Firefox extension offers new “Perspectives” on connection security

by Steve Ragan - Aug 27 2008, 19:22

In an effort to curb MITM (Man-in-the-Middle) attacks, researchers at Carnegie Mellon University’s School of Computer Science and College of Engineering have devised a tool that will alert users to shady things taking place on their current Net connection.

According to researchers David Andersen, Adrian Perrig, and Dan Wendlandt, the growth of shared Wi-Fi and other wireless computer networks has increased the risk of eavesdropping on Internet communications.

And, add to that the recent DNS vulnerabilities, or the argument over how Firefox 3 deals with self-signed or mismatched SSL certificates, and you can have a rough time online. To deal with these issues, the team has created a tool called Perspectives.

Perspectives employs a set of friendly sites, or “notaries,” that can aid in authenticating Web sites for financial services, online retailers and other transactions requiring secure communications.

By independently querying the desired target site, the notaries can check whether each is receiving the same authentication information, called a digital certificate, in response. If one or more notaries report authentication information that is different than that received by the browser or other notaries, a computer user would have reason to suspect that an attacker has compromised the connection.

Most Internet communications, such as HTTP sites, are unsecured, but those involving encryption over an SSL and those using secure shell (SSH) protocol, require that sites authenticate themselves with a digital certificate containing a so-called public key, which is used for encryption. The exchange of this security information typically occurs without the computer user being aware of it. But when something isn’t quite right, a dialogue box such as “Unable to verify the identity of XYZ.com as a trusted site” is displayed by the Web browser.

“Most users don’t have a clue about what to do in those cases,” Wendlandt said. “A lot of them just shrug and go ahead with the connection, potentially opening themselves up to attack.”

Another thing that Perspectives will mitigate is how Firefox will deal with “self-signed” certificates, something that has become a bit of a debate online (actually, some of the arguments over this have become ugly).

“When Firefox users click on a Web site that uses a self-signed certificate, they get a security error message that leaves many people bewildered,” Andersen said.

Perspectives will override this warning if the notaries confirm the information is legit. Perspectives can also detect if one of the certificate authorities may have been tricked into authenticating a bogus Web site and warn the Firefox user that the site is suspicious.

Again, one of the main focal points for Perspectives is to prevent MITM attacks. These attacks occur when an attacker tricks a computer user into believing that they have established a secure link with a target site, such as a bank. In reality, the computer user is communicating with the attacker’s computer, which can eavesdrop as it relays communications between the user and the target site.

“It’s very, very, very easy for someone to convince you to go through their computer” when making connections through public Wi-Fi, Andersen said. “A lot of people wouldn’t even know they’ve been attacked,” he added.

The final layer of protection takes aim at the vulnerability in DNS, disclosed earlier this year by Dan Kaminsky. In short, an attacker can hijack DNS and route communications, commonly Web communications, to any destination of their choosing.

“With Perspectives, even if a client’s ISP has fallen victim to the attack, the client will be able to detect that the public key received from the fake site is inconsistent with the results returned from the notaries,” Wendlandt said.

The Perpectives tool is available online by clicking here.

Around the Web