Perspectives Plug-in for Firefox Makes a Big Splash
The CMU-developed Perspectives security add-on for the Firefox web browser has made national news this week, hitting the AP, the San Francisco Chronicle, the BBC, and many other major media outlets, as well as tons of online sites, including Slashdot, CNET, and Ars Technica. The system was developed by Dan Wendlandt and Ethan Jackson (Carnegie Mellon Computer Science Ph.D. student and undergraduate student, respectively), along with their faculty advisors, David Andersen and Adrian Perrig. This was a joint effort between the Computer Science Department and the CyLab.
I find Perspectives to be elegantly simple — one of those mechanisms that makes you think, “Why didn’t I think of that?” (My thesis advisor used to tell me that if something seems obvious but hasn’t been discovered before, then it is probably fundamental. Time will tell whether that applies in this case.) The problem it addresses is the man-in-the-middle attack, something that has become more serious with the widespread use of public wifi hotspots.When a Perspectives-enabled web client tries to access a particular web site, it first securely contacts a trusted “network notary server”. The server contacts the same web site and then compares the public key it sees with the key the client has received. While this isn’t completely foolproof, as a practical matter the key comparison gives very high confidence that a man-in-the-middle attack is or isn’t present.
Thank you, Dan, Ethan, Dave, and Adrian. You’ve made the Internet noticeably safer!
Peter Lee @ August 28, 2008