%0 Journal Article %A Wendlandt, Dan %A Andersen, David G. %A Perrig, Adrian %D 2004 %T Perspectives: Improving SSH-style Host Authentication with Multi-Path Probing %U https://kilthub.cmu.edu/articles/journal_contribution/Perspectives_Improving_SSH-style_Host_Authentication_with_Multi-Path_Probing/6608366 %R 10.1184/R1/6608366.v1 %2 https://kilthub.cmu.edu/ndownloader/files/12099785 %K computer sciences %X The popularity of “Trust-on-first-use” (Tofu) authentication, used by SSH and HTTPS with self-signed certificates, demonstrates significant demand for host authentication that is low-cost and simple to deploy. While Tofu-based applications are a clear improvement over completely insecure protocols, they can leave users vulnerable to even simple network attacks. Our system, PERSPECTIVES, thwarts many of these attacks by using a collection of “notary” hosts that observes a server’s public key via multiple network vantage points (detecting localized attacks) and keeps a record of the server’s key over time (recognizing short-lived attacks). Clients can download these records on-demand and compare them against an unauthenticated key, detecting many common attacks. PERSPECTIVES explores a promising part of the host authentication design space: Trust-on-first-use applications gain significant attack robustness without sacrificing their ease-of-use. We also analyze the security provided by PERSPECTIVES and describe our experience building and deploying a publicly available implementation. %I Carnegie Mellon University