Vulnerabilities / Threats
9/6/2011
12:10 PM
50%
50%

Are Digital Certificates Doomed?

Certificates are fundamental to the Web's SSL security model. But the recent DigiNotar attack and Comodo hacks show that the system must be strengthened, experts say.

Have digital certificates become too unwieldy to be trusted?

Such certificates are fundamental to the SSL security model employed on the Web and ensure that users have a secure, encrypted connection directly to the website they're visiting. But if attackers hack into certificate authorities and issue false certificates for legitimate websites, all bets are off, not least when it comes to eavesdropping.

Beginning in July, for example, fraudulently obtained digital certificates--issued by Dutch certificate authority DigiNotar--were used to launch man-in-the-middle attacks against Gmail users. Successful exploits would have resulted in attackers being able to read targeted people's email.

"This attack illustrates one of the many security problems with SSL: there are too many single points of trust," said Bruce Schneier, chief security technology officer of BT, in a blog post. In other words, subvert any of those points of trust and security fails.

In the case of DigiNotar, the Dutch certificate authority (CA) didn't discover--never mind own up to--its security breaches until their scale had reached quite large proportions. Then again, according to preliminary results of an audit into the breach commissioned by the Dutch government, DigiNotar practiced poor information security, including no centralized logging, no centralization of critical components, out-of-date and unpatched software, and an administrator password that could have been easily compromised via a brute-force attack, said Chester Wisniewski, a senior security advisor at Sophos Canada, in a blog post. Furthermore, "all of the certificate servers belonged to one Windows domain, allowing the compromise of one administrator account to control everything," he said.

Based on those revelations, the Dutch government seized control of DigiNotar, which is owned by Chicago-based Vasco. Dutch prosecutors said they were evaluating whether to pursue DigiNotar officials for criminal negligence.

Interestingly, the damaging exploit--at least in the time required by businesses such as Google, Microsoft, and Mozilla to code patches--resulted from the exploitation of a certificate authority that saw revenues of less than 100,000 British pounds ($141,000) for the first six months of 2011, according to a statement released last week by Vasco. That statement also promised that DigiNotar "expects to have a solution for its entire customer base before the end of this business week" and that it "expects that the cost of this action will be minimal."

In a subsequent, undated damage control letter to investors, however, Vasco changed its tone, saying that while the company had acquired DigiNotar in January 2011, and planned to fully integrate the DigiNotar's products into its own by 2012, Vasco's own products remained "100% DigiNotar-free."

In other words, DigiNotar appears to be doomed. On Friday, Mozilla released an unprecedented statement saying that it was permanently blocking every DigiNotar certificate, forever. "In an incident earlier this year we worked with Comodo to block a set of mis-issued certificates that were detected, contained, and reported to us immediately," said Jonathan Nightingale, director of Firefox engineering in a blog post. "In DigiNotar's case, by contrast, we have no confidence that the problem had been contained. Furthermore, their failure to notify leaves us deeply concerned about our ability to protect our users from future breaches." Google and Microsoft have likewise begun permanently blocking DigiNotar's certificates.

DigiNotar was punished because it failed to come clean quickly. "The integrity of the SSL system cannot be maintained in secrecy," said Nightingale. "Incidents like this one demonstrate the need for active, immediate, and comprehensive communication between CAs and software vendors to keep our collective users safe online."

But the exploit of DigiNotar shows how easy it is to subvert SSL, as well as the serious repercussions that can result even when clear lines of communication exist. Might that lead to reform--or possibly regulation--of certificate authorities? "Now that someone (presumably from Iran) has obtained a legit HTTPS cert for CIA.gov, I wonder if the US gov will pay attention to this mess," said Christopher Soghoian, a graduate fellow at the Center for Applied Cybersecurity Research at Indiana University, via Twitter on Saturday.

On Monday, Roel Schouwenberg, a senior antivirus researcher at Kaspersky Lab, said in a blog post that the DigiNotar hack would have a political impact equal to Stuxnet, and "put cyberwar on or near the top of the political agenda of Western governments." Furthermore, he suggested that DigiNotar wasn't an isolated event. "With some 500 authorities out there globally it's hard to believe DigiNotar is the only compromised CA out there."

Schouwenberg's prediction was prescient. On Tuesday, an attacker claimed credit for the DigiNotar attacks, using the same "Comodohacker" Pastebin account that had been used to claim credit for the exploit of the Comodo certificate authority earlier this year.

While the DigiNotar exploit was discovered, Comodohacker claims to control more certificate authorities. "I have access to 4 more so HIGH profile CAs, which I can issue certs from them too which I will, I won't name them," according to the Pastebin post. Comodohacker also claimed to have accessed the StartCom certificate authority, but was blocked by a hardware security module. Furthermore, the attacker claimed to have current access to GlobalSign, and promised to demonstrate that soon.

Unfortunately, no quick fix appears to exist for SSL. "This incident demonstrates in a real way the fragility of the SSL/TLS certificate trust model in use on the net today," said Wisniewski at Sophos. "I hope adoption of replacement technologies like Moxie Marlinspike's Convergence take off in a meaningful way to provide us with more confidence in the security of our communications."

Convergence is a proposal from Marlinspike that involves crowdsourcing certificate verification, by comparing the certificates that users around the world receive for a given website, to help ascertain whether they're legitimate or not. But the approach is relatively new, and so far only available as a Firefox plug-in. Arguably, it's also just one step toward what will need to be a major reform of the information security and business practices of certificate authorities.

The vendors, contractors, and other outside parties with which you do business can create a serious security risk. Here's how to keep this threat in check. Also in the new, all-digital issue of Dark Reading: Why focusing solely on your own company's security ignores the bigger picture. Download it now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, January 2015
To find and fix exploits aimed directly at your business, stop waiting for alerts and become a proactive hunter.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7402
Published: 2014-12-17
Multiple unspecified vulnerabilities in request.c in c-icap 0.2.x allow remote attackers to cause a denial of service (crash) via a crafted ICAP request.

CVE-2014-5437
Published: 2014-12-17
Multiple cross-site request forgery (CSRF) vulnerabilities in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) enable remote management via a request to remote_management.php,...

CVE-2014-5438
Published: 2014-12-17
Cross-site scripting (XSS) vulnerability in ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier allows remote authenticated users to inject arbitrary web script or HTML via the computer_name parameter to connected_devices_computers_edit.php.

CVE-2014-7170
Published: 2014-12-17
Race condition in Puppet Server 0.2.0 allows local users to obtain sensitive information by accessing it in between package installation or upgrade and the start of the service.

CVE-2014-7285
Published: 2014-12-17
The management console on the Symantec Web Gateway (SWG) appliance before 5.2.2 allows remote authenticated users to execute arbitrary OS commands by injecting command strings into unspecified PHP scripts.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.