Trust on first use

Not to be confused with tofu.

TOFU or TUFU are information security slang acronyms which mean Trust On First Use or Trust Upon First Use. This model refers to the network software security model whereby client software, upon connecting to a new server, is prompted to accept and record some form of token to identify the remote server. For example, SSH protocol implementations are designed to issue a warning when the key of a server has changed: WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! Perhaps more commonly, the secure HTTPS protocol for web browsers is widely accepted, but has one fatal flaw: users ignore certificate error warnings.

Model strengths and weaknesses

The single largest strength of any TOFU-style model is that a human being must initially validate every interaction. A common application of this model is the use of ssh-rpc 'bot' users between computers, whereby public keys are distributed to a set of computers for automated access from centralized hosts. The TOFU aspect of this application forces a sysadmin (or other trusted user) to validate the remote server's identity upon first connection.

The largest weakness of any TOFU-style model is that a human being must initially validate every interaction, which does not scale infinitely, and can quickly scale beyond the capabilities of any group of people using and managing computers with a need for trusted and secure protocols. People tend to approve without verification, not to mention the increased surface area for human error.

First known use of the term

The first known formal use of the term TOFU or TUFU was by CMU researchers Dan Wendlandt, David Andersen, and Adrian Perrig in their research paper "Perspectives: Improving SSH-Style Host Authentication With Multi-Path Probing" published in 2008 at the Usenix Annual Technical Conference.^[1]

Moxie Marlinspike mentioned Perspectives and the term TOFU the DEF CON 18 proceedings, with reference to comments made by Dan Kaminsky, during the panel discussion "An Open Letter, A Call to Action".

An audience suggestion was raised implying the superiority of the SSH PKI model, over the SSL/TLS PKI model - whereby Moxie replied:

Anonymous: "...so, if we dislike the certificate model in the (tls) PKI, but we like, say, the SSH PKI, which seems to work fairly well, basically the fundamental thing is: if I give my data to someone, I trust them with the data. So I should be remembering their certificate. If someone else comes in with a different certificate, signed by a different authority, I still don't trust them. And if we did it that way, then that would solve a lot of the problems- it would solve the problems of rogue CAs, to some extent, it wouldn't help you with the initial bootstrapping but the initial bootstrapping would use the initial model, and then for continued interaction with the site you would use the ssh model which would allow you continued strength beyond what we have now. So the model we have now can be continued to be re-used, for only the initial acceptance. So why don't we do this?"

Dan: "So, I'm a former SSH developer, and let me walk very quickly, every time there's an error in the ssh key generation, the user is asked, 'please type yes to trusting this new key', or, 'please go into your known hosts file and delete that value', and every last time they do it, because it's always the fault of a server misconfiguration. The SSH model is cool, it don't scale".

Moxie: "And I would just add, what you're talking about is called 'Trust on First Use', or 'tofu', and there's a project that I'm involved in called perspectives, that tries to leverage that to be less confusing than the pure SSH model, and I think it's a really great project and you should check it out if you're interested in alternatives to the CA system."

Related work on the subject

Work toward creating visual representations of server certificate 'fingerprint' hashes has been implemented into OpenSSH in the form of ASCII Art. The intention is for users to visually recognize a 'graphical' image, instead of a long string of letters and numbers. The original research paper was written by Adrian Perring and Dawn Song, at the Carnegie Mellon University Computer Science Department.
The originator of the 'TUFU' acronym was describing the inspiration for the 'Perspectives Firefox Plug In', which was designed to strengthen the SSL/TLS PKI model by contacting network notaries whenever your browser connects an HTTPS website

Prior work

The topics of trust, validation, non-repudiation are fundamental to all work in the field of cryptography and digital security.

References

↑ http://www.usenix.org/events/usenix08/tech/full_papers/wendlandt/wendlandt_html/index.html

External links

Look up TOFU in Wiktionary, the free dictionary.

This article is issued from Wikipedia - version of the Sunday, May 01, 2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.