[Cryptography] MITM watch - Tor exit nodes patching binaries

ianG iang at iang.org
Sun Dec 7 15:19:46 EST 2014

On 3/12/2014 17:26 pm, Jerry Leichter wrote:
> On Dec 3, 2014, at 9:39 AM, ianG <iang at iang.org> wrote:
>> (*) I'd love to hear a better name than Bayesian impossibility syndrome, which I just made up.  It's pretty important, it explains why the current SSL/PKI/CA MITM protection can never work, relying on Bayesian statistics to explain why infrequent real attacks cannot be defended against when overshadowed by frequent false negatives.
> It's not clear to me what you're trying to cover with "Bayesian impossibility syndrome", but it sounds very much like the Base Rate Fallacy.

That looks very close, thanks, Jerry!  The base rate fallacy presents 
the logic I'm trying to get to.  If we use the numbers of the 2nd 
example in wikipedia [0], and paraphrase heavily:

Software looks at certificated SSL connections and displays a false 
result in 5% of the cases where the connection is not MITM'd.  However, 
the code never fails to detect a real MITM.  Assume 1/1000 of 
connections are MITMs.

Let's look at the case where the browser looks at a random SSL 
connection and does a test on it, and discovers it is an MITM.  How high 
is the probability that this is an MITM?

Many would answer as high as 0.95, but the correct probability is about 

To find the correct answer, one should use Bayes' theorem. ...

[real maths snipped]

A more intuitive explanation: in average, for every 1000 connections tested,

     * 1 connection is MITM, and it is 100% certain that for that 
connection there is a true positive test result, so there is 1 true 
positive test result
     * 999 connections are not MITM, and among those connections there 
are 5% false positive test results, so there are 49.95 false positive 
test results

therefore the probability that one of the connections among the 1 + 
49.95 = 50.95 positive test results really is an MITM is about 2%.

If we are saying that the developers of the secure browsing system are 
relying on a high true positive rate (detects an MITM, is an MITM) to 
predict that the system will defend against MITMs, then yes, the SSL 
secure browsing system falls to the base rate fallacy.

But it does this via a few steps, being fallacy then result.  Firstly 
their logic ignores the false negative rate (hits a clean connection, 
declares it an MITM), which literally would be the base rate fallacy. 
Secondly, the prediction ignores the effect that the flood of false 
negatives has on the users:  they turn it off, aka click-thru syndrome, 
confusion, etc.

We might call this second part the base rate fallacy response or syndrome.


ps; people will note I routinely screw up the false/true 
negative/positive matrix...

[] https://en.wikipedia.org/wiki/Base_rate_fallacy#Example_2

More information about the cryptography mailing list