SSL Certificates Compromised By Governments & Hackers: Time To Fix SSL

from the man-in-the-middle dept

The idea of using man-in-the-middle attacks to spy on encrypted conversations is hardly new, but there hasn't been a really thorough discussion of the likelihood of its use against SSL connections (the encrypted connections you see in your web browser on https sites, such as online banking sites, with the little lock shown in the corner of your browser). A new paper highlights not only how this works, but also how there's a company selling the technology to governments to use. Of course, to make it work and be an effective man in the middle, you need a certificate authority to grant you a fake certificate -- but there are some fears that gov'ts could do this by force or by trickery -- and hackers could certainly do it by trickery. The Wired article above quotes people at both GoDaddy and VeriSign insisting that they've never issued fake certificates to the gov't, but it is suspicious that a company is selling a device to gov'ts to do exactly this. The real problem is in the basic implementation of SSL, which right now involves too much blind trust. Apparently, the EFF is working with some security researchers to make some suggestions on ways that this could be fixed.

Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 25 Mar 2010 @ 9:00pm

    I came up with a non patentable system to fix this. Basically, each website that wants a public key can put their public key in a robots.txt file and a web crawler, like Google, can crawl all public websites for these keys and use it’s own public key to authenticate these public keys for those on wifi connections.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Mar 2010 @ 9:01pm

      Re:

      err... each website that wants to provide an SSL connection can put ...

      This way verisign is not necessary.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Mar 2010 @ 9:09pm

      Re:

      and the reason this fixes it is now my browser can check Google, Yahoo, and many other sites for the public key and ensure they are all consistent. A much larger scale conspiracy would have to exist, across many different servers, for such a conspiracy to be doable since anyone can now open up their own SSL web crawler.

      Perhaps Google and others can offer webservers the opportunity to identify themselves with credentials and to allow web browsers to know who has been personally identified (ie: with ID cards) and who hasn't.

      For there to be like two or three authentication servers seems like a bad idea, anyone should be able to start their own authentication servers and allow anyone to implement them in browsers.

      reply to this | link to this | view in chronology ]

    • identicon
      Doctor Strange, 25 Mar 2010 @ 9:17pm

      Re:

      We have this sort of system, it's called PGP. Of course, given that you assume that man-in-the-middle attacks are possible, how do you know that the man-in-the-middle isn't sitting between Google's crawler and the site in question and responding with the fake certificate?

      This isn't a problem with the SSL technology, per se. It's a fundamental issue in any system where parties that are otherwise unacquainted are trying to establish each others' identity. A well-known trusted third party (the certificate authority) is relied upon to vouch for the identity of the site you're contacting. If that third party becomes no longer trustworthy, you have a problem.

      This was less of a threat when browsers trusted a half a dozen CAs by default, but now they trust many more. When VeriSign and Thawte had a de-facto duopoly on certificates there was no end of crying and bitching that they charged too much and more competition was needed and more players needed to be added to the market. Well, more players are harder to monitor and less likely to apply good security practices consistently. So congratulations, you got your wish.

      We have this problem in society, as well. How do you know that your coworker really works at your company? What if he's just a really great impostor? What if a good friend of yours that you met five years ago was really a criminal on the lam from another country who is faking his identity? How do you REALLY know he's not? Oh, you've met his parents? How do you know they're not accomplices, or actors?

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 25 Mar 2010 @ 9:40pm

        Re: Re:

        The question of identification is an impossible one to fix. My solution solves the issue of authentication and puts in place more practical solutions. Absolute security is impossible, but there are ways to minimize the chances of security breaches.

        reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 25 Mar 2010 @ 9:46pm

        Re: Re:

        "more players are harder to monitor"

        and this is exactly the point. Harder for the GOVERNMENT to monitor, which is GOOD for those who don't want the government to monitor them.

        "less likely to apply good security practices consistently."

        But if my browser can cross check a public key with many authentication servers then the user can get far better security.

        reply to this | link to this | view in chronology ]

        • identicon
          Cheong, 25 Mar 2010 @ 10:31pm

          Re: Re: Re:

          > > "more players are harder to monitor"

          > and this is exactly the point. Harder for the GOVERNMENT to monitor, which is GOOD for those who don't want the government to monitor them.

          No, the government doesn't need to monitor ALL CAs at once.

          If they want to sniff some company, just see what CA its e-cert comes from, and you know which CA to negotiate to...

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 25 Mar 2010 @ 11:26pm

            Re: Re: Re: Re:

            But, with my idea, if they simply put their public key in the robots.txt file and enabled ANY webcrawler to find it and authenticate it to others, then my browser can cross check it with multiple different CA's, not just one, and it can ensure that they all match or else warn me if they don't.

            reply to this | link to this | view in chronology ]

      • identicon
        The Mighty Buzzard, 25 Mar 2010 @ 10:55pm

        Re: Re:

        For that matter, how do you know you aren't an incredibly complex (Though some are less complex than others. Yeah, I'm talking about you, Will Ferrel movie fans.) person simulation program that was started five minutes ago?

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 25 Mar 2010 @ 10:20pm

    @ Doctor Strange

    How do you know that your coworker really works at your company? What if he's just a really great impostor? What if a good friend of yours that you met five years ago was really a criminal on the lam from another country who is faking his identity? How do you REALLY know he's not? Oh, you've met his parents? How do you know they're not accomplices, or actors?

    Doctor Strange,
    We'd like to invite you to be on our next panel-- http://www.theonion.com/articles/onion-news-network,14177/

    Please RSVP at TheOnion.com

    reply to this | link to this | view in chronology ]

  • identicon
    Cheong, 25 Mar 2010 @ 10:21pm

    Just do what Putty does... It remembers the thumbprint of the last certificate you used to connect to certain location. When you connect next time and the certificate doesn't match, it prompts and ask you if you want to trust the new one...

    Now just find someone to implement it for Firefox...

    reply to this | link to this | view in chronology ]

  • identicon
    Cheong, 25 Mar 2010 @ 10:27pm

    > This isn't a problem with the SSL technology, per se. It's a fundamental issue in any system where parties that are otherwise unacquainted are trying to establish each others' identity. A well-known trusted third party (the certificate authority) is relied upon to vouch for the identity of the site you're contacting. If that third party becomes no longer trustworthy, you have a problem.

    If such CA is found, you can alway remove their CA from your "trusted CA" store, or if you really want to make sure, put it into "untrusted" store.

    And from my understanding, if the CA allow government authorities to do this, you can always claim money from their insurance company(ies). The increased insurance fee can make them pay for their mistake, or if they cannot find one for the insurance service, they lose their CA status.

    reply to this | link to this | view in chronology ]

  • identicon
    Lawrence D'Oliveiro, 25 Mar 2010 @ 10:43pm

    How SSL Works

    If you’re a Firefox/Iceweasel user, open the Preferences, click the “Advanced” icon, then the “Encryption” tab, and the “View Certificates” button. In the dialog that appears, look at the “Authorities” tab.

    What do you see? About 100 different “root certificates” from Certifying Authorities that your browser trusts implicitly. Any one of those CAs can issue a certificate for any domain, and your browser will trust that certificate.

    What we need is some system for assessing the trustworthiness of these authorities, so that we know how much trust to attach to certificates that they issue. And possibly also putting contraints on the domains that each one of them can certify, to prevent them from overstepping their bounds.

    It’s not an easy problem. And the biggest hurdle is going to be users. Most of them don’t even pay attention to SSL certificates as it stands; will they see increased security as anything other than more nuisance dialogs they have to click to make them go away?

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Mar 2010 @ 11:28pm

      Re: How SSL Works

      "What we need is some system for assessing the trustworthiness of these authorities"

      I think a system of cross consistency is better. You have multiple public key crawlers and each website simply puts its public key in its robots.txt file. My browser authenticates the public key with multiple public key web crawlers and if they all match then it's a good sign. If one of them doesn't match, it's a problem. Instead of trusting a single CA, trust their collective and consistent message, it's a peer review system in a sense.

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 25 Mar 2010 @ 11:35pm

      Re: How SSL Works

      "And the biggest hurdle is going to be users."

      The ignorant user issue is one that's impossible to solve. but at least we can have verisign that identifies web servers ensuring they have ID cards and other identifiying information and then authenticates them WHILE at the same time having the same web server putting their public key in a robots.txt file for public key crawlers to search through. Then when my browser authenticates a site it validates that a site has physically registered (ie: shown credentials like identification information) with at least one authority like Verisign (and the cert will say which sites it identified itself with so the user can know) while at the same time the browser can check multiple other CA's that simply look at the robots.txt file for the public key to use those to ensure consistency. If there is a lack of consistency the browser warns the user.

      reply to this | link to this | view in chronology ]

  • icon
    Michael (profile), 26 Mar 2010 @ 12:50am

    OpenPGP Web of Trust

    There are two issues here. First is a quote I'll paraphrase; If you aren't using a web of trust, you aren't using real security. Second is that the current system is centralized. It forces people to trust others because that is easier.


    The solution is obviously based on a completely de-centralized system that involves everyone in security. You can trust that your bank's employees hand out the proper certificate on official paper. You can see that it's signed by all of them, and you can inform your browser that it is indeed the signing authority for your money.

    The caches would be like current DNS servers at ISPs, middle-men that simply cache the records provided by others. They might even be smart and do some basic sanity checks so they can dump errant records.

    reply to this | link to this | view in chronology ]

  • identicon
    Joseph Durnal, 26 Mar 2010 @ 5:33am

    At work

    You might not know it, but if you work for a company or government agency that has a cyber security ddepartment, they are probably decrypting all of your SSL encrypted web traffic. The first time I saw this happen several years ago I was shocked, I always thought SSL was safe from packet inspection, but I was wrong. These days, apps like bluecoat ssl proxy are everywhere, exposing thousands if not millions of people who agree to let your employer to monitor your computer activity to having the passwords to their bank account, personal e-mail, facebook, credit card number, etc. decrypted and stored on your employer's systems. I doubt that is what your average employee thinks is going on.

    Just because it is SSL, doesn't mean it is secure.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 26 Mar 2010 @ 4:13pm

      Re: At work

      You might not know it, but if you work for a company or government agency that has a cyber security ddepartment, they are probably decrypting all of your SSL encrypted web traffic.

      Umm, not quite. That applies to SSL traffic that goes through *their* computers. You forgot to mention that part. I.e just because you work for such an employer doesn't mean they can snoop your SSL traffic on your computer at home.

      And that brings up the point of *how* they are able to do this. Well, it's because SSL has been purposely compromised on those employer-owned computers in order to allow such snooping. Not only that, but they may have installed key-loggers, cameras and other snooping tools as well.

      And that in turn brings up another maxim of computer security: If you don't have control and physical security of a computer, you don't have security. So, anyone thinking that they had privacy on their employer's computer in the first place was probably being naive. No news there.

      reply to this | link to this | view in chronology ]

  • icon
    bugmenot (profile), 26 Mar 2010 @ 8:15am

    Re: At Work

    You do realise the new version of Microsoft's Proxy Server -ForeFront TMG 2010 Also decrypts SSL traffic using man in the middle techniques :(

    http://www.microsoft.com/forefront/threat-management-gateway/en/us/features.aspx

    reply to this | link to this | view in chronology ]

    • identicon
      Joseph Durnal, 26 Mar 2010 @ 9:13am

      Re: Re: At Work

      Yep, and that is good since 90% of my consulting work is with Microsoft products - though I've not implemented TMG for that yet. Bluecoat was my example because it is one of the more well known products in the space.

      reply to this | link to this | view in chronology ]

  • icon
    latchkeyed (profile), 26 Mar 2010 @ 9:21am

    Central Point of Failure

    There are already some great technologies to avoid the central point of failure we're seeing with trusted ssl certs. One I found out about recently is called Monkey Sphere and it replaces ssl certs with openpgp keys.

    So you can choose to trust all of today's default certification issuers, and therefore the sites they sign, or you could remove some of those issuers from your keyring and manually verify any of their signed sites that you do business with.

    It would also allow sites to get certifications from any number of organizations and people on the same key rather than using ssl certs where the specification mandates a single certifying authority per certificate.

    It's very interesting stuff and they have some tools ready for you to deploy.

    reply to this | link to this | view in chronology ]

  • identicon
    Robert Freeman, 29 Mar 2010 @ 4:45pm

    Extended Validation SSL

    Regular SSL certificates are easily purchased -- A simple email approval is all that is needed, absolutely no background checks performed. On the other hand companies seeking to obtain Extended Validation SSL certificate go through a rigorous and involved background check, here at VeriSign. On any given day, a large percentage of the top Google links (online retail) are to fake sites that are collecting credit card information and false charges. These sites all will appear to have standard SSL certificates, with the legitimate looking padlock etc.
    Extended Validation SSL (the green bar) is the way for a company to show that they are a legitimate website. Combine the thorough site authentication process with the green url bar and your potential buyers are more likely to complete the shopping cart and return as a loyal customer who feels your site is secure.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 30 Mar 2010 @ 8:12pm

      Re: Extended Validation SSL

      On the other hand companies seeking to obtain Extended Validation SSL certificate go through a rigorous and involved background check, here at VeriSign.

      For the government, the average cost of a "rigorous and involved background check" for a security clearance can run $15,000 or more. And even though they send out people with badges (to whom it would be illegal to lie to) to conduct the investigations, some bad apples slip through.

      So how do you manage to do it for only $995 (your price for an SSL EV certificate) and without badges? If you are really doing what you claim, then why don't you offer your services to the government? It sounds like you could save them a lot of money, especially considering they currently have a backlog of over 350,000 investigations to conduct.

      reply to this | link to this | view in chronology ]

  • identicon
    DONNIE CLAYTON BARBER, 29 Sep 2010 @ 4:41pm

    HELP THE INDIANS

    AMERICA IS ONE NATION UNDER GOD AND I HOPE IT STAYS THAT WAY. AMERICA IS UNDER ATTACK FROM WITHIN BY OUR GOVERNMENT. MY NAME IS DONNIE CLAYTON BARBER 950 LEE RD.453 WAVERLY,AL. 36879. PHONE 3348874342. I'M JUST A VIETNAM VET. PART INDIAN AND DISABLED. I LIVE 10 MILES FROM TOWN AND I'M 59 YEARS OLD. I'M GLAD I HAD A CHANCE TO LEARN A FEW THINGS. I'M JUST ONE OF A SHARE CROPPERS FAMILY OF 11 KIDS. WE HAD VERY HARD TIMES AS KIDS. WHEN I TURNED 18 I WAS ABLE TO JOIN THE ARMY AND I SERVED IN VIETNAM AS A FOOT SOLDIER AND GERMANY WITH THE 3/2 ACR. I HAD LESS THAN A 7TH GRADE EDUCATION. THE SHERIFF DEPT. CAME TO MY HOME AND TOOK MY GUNS FOR NO REASON. I COMMITED NO CRIME. THEN THEY TOOK ME TO THE WRONG HOSPITAL, EAST ALABAMA MEDICAL CENTER, OPELIKA, AL.. I SHOULD HAVE WENT TO THE VA. HOSPITAL. THIS RUN UP A HOSPITAL BILL I COULDN'T AFFORD.NOW WE ARE BEING FORCED TO EAT NANO FOOD AND THEY ARE MAKING NANO SEED. THE RETIRED ARE HAVING THEIR MONEY CUT. BUT THE GOVERMENT SEEMS TO FORGET ABOUT BORROWING IT YEARS AGO. WE ARE BEING TRACKED IN SO MANY WAYS, COMPUTERS,CELL PHONES,GPS, TV.PROGRAMING, CABLE TV., BIG BUSINESS, SMALL BUSINESS. TAX PAYERS PAY FOR EVERYTHING. WHILE THE FEDS HAVE THE BIGGEST PAYROLL IN THE WORLD. THE GOVERNMENT USES MORE FUEL THAN ANY OTHER COUNTRY IN THE WORLD. WHILE ABOUT 50 PERCENT OF WORKERS HAVE TO WORRY ABOUT GAS. THANK YOU. DONNIE C. BARBER donniecbarber@aol.com

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Insider Shop - Show Your Support!

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.