Re: MITM attacks
From: Anne & Lynn Wheeler (lynn_at_garlic.com)
Date: 05/24/04
- Next message: Henrick Hellström: "Re: On Open Source"
- Previous message: Tom St Denis: "Re: MITM attacks"
- In reply to:(deleted message) Guy Macon: "MITM attacks"
- Next in thread: Guy Macon: "Re: On Open Source"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sun, 23 May 2004 16:44:52 -0600
Guy Macon <http://www.guymacon.com> writes:
> O.K. I will byte. :) (Note that I am not an expert, so feel free
> to correct the misunderstandings I almost certainly have.)
>
> If I communicate with someone using PGP, and both of us have our
> keys verified with a high degree of confidence through the web of
> trust, and you are the man in the middle, how would you break our
> defense?
>
> Enquiring minds want to know! ;)
you've sort of been sucker punched. basically all MITM countermeasures
involve some (trusted) out-of-band communication ... that isn't
subject to the MITM attacks of the communication channel in question.
you walk into your bank and something is exchanged that can uniquely
provide unique mutual authentication. from then on, you and the bank
can exchange messages based on the mutual authentication technology.
somebody else walks into the bank and something else is exchanged that
also enables unique mutual authentication. you then want to
communicate to this other entity ... you can securely send the message
to your bank and have them securely forward to the destination.
the security business process of trust effectively works the same if
the two of you exchange messages directly and the bank acts just acts
public key server (somewhat akin to the yahoo ietf draft submitted
last week). a vulnerability is if you are using the same exact
infrastructure to establish trust with the web-of-trust keyserver ...
then MITM could be attacking that also. the countermeasure is again
some out-of-band information that isn't vulnerable to the MITM
attacker. sometimes web-of-trust assumes that it might be able to use
a suspect communication channel (prone to MITM) in multiple different
ways ... in the hopes that the MITM isn't your ISP and therefor
constantly operating.
However, if it is possible to demonstrate trusted mutual
authentication between two different parties and a trusted 3rd party
... then it is possible to leverage that to extend mutual
authentication directly between the two parties. The level of business
trust isn't directly affected by having the bank be the intermediate
transmission or by just having them provide the authentication
infrastructure.
now attacks on this infrastructure wouldn't be MITM ... but they might
be insider. a lot of existing authentication infrastructure is based
on various kinds of shared-secrets, aka "something you know" static
data. a lot of current fraud is harvesting such static data and using
it to impersonate other entities. a lot of phishing email is making
the email sound official enuf that consumers are tricked into
believing it w/o having actual proof. So is this a MITM attack? ... or
social engineering? Are all insiders attacks, MITM?
minor drift, reference to recent news note about a study that is
about to be published:
http://www.garlic.com/~lynn/aadsm17.htm#38 Study: ID theft usually an inside job
-- Anne & Lynn Wheeler | http://www.garlic.com/~lynn/
- Next message: Henrick Hellström: "Re: On Open Source"
- Previous message: Tom St Denis: "Re: MITM attacks"
- In reply to:(deleted message) Guy Macon: "MITM attacks"
- Next in thread: Guy Macon: "Re: On Open Source"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
