[Cryptography] Billboard Defense and CT

Sat Sep 27 21:47:16 EDT 2014

Back in 1997, I proposed defending against man in the middle attacks by encouraging people to display hashes of PGP public keys in public places, where anyone could easily copy them without using electronic channels that a MITM can control. I called it the Billboard Defense.(https://groups.google.com/forum/#!search/reinhold$20billboard$20defense/list.cypherpunks/VOGa8ocY800/at4cDETmiXsJ) 

The same method could help shore up schemes like certificate transparency. The “Mossad Level” MITM attacks being posited depend on keeping the person under attack in an electronic bubble, in which all communications are controlled by the attacker. Any out of band communication that transmits a valid key can puncture that bubble. Worse for the attacker, the person under attack is given incriminating evidence in the form of key certificates cryptographically signed by a supposedly thrusted third party that attest to a phony key. Once alerted, the person under attack can save such “smoking gun” certificates and turn them in, perhaps in person, as a public service or to claim a reward. A Web site that then posted such smoking gun certificates would quickly reveal untrustworthy CAs. (Has anyone so far exhibited even one forged certificate signed by a browser-accepted CA?)

High capacity bar codes, such as QR-codes, would further simplify this process. Institutions like banks and retailers (including Apple) could post a public key verification QR-code in their lobbies or stores. They could also print it on business cards, brochures and monthly statements (for those still offering hard copy). We would still need software apps to accumulate signed keys that a user’s browser has accepted and compare them with publicly displayed fingerprints obtained from QR-codes and the like. The app would then mail or print out any smoking gun certificates it finds. 

Companies that lack significant retail presence, like Google, might purchase space on physical billboards or use some other non-Internet communications scheme. One simple approach would be to put a light on a building that flashes the key fingerprint in Morse code (in hex or base-32). Google in particular owns a massive 18-story building in Manhattan, 111 Eighth Avenue, that is near the Hudson River and easily visible from New Jersey. (It is the long brown building at the far left in this image of the lower Manhattan skyline https://commons.wikimedia.org/wiki/File:Manhattan_Skyline_(6553279587).jpg Google Hq inManhattan visible). I would propose that Google place a visible beacon on the roof of 111 Eighth Avenue that blinks out Google's current public key fingerprint in slow Morse code. 

Of course only a few people would bother to use such a system at first, but as more companies follow the example, life will become increasingly hard for men in the middle.

Arnold Reinhold

(I hereby release to the public domain any patentable ideas of mine contained in this e-mail.)