Update: A new Windows comptible version of our Firefox extension is now available.
Update: We recently presented Perspectives at Usenix ATC 2008. Paper: paper (PDF) and slides (PPT)
Overview:
Perspectives helps users detect attacks in protocols that use the
"Trust-on-first-use" model commonly associated with SSH and HTTPS with
self-signed certificates.
For example, here are some familiar warnings from OpenSSH and Firefox:
The authenticity of host 'host.domain.com (192.168.74.49)' can't be established.
RSA key fingerprint is 07:fd:fb:9b:03:a2:b4:e8:b3:c9:0f:0b:db:43:1c:1a.
Are you sure you want to continue connecting (yes/no)?
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that the DSA host key has just been changed.
The fingerprint for the DSA key sent by the remote host is
4c:68:03:d4:5c:58:a6:1d:bd:17:13:84:14:48:ba:99.
Please contact your system administrator.
Few users bother to manually verify the correctness of the key (hey, we're
lazy by nature!), but Perspectives provides a simple "no effort" way to get
significantly more information about whether a key is correct for that
destination. An client can automatically make a secure connection to
one of several publicly available "network notary servers" located around the world.
These servers tell the client:
What key does the server see for host.domain.com right now?
What keys has the server seen in the past for host.comain.com ?
The replies from the probe servers can go a long way to either providing the
user with confidence that the key it received is valid, or
that a real threat of a "man in the middle" attack exists.
Demo:
We have a network notary implementation running on the
RON/IRIS Testbed .
You can query this set of notaries using the following link:
Note: For now, this page is only secured using a self-signed certificate (no, the
irony is not lost on us).
Papers:
Abstract:
Widespread use of "Trust-on-first-use" (tofu)
host authentication, most commonly associated with protocols like SSH and
SSL with self-signed certificates, demonstrates significant demand for a
host authentication mechanism that is low-cost and easy to deploy. While
tofu applications are a clear improvement compared to completely
insecure protocols, they can leave users vulnerable to even simple network
attacks. Our system, Perspectives, thwarts such attacks using a network overlay
that observes a server’s public key via multiple network vantage
points (detecting localized attacks) and keeps a record of the
server’s key over time (recognizing short-lived attacks). Clients
that receive an unauthenticated key can contact this overlay and check the
key against these records, detecting many common attacks. The
Perspectives
design explores a promising part of the host authentication design space:
tofu applications gain significant attack robustness while retaining
the basic ease-of-use that makes "Trust-on-first-use" so popular. We present a full
network overlay and client design, analyze the security provided by the
system, and describe our experience building and deploying a publicly
available implementation.
Updates / Contact:
If you download our software or are interested in when new versions will become
available, please register for our LOW-VOLUME
perspectives-announce
email list. With the possible exception of critical security issues, we
will not send out more than one email per month.
If you have questions, comments, or are interested in contributing by writing
code or running a notary server, please click on the following link to reveal
our contact email address:
pers...@cs.cmu.edu
Software:
A modified version of SSH that will contact these network notaries and
report the results is available for download for Linux and Mac OS X.
We also have a Firefox extension to contact notaries when you receive
an HTTPS certificate that cannot be validated.
Warning: beta quality software We offer this code for
demonstration and testing purposes. We are still improving the code by fixing
problems and adding new features, so please provide feedback. Importantly, the code itself has not
had a detailed security audit. As a result, USE IT AT YOUR OWN RISK. Do not
rely on these early versions alone for security critical authentication. .
SSH Client Builds (assumes SSL is installed, otherwise build from source)
Install Firefox Extension
(note that by default Firefox blocks installation with a warning at the top of your window)
Please Note: Firefox extension APIs changed significantly between Firefox 2
and Firefox 3. The current code works ONLY with Firefox 3. The Firefox 2 code
is no longer supported.
We are currently working on a Windows version of the extension, and expect
release it in mid-july. Please sign up for our low-volume
Perspectives Announce email list to be notified.
See below for installation instructions. For other versions of Unix,
please build from source (a working gecko SDK is required).
Source
Because our code is changing rapidly, to get the very latest source, please email us.
Source files contain README file that gives instructions on building,
configuring, and running the software.
Software Installation & Use:
SSH Client
You can install the modified 'ssh' binary into any directory, and use
it just like you would normal ssh (note: depending on your browser, you
may need to change the file permissions to make it executable. Try:
'chmod +x ssh'). You will need to copy two cofiguration files to the
'.ssh' directory in your home directory. The client will not work
without these files. The first is notary_list.txt , which contains the
IP addresses and public keys of notary servers. The second is
client_params.txt , which contains client settings like timeouts and quorum
duration.
By default, the SSH client only contacts the probe server if the key is
NOT already in the local cache (i.e., SSH's traditional mechanism for
trusting keys).
If you want to contact probe servers every time, you can use the '-d' flag
followed by the string 'always-probe'. Similarly, the client normally
summarizes information, only prompting the user to see details of each
recorded probe if there is a warning (e.g., conflicting keys were detected).
If you want to probe for every connection AND be able to see all probing
details regardless of whether a conflict is detect, you can use the
'-d' flag followed by the string 'always-prompt'. For example:
'ssh -d always-prompt user@www.domain.com'. It may be useful to set-up
shell alias when testing this software.
Firefox Client
Install the plugin like any firefox extension (if you are not installing it
automatically from the web, open the .xpi file using File -> Open). When installing
the plugin, make sure openssl is in the default $PATH. The plugin installs with a
default notary_list.txt file, but if you need to replace it, the file is in
extensions directory (usually at
"$HOME/.mozilla/firefox/<profile>/extensions/perspectives@cmu/"). You
can find the exact location of the file by accessing:
File -> Add-ons -> and then click on "perspectives"
and select "preferences").
The easiest way to see what the notary client extension is doing is to use the
info box it places in the lower right-hand corner of the browser window. The
icon tells you whether the certificate has been notarized, and you can request
to see the details of each server response. Additionally, the preferences menu
lets you choose your client policy settings.
Note: This plugin uses an SSH-like approach: once a key has been deemed valid,
it is cached locally as "trusted" and your browser will not contact the notary
overlay again as long as it sees this same key for the service. In Firefox,
one can view and edit the "cache" of trusted certificates with the following
steps:
