Using crypto against Phishing, Spoofing and Spamming...

Ian Grigg iang at systemics.com
Sat Jul 17 21:44:49 EDT 2004 

Eric Rescorla wrote:
> Ian Grigg <iang at systemics.com> writes:
> 
>>Notwithstanding that, I would suggest that the money
>>already lost is in excess of the amount paid out to
>>Certificate Authorities for secure ecommerce certificates
>>(somewhere around $100 million I guess) to date.  As
>>predicted, the CA-signed certificate missed the mark,
>>secure browsing is not secure, and the continued
>>resistance against revision of the browser's useless
>>padlock display is the barrier to addressing phishing.
> 
> 
> I don't accept this argument at all.
> 
> There are at least three potential kinds of attack here:
> 
> (1) Completely passive capture attacks.
> (2) Semi-active attacks that don't involve screwing with
>     the network infrastructure (standard phishing attacks)

By (2) I guess you mean a bypass MITM?

> (3) Active attacks on the network infrastructure.

By (3) I guess you mean a protocol level MITM.

Then, there is:

(4) Active attacks against the client.  By this I mean
     hacking the client, installing a virus, malware,
     spyware or whathaveyou.  (This is now real, folks.)
(5) Active attacks against the server.  Basically,
     hacking the server and stealing all the good stuff.
     (This has always been real, ever since there have
     been servers.)
(6), (7) Insider attacks against client, server.
     Just read off the data and misuse it.  (This has
     been real since the dawn of time...)

Of course, SSL/SB doesn't protect against any of these,
and many people therefore assume the thinking stops
there.  Sadly, no.  Even though SSL doesn't protect
against these attacks, the frequency & cost of these
attacks directly impacts on the design choices of
secure browsing.

> SSL does a fine job of protecting against (1) and a fairly adequate
> job of protecting against (3). Certainly you could do a better job
> against (3) if either:
> 
> (a) You could directly connect to sites with SSL a la
>     https://www.expedia.com/
> (b) The identities were more user-friendly as we anticipated back in
>     the days of S-HTTP rather than being domain names, as required by
>     SSL. 
> 
> It does a lousy job of protecting against (3).

Sorry, I'm having trouble parsing "fairly adequate"
versus "lousy job" for threat (3)...  Both (a) and (b)
seem to deserve some examples?  I can connect directly
to expedia, and https://www.paypal.com/ is friendly
enough?

(Hmmm... I tell a lie, there is no https://www.expedia.com/
as it redirects.)

> Now, my threat model mostly includes (1),  does not really include
> (3), and I'm careful not to do things that leave me susceptible
> to (2), so SSL does in fact protect against the attacks in my
> threat model. I know a number of other people with similar threat
> models. Accordingly, I think the claim that "secure browsing
> is not secure" rather overstates the case.

(1) OK.  Now, granted, SSL protects against (1), "fairly
finely."  It does so in all its guises, although the
CA-signed variant in secure browsing does so at some
additional unneeded expense, as it eliminates certain
secure options, being SSCs and ADH.  OTOH, this is a
really rare attack - actual damage from sniffing HTTP
traffic doesn't seem to be recorded anywhere as a real
attack on people, so forgive me if I downgrade this one
as "almost not a threat."

(2) Then we come to (2), what i'd call a bypass MITM.  Or
a phish or a spoof.   (I'm not sure what "semi active"
and "infrastructure" have to do with it.)  This one is
certainly a threat.

When the browser is presented with a URL which happens
to purport only to be some secure site, without really
being that site, this is a spoof.  Your defence is to
be careful against this attack.  So, your defence is
nothing to do with SSL or secure browsing or anything really,
literally, (2) is unprotected against by SSL and secure
browsing in all their guises.  You yourself provide the
protection, because SSL / secure browsing does not.  Of
course.

That is my point - secure browsing does not protect
against any real & present threat.

(3)  I don't understand at all.  But you suggest that
it's not your threat and it isn't protected well against.



In summary - we are left with one attack that is well
protected against, but isn't really seen that much,
and could be done with ADH.  Then, another attack that
you deal with yourself, so that's not really relevant
coz you're smart and experienced, and those using
browsers on the average are not, and they are hit by
the attack.  Then there is (3).

(And we haven't even begun on (4) thru (7).  What then,
is a threat model that only includes some threats?)

So in sum, I think my argument remains unchallenged:
secure browsing fails to secure.

iang

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list