Sciweavers

USENIX
2008

Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing

14 years 1 months ago
Perspectives:  Improving SSH-style Host Authentication with Multi-Path Probing
The popularity of "Trust-on-first-use" (Tofu) authentication, used by SSH and HTTPS with self-signed certificates, demonstrates significant demand for host authentication that is low-cost and simple to deploy. While Tofu-based applications are a clear improvement over completely insecure protocols, they can leave users vulnerable to even simple network attacks. Our system, PERSPECTIVES, thwarts many of these attacks by using a collection of "notary" hosts that observes a server's public key via multiple network vantage points (detecting localized attacks) and keeps a record of the server's key over time (recognizing short-lived attacks). Clients can download these records on-demand and compare them against an unauthenticated key, detecting many common attacks. PERSPECTIVES explores a promising part of the host authentication design space: Trust-on-first-use applications gain significant attack robustness without sacrificing their ease-of-use. We also anal...
Dan Wendlandt, David G. Andersen, Adrian Perrig
Added 02 Oct 2010
Updated 02 Oct 2010
Type Conference
Year 2008
Where USENIX
Authors Dan Wendlandt, David G. Andersen, Adrian Perrig
Comments (0)