Vulnerabilities / Threats
9/6/2011
12:10 PM
Connect Directly
RSS
E-Mail
50%
50%

Are Digital Certificates Doomed?

Certificates are fundamental to the Web's SSL security model. But the recent DigiNotar attack and Comodo hacks show that the system must be strengthened, experts say.

Have digital certificates become too unwieldy to be trusted?

Such certificates are fundamental to the SSL security model employed on the Web and ensure that users have a secure, encrypted connection directly to the website they're visiting. But if attackers hack into certificate authorities and issue false certificates for legitimate websites, all bets are off, not least when it comes to eavesdropping.

Beginning in July, for example, fraudulently obtained digital certificates--issued by Dutch certificate authority DigiNotar--were used to launch man-in-the-middle attacks against Gmail users. Successful exploits would have resulted in attackers being able to read targeted people's email.

"This attack illustrates one of the many security problems with SSL: there are too many single points of trust," said Bruce Schneier, chief security technology officer of BT, in a blog post. In other words, subvert any of those points of trust and security fails.

In the case of DigiNotar, the Dutch certificate authority (CA) didn't discover--never mind own up to--its security breaches until their scale had reached quite large proportions. Then again, according to preliminary results of an audit into the breach commissioned by the Dutch government, DigiNotar practiced poor information security, including no centralized logging, no centralization of critical components, out-of-date and unpatched software, and an administrator password that could have been easily compromised via a brute-force attack, said Chester Wisniewski, a senior security advisor at Sophos Canada, in a blog post. Furthermore, "all of the certificate servers belonged to one Windows domain, allowing the compromise of one administrator account to control everything," he said.

Based on those revelations, the Dutch government seized control of DigiNotar, which is owned by Chicago-based Vasco. Dutch prosecutors said they were evaluating whether to pursue DigiNotar officials for criminal negligence.

Interestingly, the damaging exploit--at least in the time required by businesses such as Google, Microsoft, and Mozilla to code patches--resulted from the exploitation of a certificate authority that saw revenues of less than 100,000 British pounds ($141,000) for the first six months of 2011, according to a statement released last week by Vasco. That statement also promised that DigiNotar "expects to have a solution for its entire customer base before the end of this business week" and that it "expects that the cost of this action will be minimal."

In a subsequent, undated damage control letter to investors, however, Vasco changed its tone, saying that while the company had acquired DigiNotar in January 2011, and planned to fully integrate the DigiNotar's products into its own by 2012, Vasco's own products remained "100% DigiNotar-free."

In other words, DigiNotar appears to be doomed. On Friday, Mozilla released an unprecedented statement saying that it was permanently blocking every DigiNotar certificate, forever. "In an incident earlier this year we worked with Comodo to block a set of mis-issued certificates that were detected, contained, and reported to us immediately," said Jonathan Nightingale, director of Firefox engineering in a blog post. "In DigiNotar's case, by contrast, we have no confidence that the problem had been contained. Furthermore, their failure to notify leaves us deeply concerned about our ability to protect our users from future breaches." Google and Microsoft have likewise begun permanently blocking DigiNotar's certificates.

DigiNotar was punished because it failed to come clean quickly. "The integrity of the SSL system cannot be maintained in secrecy," said Nightingale. "Incidents like this one demonstrate the need for active, immediate, and comprehensive communication between CAs and software vendors to keep our collective users safe online."

But the exploit of DigiNotar shows how easy it is to subvert SSL, as well as the serious repercussions that can result even when clear lines of communication exist. Might that lead to reform--or possibly regulation--of certificate authorities? "Now that someone (presumably from Iran) has obtained a legit HTTPS cert for CIA.gov, I wonder if the US gov will pay attention to this mess," said Christopher Soghoian, a graduate fellow at the Center for Applied Cybersecurity Research at Indiana University, via Twitter on Saturday.

On Monday, Roel Schouwenberg, a senior antivirus researcher at Kaspersky Lab, said in a blog post that the DigiNotar hack would have a political impact equal to Stuxnet, and "put cyberwar on or near the top of the political agenda of Western governments." Furthermore, he suggested that DigiNotar wasn't an isolated event. "With some 500 authorities out there globally it's hard to believe DigiNotar is the only compromised CA out there."

Schouwenberg's prediction was prescient. On Tuesday, an attacker claimed credit for the DigiNotar attacks, using the same "Comodohacker" Pastebin account that had been used to claim credit for the exploit of the Comodo certificate authority earlier this year.

While the DigiNotar exploit was discovered, Comodohacker claims to control more certificate authorities. "I have access to 4 more so HIGH profile CAs, which I can issue certs from them too which I will, I won't name them," according to the Pastebin post. Comodohacker also claimed to have accessed the StartCom certificate authority, but was blocked by a hardware security module. Furthermore, the attacker claimed to have current access to GlobalSign, and promised to demonstrate that soon.

Unfortunately, no quick fix appears to exist for SSL. "This incident demonstrates in a real way the fragility of the SSL/TLS certificate trust model in use on the net today," said Wisniewski at Sophos. "I hope adoption of replacement technologies like Moxie Marlinspike's Convergence take off in a meaningful way to provide us with more confidence in the security of our communications."

Convergence is a proposal from Marlinspike that involves crowdsourcing certificate verification, by comparing the certificates that users around the world receive for a given website, to help ascertain whether they're legitimate or not. But the approach is relatively new, and so far only available as a Firefox plug-in. Arguably, it's also just one step toward what will need to be a major reform of the information security and business practices of certificate authorities.

The vendors, contractors, and other outside parties with which you do business can create a serious security risk. Here's how to keep this threat in check. Also in the new, all-digital issue of Dark Reading: Why focusing solely on your own company's security ignores the bigger picture. Download it now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-4448
Published: 2014-10-22
House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID.

CVE-2014-4449
Published: 2014-10-22
iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

CVE-2014-4450
Published: 2014-10-22
The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discover credentials by reading credential values within unintended DOM input elements.

CVE-2012-5242
Published: 2014-10-21
Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter in a get_template action.

CVE-2012-5243
Published: 2014-10-21
functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary database information via a crafted request.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.