Vulnerabilities / Threats
9/6/2011
12:10 PM
50%
50%

Are Digital Certificates Doomed?

Certificates are fundamental to the Web's SSL security model. But the recent DigiNotar attack and Comodo hacks show that the system must be strengthened, experts say.

Have digital certificates become too unwieldy to be trusted?

Such certificates are fundamental to the SSL security model employed on the Web and ensure that users have a secure, encrypted connection directly to the website they're visiting. But if attackers hack into certificate authorities and issue false certificates for legitimate websites, all bets are off, not least when it comes to eavesdropping.

Beginning in July, for example, fraudulently obtained digital certificates--issued by Dutch certificate authority DigiNotar--were used to launch man-in-the-middle attacks against Gmail users. Successful exploits would have resulted in attackers being able to read targeted people's email.

"This attack illustrates one of the many security problems with SSL: there are too many single points of trust," said Bruce Schneier, chief security technology officer of BT, in a blog post. In other words, subvert any of those points of trust and security fails.

In the case of DigiNotar, the Dutch certificate authority (CA) didn't discover--never mind own up to--its security breaches until their scale had reached quite large proportions. Then again, according to preliminary results of an audit into the breach commissioned by the Dutch government, DigiNotar practiced poor information security, including no centralized logging, no centralization of critical components, out-of-date and unpatched software, and an administrator password that could have been easily compromised via a brute-force attack, said Chester Wisniewski, a senior security advisor at Sophos Canada, in a blog post. Furthermore, "all of the certificate servers belonged to one Windows domain, allowing the compromise of one administrator account to control everything," he said.

Based on those revelations, the Dutch government seized control of DigiNotar, which is owned by Chicago-based Vasco. Dutch prosecutors said they were evaluating whether to pursue DigiNotar officials for criminal negligence.

Interestingly, the damaging exploit--at least in the time required by businesses such as Google, Microsoft, and Mozilla to code patches--resulted from the exploitation of a certificate authority that saw revenues of less than 100,000 British pounds ($141,000) for the first six months of 2011, according to a statement released last week by Vasco. That statement also promised that DigiNotar "expects to have a solution for its entire customer base before the end of this business week" and that it "expects that the cost of this action will be minimal."

In a subsequent, undated damage control letter to investors, however, Vasco changed its tone, saying that while the company had acquired DigiNotar in January 2011, and planned to fully integrate the DigiNotar's products into its own by 2012, Vasco's own products remained "100% DigiNotar-free."

In other words, DigiNotar appears to be doomed. On Friday, Mozilla released an unprecedented statement saying that it was permanently blocking every DigiNotar certificate, forever. "In an incident earlier this year we worked with Comodo to block a set of mis-issued certificates that were detected, contained, and reported to us immediately," said Jonathan Nightingale, director of Firefox engineering in a blog post. "In DigiNotar's case, by contrast, we have no confidence that the problem had been contained. Furthermore, their failure to notify leaves us deeply concerned about our ability to protect our users from future breaches." Google and Microsoft have likewise begun permanently blocking DigiNotar's certificates.

DigiNotar was punished because it failed to come clean quickly. "The integrity of the SSL system cannot be maintained in secrecy," said Nightingale. "Incidents like this one demonstrate the need for active, immediate, and comprehensive communication between CAs and software vendors to keep our collective users safe online."

But the exploit of DigiNotar shows how easy it is to subvert SSL, as well as the serious repercussions that can result even when clear lines of communication exist. Might that lead to reform--or possibly regulation--of certificate authorities? "Now that someone (presumably from Iran) has obtained a legit HTTPS cert for CIA.gov, I wonder if the US gov will pay attention to this mess," said Christopher Soghoian, a graduate fellow at the Center for Applied Cybersecurity Research at Indiana University, via Twitter on Saturday.

On Monday, Roel Schouwenberg, a senior antivirus researcher at Kaspersky Lab, said in a blog post that the DigiNotar hack would have a political impact equal to Stuxnet, and "put cyberwar on or near the top of the political agenda of Western governments." Furthermore, he suggested that DigiNotar wasn't an isolated event. "With some 500 authorities out there globally it's hard to believe DigiNotar is the only compromised CA out there."

Schouwenberg's prediction was prescient. On Tuesday, an attacker claimed credit for the DigiNotar attacks, using the same "Comodohacker" Pastebin account that had been used to claim credit for the exploit of the Comodo certificate authority earlier this year.

While the DigiNotar exploit was discovered, Comodohacker claims to control more certificate authorities. "I have access to 4 more so HIGH profile CAs, which I can issue certs from them too which I will, I won't name them," according to the Pastebin post. Comodohacker also claimed to have accessed the StartCom certificate authority, but was blocked by a hardware security module. Furthermore, the attacker claimed to have current access to GlobalSign, and promised to demonstrate that soon.

Unfortunately, no quick fix appears to exist for SSL. "This incident demonstrates in a real way the fragility of the SSL/TLS certificate trust model in use on the net today," said Wisniewski at Sophos. "I hope adoption of replacement technologies like Moxie Marlinspike's Convergence take off in a meaningful way to provide us with more confidence in the security of our communications."

Convergence is a proposal from Marlinspike that involves crowdsourcing certificate verification, by comparing the certificates that users around the world receive for a given website, to help ascertain whether they're legitimate or not. But the approach is relatively new, and so far only available as a Firefox plug-in. Arguably, it's also just one step toward what will need to be a major reform of the information security and business practices of certificate authorities.

The vendors, contractors, and other outside parties with which you do business can create a serious security risk. Here's how to keep this threat in check. Also in the new, all-digital issue of Dark Reading: Why focusing solely on your own company's security ignores the bigger picture. Download it now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-4793
Published: 2014-12-27
The update function in umbraco.webservices/templates/templateService.cs in the TemplateService component in Umbraco CMS before 6.0.4 does not require authentication, which allows remote attackers to execute arbitrary ASP.NET code via a crafted SOAP request.

CVE-2013-5958
Published: 2014-12-27
The Security component in Symfony 2.0.x before 2.0.25, 2.1.x before 2.1.13, 2.2.x before 2.2.9, and 2.3.x before 2.3.6 allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation, a si...

CVE-2013-6041
Published: 2014-12-27
index.php in Softaculous Webuzo before 2.1.4 allows remote attackers to execute arbitrary commands via shell metacharacters in a SOFTCookies sid cookie within a login action.

CVE-2013-6043
Published: 2014-12-27
The login function in Softaculous Webuzo before 2.1.4 provides different error messages for invalid authentication attempts depending on whether the user account exists, which allows remote attackers to enumerate usernames via a series of requests.

CVE-2013-6227
Published: 2014-12-27
Unrestricted file upload vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to execute arbitrary code by uploading an executable file, and then accessing this file at a location specified by the format param...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.