[cryptography] how many MITM-enabling sub-roots chain up to public-facing CAs ?

Ralph Holz holz at net.in.tum.de
Tue Feb 14 15:56:48 EST 2012


>> As Crossbear's assessment is not something everyday users will
>> understand, we ourselves view Crossbear as the tool that, e.g., a
>> travelling security afficionado/hacker/interested person might want to
>> use, but not your average guy. Our goal is to find out how many Mitm
>> actually happen, and how, and where. That's why Crossbear has this
>> second component, the hunting tasks.
> Interesting -- will this work, in the case of authorized MITM of the
> network the client's on?  The second SSL connection will always fail,
> since the MITM device will MITM it.  Perhaps there should be an option
> to retrieve results separately and later?

Yes, things start to become difficult when the middle-box goes and
actively meddles with the messages the client sends to the server. That
sure is a dedicated attacker now that is also built to defeat Crossbear.
We have the CB server's cert hard-coded in the client, so we can encrypt
to the server and check its signatures, too, and be sure who's talking
to the client. If the attacker starts to drop CB server messages, our
first reaction is to warn the user that there might be foul play and
that he's now unprotected. Unfortunately, there's no way to distinguish
deleted messages from network outage or similar faults.

So, yes, we have thought about extending Crossbear to a) store the
results and try to send them later (should work for mobile devices) or
b) try and switch to other channels. We're not quite sure about the
latter as the question is really how much power your attacker has. Use
the user's mail client and create a mail, anonymous FTP, WebDAV - OK.
Maybe a Tor hidden service for the extreme cases? None of these is
built-in so far.

BTW, what we do not address is an attacker sending us many forged chains
and/or traces. We don't want clients have to register with our server
and obtain an identity. That's a sore point.


Ralph Holz
Network Architectures and Services
Technische Universität München
PGP: A805 D19C E23E 6BBB E0C4  86DC 520E 0C83 69B0 03EF

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20120214/dedfd96e/attachment.asc>

More information about the cryptography mailing list