SciTech

CMU develops system to thwart Internet attacks

Carnegie Mellon has adhered to its legacy of being one of the top universities for computer science research by producing “Perspectives,” software designed to prevent outsiders from illegally tapping into Internet communications.

Perspectives has been developed by David Andersen, an assistant professor of computer science; Adrian Perrig, an associate professor of electrical and computer engineering and public policy; and Dan Wendlandt, a Ph.D. student in computer science.

According to a press release from the School of Computer Science, Perspectives is a simple and cheap system to help clients securely identify Internet servers to avoid “man-in-the-middle (MitM)” attacks.
Perspectives is available for free download as an extension to the Mozilla Firefox v3 browser.

Perspectives only helps Secure Sockets Layer (SSL) secured websites. SSL provides secure Internet communications for data transfers like web browsing and e-mail. The immense usefulness of Perspectives has already come to the forefront after a fault was recently found in the Domain Name System (DNS).

DNS contains a list of computers or any other resources that are a part of the Internet. The flaw with DNS rendered the Internet vulnerable to attack. Perspectives is able to prevent attacks on the Internet in spite of the DNS flaw.

Perspectives can help protect the computer when one goes to a website with a self-assigned certificate. Certain certificate authorities assign certificates to websites and provide protection against MitM attacks.
However, websites that have self-assigned certificates do not get such protection. Perspectives provides such websites the necessary protection. A certificate includes a Distinguished Name (DN) and a public key. Certificate Authority (CA) acts as a trusted third party whose job is to prove that the user of the website is not assuming a false identity. CA does this by verifying the DN and public key contained in a certificate.
Some CAs, like standard validation search, do more background checks and hence cost thousands of dollars.
Despite the money spent, the security of any browser certificate is the weakest security against an attack. Anderson said, “If an attacker can convince any company to issue him a certificate, then he can launch an attack.”

Perspectives running in the Firefox browser decides whether an attack is happening or not. It asks each of the several publicly available “network notary servers,” located around the world, for their information about the website. If all of the notaries have been receiving inconsistent authentication information, Perspectives gives an error message and also pops up a note saying that it has detected an inconsistency.

If some attackers can control all paths to a particular server for an enough period of time, Perspectives can be fooled. The default policy only says 75 percent of notaries must agree. The high security version of policy says they must observe the same key for at least a day.

“The switch of the key for a service can be sensed by the notaries, and the attacked can be detected,” Wendlandt said.
Andersen said that they do not plan to make commercial products out of this research. However, they will be interested if some companies or organizations can host the Perspective servers, providing bigger memory and better bandwidth.

“The feedback about Perspectives system is mostly positive,” Andersen said. One common complaint is that Perspectives supports Intel products and Windows, but does not work for some 64-bit AMD products.
“We are moving out of the complied code and into the Java combination, to eventually design the most common platforms that have everybody supported,” Anderson said.
The immediate next step for this product is to let more and more people use it.