The ubiquity of secure online transactions often makes us take them for granted. Most people will happily type their credit card and other personal information into a web form and hit Submit, as long as they see that little padlock in the status bar. Sometimes they don’t even check for that.
Have you ever had your browser cough up a security warning dialog about the certificate on the page you’re viewing? Either the certificate has expired or it’s self-signed — which means that no independent certificate authority can verify that the page you’re visiting is really who they say they are. How many times have you just accepted it anyway? It could mean that someone malicious is trying to initiate a man-in-the-middle attack, in which they intercept your conversation while they forward it to the real site so everything looks normal. You think you’re talking directly to your bank, but a black hat just copied your username and password.
How do they do it? If they can gain control of your network access (for instance, an unsecured wireless connection) or poison a DNS cache, then they can redirect your HTTP requests to their own server first. Of course, in order for them to read what you type over a secure connection, they have to give you their public key for encrypting the message. After they decode it, they’ll re-encrypt the message using the public key from the site you think you’re accessing.
To prevent that, public keys are issued by certificate authorities in digital certificates that verify the identity of the key’s owner, so your browser can check it. Now of course that doesn’t mean that I can’t pay a certificate authority to say that I’m someone I’m not, but if the key on your bank’s site is different today than it was yesterday then you might be under a MitM attack. With self-signed certificates, no CA is involved at all, so you never know for sure when someone else is peeking at your packets.
That’s the principle behind a new Firefox 3.0 extension called Perspectives, developed by some smart people at Carnegie Mellon University. This extension verifies that the public key for a site matches the key obtained for that same site by “notaries” — external servers that monitor key values. If the key you obtained doesn’t match the known value for that site, then you get a stern warning that you might be under attack.
You can tune the sensitivity of the extension quite a bit, as seen in this dialog:
With the default settings (shown here), the extension only checks when you’d normally get a warning from the browser. If the notaries check the key out OK, then the browser warning is suppressed. Chad Perrin (who writes for TechRepublic on IT Security) commented to me that the social engineering aspect of this feature could be beneficial, as fewer false warnings may lead the user to pay more attention to warnings when they do occur.
To test this out, I went into “Certificates” and deleted my trusted certificates for a couple of sites I know that use self-signed certs — then I navigated to each one. After a slight pause, the “Perspectives” in the status bar displayed a green check-mark icon, and the following ribbon appeared at the top of the window:
If you’re really paranoid, you can crank the settings way up. For instance, you could change the Quorum to 100% (all notaries have to have the same key), and set the Duration to a non-zero value (the notaries had to have seen the same key for more than a day). You can also tell Perspectives to contact the notaries for all HTTPS sites, even if the certificate checks out with the CA. I ran it that way for a while to see how it would work. I would guesstimate that it adds 1 to 2 seconds to each secure page load. Noticeable, but not onerous.
Whenever you’re on a secure page, you can click the “Perspectives” in the status bar to see what Perspectives thinks of the current page. Here’s what it looks like for GMail (with validate all HTTPS turned on):
If I had to guess, I’d say that the notaries have been in operation for 60.75 days.
As the authors note, this is no silver bullet. A “powerful adversary” might be able to spoof the notaries as well as the site under attack. And there’s nothing here to stop a malicious site from pretending to be something it isn’t. But it should cut down on some MitM attacks by helping users to validate self-signed certificates.