What It Means to Spoof

• Merike Keao: Spoofing attacks are "providing false information about a principal's identity to obtain unauthorized access to a system."

• Spoofing attacks are active attacks that forge identity; are possible at all layers of communication; possess intent, possibly partial credentials, but not generally full or legitimate access. Spoofing is not betrayal, and it is certainly nothing new.

• Spoofing is not always, or even usually, malicious. Several critical network techniques, such as Mainframe/Internet access and the vast majority of Web sites depend on something that in some contexts qualify as spoofing.

Background Theory

• Trust is inherent to the human condition, and awareness of the weakness of trust is an ancient discovery dating to the time of Descartes and far beyond.

• Trust is necessary and unavoidable we cannot trust anything, but we cannot trust nothing; we just end up falling back on superstition and convenience. We can't trust everything but we must trust something, so life becomes choosing what to trust.

The Evolution of Trust

• Human trust is accidental.

  • Speaking accidentally ties our own voice to the words we speak.

  • Touch accidentally ties our own fingerprints to the surfaces we touch.

  • Travel accidentally ties our appearance to anybody who happens to see us.

• Human trust is asymmetric.

  • Being able to recognize my voice doesn't mean you can speak with it.

  • Being able to recognize my print doesn't mean you can swap fingers.

  • Being able to recognize my face doesn't mean you can wear it.

• Human trust...