OONIBear Detects and Locates Man-in-the-Middle Attacks

While the use of public-key encryption helps to protect users’ communications and data from unwanted and potentially malicious viewers, it is not an invulnerable solution. The current X.509 public-key infrastructure (PKI) is susceptible to man-in-the-middle (MitM) attacks. They allow an attacker to intercept an existing connection as well as read and modify a victim’s encrypted communication with a server. Such attacks are possible when attackers can compel a Certification Authority to issue or use forged certificates to validate the ownership of a public key. The intended recipient then does not recognize that content has been seen or modified by the attacker.

In order to address this PKI vulnerability, Technische Universität München in Germany developed Crossbear, a tool that uses certificate chain comparison and network tracerouting from different vantage points to detect and locate MitM attacks. Financed by a small grant from the ISC Project, developers at Technische Universität München made improvements to Crossbear that expand its functionality in two critical ways. First, the developers integrated Crossbear with the Tor project’s Open Observatory for Network Interference (OONI), a tool that uses free and open source software to detect and identify network tampering. The resulting “OONIBear” tool extends Crossbear’s reach and improves its capacity to pinpoint MitM attacks by employing OONI’s numerous additional hosts in different countries to perform tracerouting hunting tasks and report attacks.

Second, OONIBear developers created a framework for automated processing and reporting of OONIBear’s traceroute data to replace the manual analysis required by Crossbear. The completed OONIBear tool contains a component that visualizes attack traceroutes, showing the countries traversed, reporting sudden changes in Certification Authorities for a given domain, and incorporating WHOIS information such as domain name expiration and operator. With these significant improvements, OONIBear offers a robust tool that could play an important role in the protection of online privacy.

To learn more about OONIBear, please visit https://pki.net.in.tum.de