Self-signed certificates for SSL and self-generated hosts keys for SSH are popular zero-cost, simple alternatives to public key infrastructure (PKI). They provide security against man-in-the-middle attacks, as long as the the client connecting to those services knows the certificates or host keys a priori. A simple solution used in practice is to trust the certificate or the host key when the client connects to a server for the first time. This approach is susceptible to man-in-the-middle attacks, a fact exploited by adversaries in a variety of attacks against unsuspecting users. We develop a simple and scalable solution named DoubleCheck to protect against such attacks. Our solution is achieved by retrieving the certificate from a remote host using multiple alternate paths. Our scheme does not require any new infrastructure; we make use of the Tor anonymity system to reach the destination using multiple independent paths. Hence our solution is easy to deploy in practice. Our solution does not introduce any privacy concerns. We have implemented DoubleCheck as SSH and Firefox extensions, demonstrating its practicality. Our experimental evaluation shows that the impact of DoubleCheck on performance is minimal, since the Tor network is used only for retrieving the certificate for the first time, while the data transfer and subsequent connection establishment follow normal routing rules. Our scheme is an effective way of mitigating the impact of man-in-the-middle attacks without requiring new infrastructure and at low overhead.
[1]
Vivek S. Pai,et al.
ConfiDNS: Leveraging Scale and History to Improve DNS Security
,
2006,
WORLDS.
[2]
Robert Biddle,et al.
Exploring User Reactions to New Browser Cues for Extended Validation Certificates
,
2008,
ESORICS.
[3]
Jon Callas,et al.
OpenPGP Message Format
,
1998,
RFC.
[4]
Stuart E. Schechter,et al.
The Emperor's New Security Indicators An evaluation of website authentication and the effect of role playing on usability studies †
,
2007
.
[5]
Warwick Ford,et al.
Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework
,
1999,
RFC.
[6]
Jeffrey I. Schiller,et al.
An Authentication Service for Open Network Systems. In
,
1998
.
[7]
Adrian Perrig,et al.
Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing
,
2008,
USENIX Annual Technical Conference.
[8]
Srdjan Capkun,et al.
Self-Organized Public-Key Management for Mobile Ad Hoc Networks
,
2003,
IEEE Trans. Mob. Comput..
[9]
Warwick Ford,et al.
Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework
,
2003,
RFC.
[10]
Wesley Griffin,et al.
Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints
,
2006,
RFC.