Have digital certificates become too unwieldy to be trusted?
Such certificates are fundamental to the SSL security model employed on the Web and ensure that users have a secure, encrypted connection directly to the website they're visiting. But if attackers hack into certificate authorities and issue false certificates for legitimate websites, all bets are off, not least when it comes to eavesdropping.
Beginning in July, for example, fraudulently obtained digital certificates--issued by Dutch certificate authority DigiNotar--were used to launch man-in-the-middle attacks against Gmail users. Successful exploits would have resulted in attackers being able to read targeted people's email.
"This attack illustrates one of the many security problems with SSL: there are too many single points of trust," said Bruce Schneier, chief security technology officer of BT, in a blog post. In other words, subvert any of those points of trust and security fails.
In the case of DigiNotar, the Dutch certificate authority (CA) didn't discover--never mind own up to--its security breaches until their scale had reached quite large proportions. Then again, according to preliminary results of an audit into the breach commissioned by the Dutch government, DigiNotar practiced poor information security, including no centralized logging, no centralization of critical components, out-of-date and unpatched software, and an administrator password that could have been easily compromised via a brute-force attack, said Chester Wisniewski, a senior security advisor at Sophos Canada, in a blog post. Furthermore, "all of the certificate servers belonged to one Windows domain, allowing the compromise of one administrator account to control everything," he said.
Based on those revelations, the Dutch government seized control of DigiNotar, which is owned by Chicago-based Vasco. Dutch prosecutors said they were evaluating whether to pursue DigiNotar officials for criminal negligence.
Interestingly, the damaging exploit--at least in the time required by businesses such as Google, Microsoft, and Mozilla to code patches--resulted from the exploitation of a certificate authority that saw revenues of less than 100,000 British pounds ($141,000) for the first six months of 2011, according to a statement released last week by Vasco. That statement also promised that DigiNotar "expects to have a solution for its entire customer base before the end of this business week" and that it "expects that the cost of this action will be minimal."
In a subsequent, undated damage control letter to investors, however, Vasco changed its tone, saying that while the company had acquired DigiNotar in January 2011, and planned to fully integrate the DigiNotar's products into its own by 2012, Vasco's own products remained "100% DigiNotar-free."
In other words, DigiNotar appears to be doomed. On Friday, Mozilla released an unprecedented statement saying that it was permanently blocking every DigiNotar certificate, forever. "In an incident earlier this year we worked with Comodo to block a set of mis-issued certificates that were detected, contained, and reported to us immediately," said Jonathan Nightingale, director of Firefox engineering in a blog post. "In DigiNotar's case, by contrast, we have no confidence that the problem had been contained. Furthermore, their failure to notify leaves us deeply concerned about our ability to protect our users from future breaches." Google and Microsoft have likewise begun permanently blocking DigiNotar's certificates.
DigiNotar was punished because it failed to come clean quickly. "The integrity of the SSL system cannot be maintained in secrecy," said Nightingale. "Incidents like this one demonstrate the need for active, immediate, and comprehensive communication between CAs and software vendors to keep our collective users safe online."
But the exploit of DigiNotar shows how easy it is to subvert SSL, as well as the serious repercussions that can result even when clear lines of communication exist. Might that lead to reform--or possibly regulation--of certificate authorities? "Now that someone (presumably from Iran) has obtained a legit HTTPS cert for CIA.gov, I wonder if the US gov will pay attention to this mess," said Christopher Soghoian, a graduate fellow at the Center for Applied Cybersecurity Research at Indiana University, via Twitter on Saturday.
On Monday, Roel Schouwenberg, a senior antivirus researcher at Kaspersky Lab, said in a blog post that the DigiNotar hack would have a political impact equal to Stuxnet, and "put cyberwar on or near the top of the political agenda of Western governments." Furthermore, he suggested that DigiNotar wasn't an isolated event. "With some 500 authorities out there globally it's hard to believe DigiNotar is the only compromised CA out there."
Schouwenberg's prediction was prescient. On Tuesday, an attacker claimed credit for the DigiNotar attacks, using the same "Comodohacker" Pastebin account that had been used to claim credit for the exploit of the Comodo certificate authority earlier this year.
While the DigiNotar exploit was discovered, Comodohacker claims to control more certificate authorities. "I have access to 4 more so HIGH profile CAs, which I can issue certs from them too which I will, I won't name them," according to the Pastebin post. Comodohacker also claimed to have accessed the StartCom certificate authority, but was blocked by a hardware security module. Furthermore, the attacker claimed to have current access to GlobalSign, and promised to demonstrate that soon.
Unfortunately, no quick fix appears to exist for SSL. "This incident demonstrates in a real way the fragility of the SSL/TLS certificate trust model in use on the net today," said Wisniewski at Sophos. "I hope adoption of replacement technologies like Moxie Marlinspike's Convergence take off in a meaningful way to provide us with more confidence in the security of our communications."
Convergence is a proposal from Marlinspike that involves crowdsourcing certificate verification, by comparing the certificates that users around the world receive for a given website, to help ascertain whether they're legitimate or not. But the approach is relatively new, and so far only available as a Firefox plug-in. Arguably, it's also just one step toward what will need to be a major reform of the information security and business practices of certificate authorities.
The vendors, contractors, and other outside parties with which you do business can create a serious security risk. Here's how to keep this threat in check. Also in the new, all-digital issue of Dark Reading: Why focusing solely on your own company's security ignores the bigger picture. Download it now. (Free registration required.)