Overview#Perspectives Project is a new approach to helping computers communicate securely on the Internet. With Perspectives Project, public “network notary” servers regularly monitor the SSL certificates used by 100,000s+ websites to help your browser detect Man-In-The-Middle attacks without relying on certificate authorities.
The Problem#For years, the Internet has relied on anointed Certificate Authorities (CAs) and Registration Authority like VeriSign to issue SSL certificates that browsers trust to verify the identify of a remote web server when using the HTTPS protocol. Verifying the remote server’s SSL certificate is necessary to avoid Man-In-The-Middle (MitM) attacks in which an attacker eavesdrops on communication or impersonates a remote website.
The Certificate Authority model have long been criticized as a potential security risk, and recent incidents demonstrate that the security concerns are not just theoretical:
- May 2011: Indications point to the Syrian government actively performing Man-In-The-Middle attacks (More Info)
- March 2011: Certificate Authority is hacked, leading to the issuing of fraudulent certificates for sites including google.com, yahoo.com and msn.com (More Info)
The root of the problem is that with the CA model, browsers blindly trust a group of 600+ corporate and government parties to Certificate Validation. You as a web browser user have little or no choice about who to trust and essentially no visibility into whether these organizations deserve your trust.
How Perspectives Helps#Perspectives takes a different approach to how the web browser determines if an SSL certificate is valid. Instead of requiring browser users to trust an anointed group of Certificate Authority, Perspectives gives users the ability to pick a group they trust (e.g., the EFF, Google, their company, their university, their group of friends, etc.) and trust no one else.
How is this possible? #Perspectives has a decentralized model that let’s anyone run one or more “network notary servers”. A network notary server is connected to the Internet and regularly monitors websites to build a history of the SSL certificate used by each site. Notary servers or groups of notary servers may be operated by public organizations, private companies, or even individuals.
Rather than validating an SSL certificate by checking for certificate authority approval, with Perspectives the browser validates a certificate by checking for consistency with the certificates observed by the network notaries over time. With network notary servers spread around the world and keeping a history of data, it is VERY hard for an attacker to launch a Man-In-The-Middle attack (see our academic paper for a full security analysis).
Just like a user picks which search engine their browser will use, they user can also choose what group(s) of network notaries they will trust. The user him/herself can choose whether they trust Comodo, the U.S government, the Chinese government, or not. And because all notary data is public, the quality of different network notaries can be measured and evaluated by anyone, creating a market for better security.