Advanced Search

Browse by Discipline

Scientific Societies

E-print Alerts

Add E-prints

E-print Network

  Advanced Search  

Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing

Summary: Perspectives: Improving SSH-style Host Authentication with
Multi-Path Probing
Dan Wendlandt David G. Andersen Adrian Perrig
Carnegie Mellon University
The popularity of "Trust-on-first-use" (Tofu) authentica-
tion, used by SSH and HTTPS with self-signed certificates,
demonstrates significant demand for host authentication
that is low-cost and simple to deploy. While Tofu-based
applications are a clear improvement over completely inse-
cure protocols, they can leave users vulnerable to even
simple network attacks. Our system, PERSPECTIVES,
thwarts many of these attacks by using a collection of "no-
tary" hosts that observes a server's public key via multiple
network vantage points (detecting localized attacks) and
keeps a record of the server's key over time (recognizing
short-lived attacks). Clients can download these records
on-demand and compare them against an unauthenticated
key, detecting many common attacks. PERSPECTIVES ex-
plores a promising part of the host authentication design


Source: Andersen, Dave - School of Computer Science, Carnegie Mellon University


Collections: Computer Technologies and Information Sciences