Commands
Search pubs
Quick search by ...
|
Perspectives: Improving SSH-style Host Authentication with Multi-path Network ProbingDan Wendlandt, Dave Andersen, Adrian Perrig
Citation
Dan Wendlandt, Dave Andersen, Adrian Perrig. " Perspectives: Improving SSH-style Host Authentication with Multi-path Network Probing". USENIX Annual Technical Conference, June, 2008.
Abstract
The popularity of ``Trust on first use''$~$(Tofu) authentication, used by SSH and HTTPS with self-signed certificates, demonstrates significant demand for host authentication that is low-cost and simple to deploy. While Tofu-based applications are a clear improvement over completely insecure protocols, they can leave users vulnerable to even simple network attacks. Our system, Perspectives, thwarts many of these attacks by using a collection of ``notary'' hosts that observes a server's public key via multiple network vantage points (detecting localized attacks) and keeps a record of the server's key over time (recognizing short-lived attacks). Clients can download these records on-demand and compare them against an unauthenticated key, detecting many common attacks. Perspectives explores a promising part of the host authentication design space: Trust on first use applications gain significant attack robustness without sacrificing their ease-of-use. We also analyze the security provided by Perspectives and describe our experience building and deploying a publicly available implementation. Electronic downloads
- HTML
Dan Wendlandt, Dave Andersen, Adrian Perrig. <a
href="http://www.truststc.org/pubs/388.html">
Perspectives: Improving SSH-style Host Authentication with
Multi-path Network Probing</a>, USENIX Annual
Technical Conference, June, 2008.
- Plain text
Dan Wendlandt, Dave Andersen, Adrian Perrig. "
Perspectives: Improving SSH-style Host Authentication with
Multi-path Network Probing". USENIX Annual Technical
Conference, June, 2008.
- BibTeX
@inproceedings{WendlandtAndersenPerrig08_PerspectivesImprovingSSHstyleHostAuthenticationWith,
author = {Dan Wendlandt and Dave Andersen and Adrian Perrig},
title = { Perspectives: Improving SSH-style Host
Authentication with Multi-path Network Probing},
booktitle = {USENIX Annual Technical Conference},
month = {June},
year = {2008},
abstract = {The popularity of ``Trust on first use''$~$(Tofu)
authentication, used by SSH and HTTPS with
self-signed certificates, demonstrates significant
demand for host authentication that is low-cost
and simple to deploy. While Tofu-based
applications are a clear improvement over
completely insecure protocols, they can leave
users vulnerable to even simple network attacks.
Our system, Perspectives, thwarts many of these
attacks by using a collection of ``notary'' hosts
that observes a server's public key via multiple
network vantage points (detecting localized
attacks) and keeps a record of the server's key
over time (recognizing short-lived attacks).
Clients can download these records on-demand and
compare them against an unauthenticated key,
detecting many common attacks. Perspectives
explores a promising part of the host
authentication design space: Trust on first use
applications gain significant attack robustness
without sacrificing their ease-of-use. We also
analyze the security provided by Perspectives and
describe our experience building and deploying a
publicly available implementation.},
URL = {http://www.truststc.org/pubs/388.html}
}
Posted by Adrian Perrig on 2 May 2008.
For additional information, see the
Publications FAQ or
contact webmaster at www truststc org..
Notice:
This material is presented to ensure timely dissemination of scholarly
and technical work. Copyright and all rights therein are retained by
authors or by other copyright holders. All persons copying this
information are expected to adhere to the terms and constraints
invoked by each author's copyright.
|
