Perspectives

Thwarting Internet Eavesdropping

Increased use of wireless connections to the Internet has increased the risk of man-in-the-middle (MitM) attacks.

But what is an MitM attack? Basically, the attacker tricks a user into believing that they've established a secure link with a website, such as a bank. In actuality, the user is communicating with the attacker's computer, which can eavesdrop as it relays communications between the user and the actual site.

Researchers at Carnegie Mellon have devised a low-cost system that can thwart these kinds of attacks. Called "Perspectives," the system was devised by David Andersen, assistant professor of computer science; Adrian Perrig, associate professor of electrical and computer engineering and public policy and Dan Wendlandt, a doctoral student in computer science.

They have incorporated Perspectives into an extension for the popular Mozilla Firefox v3 browser that can be downloaded free at www.cs.cmu.edu/~perspectives/firefox.html.

"It's very, very, very easy for someone to convince you to go through their computer when making connections through public Wi-Fi," Andersen said.
A user who thinks he is linked to an airport or coffee shop "hot spot," for instance, might actually be linked to a laptop of someone just a few seats away.

"A lot of people wouldn't even know they've been attacked," he added. Perspectives employs a set of friendly sites, or "notaries," that can aid in authenticating websites for financial services, online retailers and other transactions requiring secure communications.

By independently querying the desired target site, the notaries can check whether each is receiving the same authentication information, called a digital certificate, in response. If one or more notaries report authentication information that is different than that received by the browser or other notaries, a user would have reason to suspect that an attacker has compromised the connection.

Certificate authorities, such as VeriSign, Comodo and GoDaddy, already help authenticate websites and reduce the risk of MitM attacks. The Perspectives system provides an extra measure of security in those cases but will be especially useful for the growing number of sites that do not use certificate authorities and instead use less expensive "self-signed" certificates.

"When Firefox users click on a website that uses a self-signed certificate, they get a security error message that leaves many people bewildered," Andersen said. Once Perspectives has been installed in the browser, however, it can automatically override the security error page without disturbing the user if the site appears legitimate.

The system also can detect if one of the certificate authorities may have been tricked into authenticating a bogus website and warn the Firefox user that the site is suspicious.

"Perspectives provides an additional level of safety to browse the Internet," Perrig said. "To the security conscious user, that is a significant comfort."

Andersen, Perrig and Wendlandt have launched their own publicly available network of notary sites. They anticipate that ISPs, universities and large companies will eventually sponsor additional notary sites, in the same way that they voluntarily provide time servers and network diagnosis sites.

More information is available at www.cs.cmu.edu/~perspectives/. This work was supported in part by Carnegie Mellon's CyLab under grants from the Army Research Office and the National Science Foundation as well as by the Department of Homeland Security.

Homepage Story Archives