Author: Nathan Willis
Ah, cryptographic security: a boon to those who understand the algorithms, but all too often a lost cause to those who don’t. The secure HTTPS protocol for Web surfing is widely accepted, but has one fatal flaw: users ignore certificate error warnings. A Firefox extension called Perspectives aims to close that security hole.
Firefox pops up a security warning whenever it encounters an SSL certificate that doesn’t match the domain name of the site on which it is found, or is self-signed. Both situations are commonplace; gmail.com, for example, uses a certificate issued for mail.google.com, and many non-commercial Web sites use self-signed certificates because they don’t want to pay yearly fees to a certificate authority such as VeriSign.
The trouble is that these situations are so commonplace that no one reads Firefox’s security warnings anymore. Users soon learn that they have no real alternative to clicking on the “accept anyway” button and hoping for the best. A pop-up window invites the user to manually verify the identity of a Web site and certificate, but as critics have noted, does not explain how to do so, much less facilitate the process. Over time, the warnings get tuned out like the constantly barking watchdog or the hypersensitive car alarm.
The Perspectives extension doesn’t eliminate the security warnings, but it does provide a simple point-and-click method for testing questionable certificates, based on research done at Carnegie Mellon University.
By default, when Firefox finds a mismatched or self-signed SSL certificate, it gives you an “Examine Certificate” option with which you can inspect the certificate’s SHA1 and MD5 hash fingerprints. Determining whether the site is authentic is a piece of cake if you know the fingerprints by heart, but nearly impossible if you don’t.
Perspectives solves this problem by allowing you to check the fingerprint against remote “network notary” sites that retrieve and track certificates over time. If the certificate you see matches what the notaries see, and matches what the notaries have seen on previous connections, then you can probably trust it.
You can configure Perspectives to automatically check with the network notaries or to do so only with your permission, and you can tweak the number of notaries compared and the length of time for which you will trust the results.
Perspectives effectively guards against what security researchers call a “man in the middle” attack — a malicious entity sitting between you and the site you want to visit, grabbing your credentials as you send them, and faking the responses from the genuine site.
Theoretically, an attacker could try a man in the middle attack between you and the network notary as well, but Perspectives relies on multiple notaries and tests their results against each other, making such an attack exponentially harder.
The researchers behind Perspectives run a group of notaries distributed on the DARPA-funded Resilient Overlay Networks testbed, but they hope to generate interest from other entities to increase the number of notaries. The source code for the notary server is available at the Perspectives site, as are other interesting tools, such as an implementation of the system for OpenSSH.
Perspectives may not be a comprehensive security solution, but it does one thing Firefox doesn’t do on its own: make it easy to get some useful information from those certificate error warnings we’ve all been ignoring for too long.
Every Monday we highlight a different extension, plugin, or add-on. Write an article of less than 1,000 words telling us about one that you use and how it makes your work easier, along with tips for getting the most out of it. If we publish it, we’ll pay you $100. (Send us a query first to be sure we haven’t already published a story on your chosen topic recently or have one in hand.)
- Internet & WWW