[Cryptography] MITM watch - Tor exit nodes patching binaries
ianG
iang at iang.org
Sun Dec 7 15:19:46 EST 2014
On 3/12/2014 17:26 pm, Jerry Leichter wrote:
> On Dec 3, 2014, at 9:39 AM, ianG <iang at iang.org> wrote:
>> (*) I'd love to hear a better name than Bayesian impossibility syndrome, which I just made up. It's pretty important, it explains why the current SSL/PKI/CA MITM protection can never work, relying on Bayesian statistics to explain why infrequent real attacks cannot be defended against when overshadowed by frequent false negatives.
> It's not clear to me what you're trying to cover with "Bayesian impossibility syndrome", but it sounds very much like the Base Rate Fallacy.
That looks very close, thanks, Jerry! The base rate fallacy presents
the logic I'm trying to get to. If we use the numbers of the 2nd
example in wikipedia [0], and paraphrase heavily:
=============
Software looks at certificated SSL connections and displays a false
result in 5% of the cases where the connection is not MITM'd. However,
the code never fails to detect a real MITM. Assume 1/1000 of
connections are MITMs.
Let's look at the case where the browser looks at a random SSL
connection and does a test on it, and discovers it is an MITM. How high
is the probability that this is an MITM?
Many would answer as high as 0.95, but the correct probability is about
0.02.
To find the correct answer, one should use Bayes' theorem. ...
[real maths snipped]
A more intuitive explanation: in average, for every 1000 connections tested,
* 1 connection is MITM, and it is 100% certain that for that
connection there is a true positive test result, so there is 1 true
positive test result
* 999 connections are not MITM, and among those connections there
are 5% false positive test results, so there are 49.95 false positive
test results
therefore the probability that one of the connections among the 1 +
49.95 = 50.95 positive test results really is an MITM is about 2%.
==============
If we are saying that the developers of the secure browsing system are
relying on a high true positive rate (detects an MITM, is an MITM) to
predict that the system will defend against MITMs, then yes, the SSL
secure browsing system falls to the base rate fallacy.
But it does this via a few steps, being fallacy then result. Firstly
their logic ignores the false negative rate (hits a clean connection,
declares it an MITM), which literally would be the base rate fallacy.
Secondly, the prediction ignores the effect that the flood of false
negatives has on the users: they turn it off, aka click-thru syndrome,
confusion, etc.
We might call this second part the base rate fallacy response or syndrome.
iang
ps; people will note I routinely screw up the false/true
negative/positive matrix...
[] https://en.wikipedia.org/wiki/Base_rate_fallacy#Example_2
More information about the cryptography
mailing list