New system makes WiFi networks more secureAugust 26th, 2008 - 1:44 pm ICT by IANS
New York, August 26 (IANS) Terrorists hacking into American Ken Heywood’s WiFi Internet connection in Mumbai recently, to email bombing threats, has highlighted the vulnerability of shared Internet communications.Now Carnegie Mellon University researchers have devised a low-cost system that can thwart these “Man-in-the-Middle” (MitM) attacks and protect them from snooping or appropriation by terrorist elements.
The system, called Perspectives, can also protect against attacks related to a recently disclosed software flaw in the Domain Name System (DNS), the Internet phone book used to route messages between computers.
David Andersen, assistant professor of computer science at Mellon, said the increased use of wireless connections to the Internet has increased the risk of MitM attacks.
These occur when an attacker tricks a computer user into believing that he has established a secure link with a target site, such as a bank.
“It’s very, very, very easy for someone to convince you to go through their computer” when making connections through public Wi-Fi, Andersen said.
“A user who thinks he is linked to an airport or coffee shop hot spot, for instance, might actually be linked to a laptop of someone just a few seats away. A lot of people wouldn’t even know they’ve been attacked.”
The computer user ends up actually communicating with the attacker’s computer, which can eavesdrop as it relays communications between the user and the target site, he said.
The researchers - Andersen, Adrian Perrig, associate professor of electrical and computer engineering and public policy and Dan Wendlandt, a doctoral student at Mellon - have incorporated Perspectives into an extension for the popular Mozilla Firefox v3 browser thancan, which can be downloaded free of cost at www.cs.cmu.edu/~perspectives/firefox.html.
Perspectives employs a set of friendly sites, or “notaries”, that can aid in authenticating web sites for financial services, online retailers and other transactions requiring secure communications.
By independently querying the desired target site, the notaries can check whether each is receiving the same authentication information, called a digital certificate, in response.
If one or more notaries report authentication information that is different than that received by the browser or other notaries, a computer user would have reason to suspect that an attacker has compromised the connection.
Certificate authorities, such as VeriSign, Comodo and GoDaddy, already help authenticate web sites and reduce the risk of MitM attacks.
The Perspectives system provides an extra measure of security in those cases but will be especially useful for the growing number of sites that do not use certificate authorities and instead use less expensive “self-signed” certificates.
“When Firefox users click on a web site that uses a self-signed certificate, they get a security error message that leaves many people bewildered,” Andersen said.
Once Perspectives has been installed in the browser, however, it can automatically override the security error page without disturbing the user if the site appears legitimate.
The system can also detect if one of the certificate authorities may have been tricked into authenticating a bogus web site and warn the Firefox user that the site is suspicious.
“Perspectives provides an additional level of safety to browse the Internet,” Perrig said. “To the security conscious user, that is a significant comfort.”
Most Internet communications generally involve the use of a login and password, which require that sites authenticate themselves with a digital certificate containing a so-called public key, used for encryption.
The exchange of this security information typically occurs without the computer user being aware of it. But when something isn’t quite right, a dialogue box such as “Unable to verify the identity of XYZ.com as a trusted site” is displayed by the web browser.
“Most users don’t have a clue about what to do in those cases,” Wendlandt said. “A lot of them just shrug and go ahead with the connection, potentially opening themselves to attack.”
“With Perspectives, even if a client’s ISP has fallen victim to the attack, the client will be able to detect that the public key received from the fake site is inconsistent with the results returned from the notaries,” he added.