Prev: Dependency in the output of a hash
Next: Question on encryption modes
From: William Ahern on 27 Mar 2010 15:54
Mok-Kong Shen <mok-kong.shen(a)t-online.de> wrote:
> http://www.wired.com/threatlevel/2010/03/packet-forensics/

It's a shame that this is considered news. If telecom providers have few
qualms about letting the US government tap into their networks--I've been
told the Qwest CEO was just bluffing for more money--why should it come as a
surprise that certificate authorities are equally prone to acquiescence?
Like most other large, mature industries the private and public sectors
bleed into each other, with managers and executives moving back-and-forth
from private to government office all the time. At some point resistance to
government demands gave way, assuming there ever was such resistance.

This market for SSL COTS man-in-the-middle devices has been around for
awhile. I had briefly been on the periphery of these product discussions
more than 5 years ago. I wasn't surprised then, either, and never really
gave it much thought. I've always took it for granted that SSL gave only
limited protection, hindering only those without sufficiently deep pockets
and/or political authority.

What should be worrisome is that as this sort of activity becomes more
common it will become increasingly automated; that is, generation of
"forged" certificates. Much like POTS, it's just a matter of time before
these mechanisms are leverged by the so-called bad guys. The folks who
program these systems aren't particularly more adept at writing bug-free
software than others.

Hierarchical chains of trust were always a very limited idea. What's needed
are distributed certificate authorities and distributed trust metrics. But I
don't think the state-of-the-art is quite there, yet.

From: Maaartin on 27 Mar 2010 18:20
On Mar 27, 8:54 pm, William Ahern <will...(a)wilbur.25thandClement.com>
wrote:
> Hierarchical chains of trust were always a very limited idea. What's needed
> are distributed certificate authorities and distributed trust metrics. But I
> don't think the state-of-the-art is quite there, yet.

I wonder if there're no protection against the certified-man-in-the-
middle attack at all. Obviously, anybody controlling your internet
access and owning the compelled certificate can pretend to be the
proper certificate owner. But the adversary has two choices:
1. connect to the proper certificate owner and forward (and possible
modify) the whole communication in both directions
2. simulate the behaviour of the proper certificate owner without
connecting to them

The second possibility is more demanding, e.g., in case of internet
banking the adversary had to create a web site looking exactly as
expected and showing all the past bank transactions, etc. This is
quite a lot of work which can't be easily automated (assuming the bank
does not co-operate, since than there'd no reason for the whole
attack). But if they manage to get it right, there's nothing what
could be done against the attack (as long as I trust the certificate),
right?

The first possibility can be easily automated, but I think there can
be some countermeasures, can't they?
First  |  Prev  | 
Pages: 1 2
Prev: Dependency in the output of a hash
Next: Question on encryption modes