Perspectives: Improving SSH-style host authentication with multi-path probing

Proceedings of the 2008 USENIX Annual Technical Conference, USENIX 2008

Volumn , Issue , 2008, Pages 321-334

  Wendlandt, Dan ^a   Andersen, David G ^a   Perrig, Adrian ^a  

^a CARNEGIE MELLON UNIVERSITY   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

AUTHENTICATION;

DESIGN SPACES; EASE-OF-USE; HOST AUTHENTICATION; MULTIPLE NETWORKS; ON DEMANDS; PUBLIC KEYS; SELF-SIGNED CERTIFICATE; SIMPLE NETWORKS;

INTERNET PROTOCOLS;

EID: 85034040740     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (26)

1. Y. Ali and S. Smith. Flexible and scalable public key security for SSH. In EuroPKI, pages 43–56, 2004.
2. D. G. Andersen, H. Balakrishnan, M. F. Kaashoek, and R. Morris. Experience with an Evolving Overlay Network Testbed. ACM Computer Communications Review, 33(3):13–19, July 2003.
3. M. Bellare and S. K. Miner. A forward-secure digital signature scheme. Lecture Notes in Computer Science, 1666:431–448, 1999.
4. J. Callas, L. Donnerhacke, H. Finney, D. Shaw, and R. Thayer. OpenPGP Message Format. Internet Engineering Task Force, Nov. 2007. RFC 4880.
5. S. Chokhani and W. Ford. Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework. Internet Engineering Task Force, 1999. RFC 2527.
6. M. Delany. Domain-based Email Authentication Using Public Keys Advertised in the DNS (DomainKeys), Aug. 2004.
7. W. Diffie, P. C. van Oorschot, and M. J. Wiener. Authentication and authenticated key exchanges. Designs, Codes and Cryptography, pages 107–125, 1992.
8. R. Dingledine, N. Mathewson, and P. Syverson. Tor: The second-generation onion router. In Proc. 13th USENIX Security Symposium, Aug. 2004.
9. Drive-by Pharming. Symantec security response weblog: Drive-by pharming in the wild. http://www.symantec.com/enterprise/security_response/weblog/2008/01/ driveby_pharming_in_the_wild.html.
10. S. Egelman, L. F. Cranor, and J. Hong. You’ve been warned: An empirical study of the effectiveness of web browser phishing warnings. In Proceedings of the SIGCHI conference on Human factors in computing systems (CHI’08), 2008.
11. M. Freedman, E. Freudenthal, and D. Mazieres. Democratizing content publication with Coral. In Proceedings of the 4th USENIX Symposium on Network Systems Design and Implementation (NSDI), 2004.
12. Y.-C. Hu, D. McGrew, A. Perrig, B. Weis, and D. Wendlandt. (R)Evolutionary bootstrapping of a global PKI for securing BGP. In Proc. 5th ACM Workshop on Hot Topics in Networks (Hotnets-V), Nov. 2006.
13. A. Juels and J. Brainard. Client puzzles: A cryptographic countermeasure against connection depletion attacks. In Symposium on Network and Distributed Systems Security (NDSS’99), Feb. 1999.
14. A. Lenstra and E. Verheul. Selecting cryptographic key sizes. Journal of Cryptology, 14(4):255–293, 2001.
15. S. Miller, B. Neuman, J. Schiller, and J. Saltzer. Kerberos authentication and authorization system. Technical report, MIT, Oct. 1988. Project Athena Technical Plan.
16. NTP-Pool. pool.ntp.org: the Internet cluster of NTP servers. http://www.pool.ntp.org.
17. OpenSSH. http://www.openssh.com.
18. L. Peterson, T. Anderson, D. Culler, and T. Roscoe. A blueprint for introducing disruptive technology into the Internet. In Proc. 1st ACM Workshop on Hot Topics in Networks (Hotnets-I), Oct. 2002.
19. L. Poole and V. S. Pai. ConfiDNS: Leveraging scale and history to improve DNS security. In Proceedings of Third Workshop on Real, Large Distributed Systems (WORLDS), November 2006.
20. C. Reis, S. D. Gribble, T. Kohno, and N. C. Weaver. Detecting in-flight page changes with web tripwires. 2008.
21. S. E. Schechter, R. Dhamija, A. Ozment, and I. Fischer. The emperor’s new security indicators. In SP’07: Proceedings of the 2007 IEEE Symposium on Security and Privacy, 2007.
22. J. Schlyter and W. Griffin. Using DNS to Securely Publish Secure Shell (SSH) Key Fingerprints. Internet Engineering Task Force, Jan. 2006. RFC 4255.
23. The RON/IRIS Testbed. http://www.datapository.net/tb/.
24. Tor Exit Node Hijacks. TOR exit-node doing MITM attacks. http://www.teamfurry.com/wordpress/2007/11/20/tor-exit-node-doing-mitm-attacks.
25. Traceroute.org. Traceroute.org. http://www.traceroute. org.
26. W32.Arpiframe. W32.arpiframe. http://http://www. symantec.com/business/security_response/ writeup.jsp?docid=2007- 061222- 0609- 99.