Websites, Web developers, and other stakeholders in the SSL ecosystem also have a role to play in improving Web authentication. Here, again, the SSL protocol is still considered to be sound, but the way it's being implemented raises problems.
The controversial Firesheep extension for Firefox is a good example. In late 2010, Eric Butler, an independent application developer, released the extension, which lets users packet sniff to read unencrypted cookies from sites that serve up mixed content, where parts of the site are SSL protected. Website developers commonly make the mistake of mixing content--for example, using SSL to encrypt login authentication but then not ensuring that users only connect to sites using HTTPS on every page.
If you have an HTTPS connection, content shouldn't be pulled in from unsecure HTTP Web pages, says Nicholas Percoco, senior VP at SpiderLabs, a research arm of security firm and CA Trustwave. "You want to make sure that all pages are over SSL and are tested," he says.
An even bigger concern is that virtually no one has upgraded Web server support as the Internet Engineering Task Force, the group that develops SSL and TLS protocol standards, has updated the authentication protocol over the years.
For example, the Beast attack leverages a vulnerability that's years old, a weakness in SSL 3.0 and TLS 1.0. "The vulnerability it attacks was known since about 2005, and since then the IETF working group has come up with a 1.1 and then a 1.2 version of the protocol that actually fixes those things. But nobody adopted them," says Taher Elgamal, chief security officer at Axway, which specializes in managed file transfer, email, and identity security.
With few websites adopting the new SSL versions, browser vendors didn't think it was worth updating their browsers. "If the browser vendors had adopted TSL 1.1--not even 1.2--then that specific Beast attack ... wouldn't have worked at all," says Elgamal, a noted cryptographer who helped develop the initial SSL while at Netscape in the '90s.
Using a version of the protocol that's two revisions behind current technology can put organizations at risk, he says.
Unfortunately, that's where the security industry is. Even though browser vendors have created fixes that protect against Beast in the past month, many Web servers still depend on old technology that doesn't incorporate those fixes. According to a study last year by Ivan Ristic, director of engineering at Qualys, of the 1.2 million website servers surveyed, only 2,191 supported TLS 1.1 and many fewer--211--supported TLS 1.2 (see chart, below).
Nevertheless, that shouldn't stop the security and Internet engineering community from further refining SSL. Elgamal hopes to see changes in the way cipher suites--the base SSL technology that encrypts content--are linked to the protocol. If they were separated from the protocol itself then the hundreds or thousands of certificates that depend on a specific encryption technology wouldn't have to be reissued when that technology is cracked. You'd be able to just swap out the encryption algorithm itself.
"There's nothing built in that allows for graceful signing off of old algorithms," Elgamal says. "It would be really good if we could revoke all the encrypting or hashing methods or signature methods or whatever as the next thing gets broken."
The Sky Isn't Falling
While the challenges standing in the way of more agile and trusted Web authentication seem great, there is a silver lining.
"Five years ago, we were still trying to get people to use SSL, so the fact that people are complaining about it today is really good news because it means people are using it," says Tim 'TK' Keanini, CTO of nCircle, a vulnerability management and compliance vendor. "The bad news is that any flawed SSL implementation presents enormous risk because SSL and TLS handle all kinds of secure data."
This risk is a natural part of having something that integral to the infrastructure open to attack, says Mike Murray, managing partner for consultancy MAD Security. "The sky isn't falling--this is the same thing we've had with other pieces of critical infrastructure for a long time. It's painful now, but if it wasn't SSL, it would be whatever else we were relying on that was that important."
Elgamal agrees that popular security systems will always be under attack. "It's e-commerce. There's money involved, so whatever we put in front of that will be under attack all the time," he says. "There isn't such a thing in the world as something that's permanently secure."
Elgamal, too, wants to improve SSL rather than start over. SSL has too long a history to completely scrap it for less-mature technology that's potentially just as prone to vulnerabilities. However, the industry must make changes in how SSL functions to improve the security of Web transactions.