Aug 29

With public key infrastructure in use today, the defense we have against man in the middle attacks with SSL sessions is limited to certificates issued from trusted certificate authorities only. If a session is initiated with a server that isn’t using a trusted CA signed digital certificate and the authenticity of the server is not verified, then there is no guarantee that your transactions with that server are secure.

With a man in the middle attack, an attacker can route all traffic between the
server and client through their own system and capture all the data sent. If the connection is encrypted, the attacker must decrypt all data before being able to access it. But, if authentication was compromised before hand or the certificate was not verified for authenticity, then the attacker could gain access to all encrypted data easily.

At Carnegie Mellon University, researchers have developed a possible way to ensure that transactions over the internet with unverified servers are secure. The method is called “Perspectives.” It uses a system of notaries that maintains a history of public keys used with the server. The client can use a web interface to verify that the key received is the same key that the server received. In order for the man in the middle attacker to successfully issue the attack, they would need to successfully initiate a man in the middle attack on both the client and the notary. This makes it very difficult to successfully launch the attack.

This method however, is not a replacement for the current PKI system. Perspectives assumes that the man in the middle (MITM) is close in proximity to either client; the client user and the notary. For example, the MITM might be in the same subnet as the client. But, if the MITM is close enough to the server so that both the client and the notary must pass through the MITM to access the server, then the attack may be successful without the Perspectives system being able to detect it.

The Perspectives system also needs to maintain a history of public keys used in order for the system to work. So while the chances are slim, but if a MITM server were to go up at the same time as the notary server, then validity of the notary server is compromised from the start.

For the time being SSL CA’s and PKI is here to stay and is the most efficient and effective way to secure trusted transactions between client and servers. But Perspectives has an intuitive way to verify untrusted certificates and it will be interesting to see if this method takes off in the future.

Posted in Encryption, Internet |

Leave a Comment

Please note: Comment moderation is enabled and may delay your comment. There is no need to resubmit your comment.