subject to MITM attack.

  4. Project Description • SSL Certificate Acceptance (Tofu)

  5. Project Description • Certificate Authority (CA) • List embedded in client • Certificate Revocation checks

  6. Project Description • Problem Summary • Rely upon the user’s discretion to determine if unauthenticated key is valid • Key authentication is based upon “known good” list of trusted certs (“centralized trust brokers”), which have been shown to be insecure(http://nakedsecurity.sophos.com/2011/03/24/fraudulent-certificates-issued-by-comodo-is-it-time-to-rethink-who-we-trust/) • Certificate Revocation not always in use, and itself susceptible to attack or becoming stale.

  7. Project Description • Objective • Create modular notary network • Tolerate internal failures • Tolerate compromises

  8. Project Description • Design • Network of notaries • Each notary monitors and records keys requested/sent, cryptographically signed. • Multiple “Vantage Points” to provide fault tolerance, rigor against compromise of single (or few) notaries. • Data redundancy by “shadowed” copies of notary data.

  9. Project Description Source: “With SSL, who can you really trust?”, 2011, Network World. (http://www.networkworld.com/news/2011/081811-ssl-249874.html?page=2)

  10. Security Analysis • MitM attacks provide client with false public key. • Assume attacks are either • Localized to a particular network scope, or • Of a limited duration • Data Redundancy helps clients detect malicious notaries • Bootstrapping the observations? • How to secure client operation (e.g. Plugins)? • How to manage notary trust?

  11. Future Work

  12. Conclusion • Perspectives represents an interesting class of security in an interesting deployment – network of notaries. • While addressing some key security problems of authenticating servers, it raises other questions of security of the system. Quiscustodietipsoscustodes?

  13. Questions and Discussion • Any questions or comments?

  14. References • Dan Wendlandt, David G. Andersen, and Adrian Perrig. 2008. Perspectives: improving SSH-style host authentication with multi-path probing. In USENIX 2008 Annual Technical Conference on Annual Technical Conference (ATC'08). USENIX Association, Berkeley, CA, USA, 321-334 • J. Sunshine, S. Egelman, H. Almuhimedi, N. Atri, L. Cranor. 2009. Crying wolf: an empirical study of SSL warning effectiveness. In Proceedings of the 18th conference on USENIX security symposium (SSYM'09). USENIX Association, Berkeley, CA, USA, 399-416.

More Related