Proactive IT Security
 

Secure browsing turns insecure (again)

2011-09-05 [Privacy issues, Protection projects, Spreading mechanisms, Trends & predictions]

Introduction

A recent news item has again highlighted some problems involved in the security model used for secure web surfing. This is the second serious incident this year, and it seems relevant to examine whether the system itself has severe weaknesses.

We will look into some aspects in this article.

The security model itself - a snapshot

Ordinary web browsing uses the communication protocol Hyper Text Transfer Protocol (http), which in itself does not provide any security. The communication itself is  not protected, and there is no security involved in confirming that the web site that the surfer accesses is what he intended to access. This involves several potential security problems, e.g. man-in-the-middle attacks and other types of eavesdropping.

The Hyper Text Transfer Protocol Secure (https) is used to circumvent several of the security issues with http. All serious ecommerce sites use https, and this protocol is getting increasingly popular also for other web resources. Twitter for example has recently started to use https communication as it default protocol. Google's products like  Gmail, Docs and Google+ use https as its default protocol.

Https includes the following elements to enhance security:

  • The web site that the user accesses with his browser has a valid certificate installed. This certificate (supposedly) identifies the web site correctly.
  • The communication between the web site and the user's browser is encrypted.

The web site certificates are issued (signed) by Certification Authorities (CAs), and the valid CA are pre-installed in the various web browsers.

The certificates will usually be valid only for a limited period (typically one or two years). If for some reason a certificate must be revoked before, it should be revoked from the CA, and will then (ideally) no longer function.

According to Electronic Frontier Foundation (EFF), there are around 1 500 CAs controlled by around 650 organizations.

As mentioned in the introduction however, this year two major incidents concerning certification authorities have been made public. Interestingly, they have several similarities.

The Comodo breach - disclosed March 2011

An attacker was able to log in with user name and password to one of Comodo's partners in Europe. Subsequently nine false certificates for the following domains were generated:

  • mail.google.com
  • www.google.com
  • login.yahoo.com (three different certificates)
  • login.skype.com
  • addons.mozilla.org
  • login.live.com
  • global trustee

The Registration Authority (RA) which had been compromised, turned out to be the Italian InstantSSL.it.

The browser vendors took action and published updates with the fraudulent certificates revoked.

Most speculations regarding who was behind this attack, indicated that it was someone close to the authorities of Iran, and that the motivation might have been to obtain information about dissident Iranians.

The DigiNotar breach - disclosed August 2011

The DigiNotar breach is quite similar to the Comodo incident. DigiNotar is a Dutch CA and a subsidiary of Vasco.

It was noticed that someone had been able to create false certificates for *.google.com - the full Google domain. This means that users who attempted to use Google services like Gmail, Google Docs, Google+ and Google search could be victims of Man-in-the-Middle attacks. This certificate had been created 10 July, thus being active for almost two months before it was revoked.

There have been speculations about how many false certificates that have been generated. DigiNotar has stated "several dozen", while Google blacklisted 247 certificates in its latest browser blacklist.

As with the Comodo incident, the browser vendors took action quickly. However, unlike Comodo, this time the browser vendors chose to revoke DigiNotar'r root certificate, which means that no certificate that DigiNotar ever issued will be valid.

A few days later, it turned out that the incident was even more serious. More than 500 certificates are supposedly issued, including certificates for Microsoft's updating sites. The browser vendors revoked more certificates where DigiNotar had been involved.

In an unusually cross blog item 4 September Mozilla writes:

DigiNotar detected and revoked some of the fraudulent certificates 6 weeks ago without notifying Mozilla. This is particularly troubling since some of the certificates were issued for our own addons.mozilla.org domain.
(...)
In DigiNotar’s case, by contrast, we have no confidence that the problem had been contained. Furthermore, their failure to notify leaves us deeply concerned about our ability to protect our users from future breaches.
(...)
The integrity of the SSL system cannot be maintained in secrecy. Incidents like this one demonstrate the need for active, immediate and comprehensive communication between CAs and software vendors to keep our collective users safe online.

Again, the authorities of Iran were the main suspects as those behind this breach. If this is true, dissident Iranians may have been at considerable peril during the time the fraudulent certificates were valid.

As at this writing the full consequences of this DigiNotar breach is not clear.

Consequences

Electronic Frontier Foundation pinpoints the problem with the current security model precisely:

The certificate authority system was created decades ago in an era when the biggest on-line security concern was thought to be protecting users from having their credit card numbers intercepted by petty criminals. Today Internet users rely on this system to protect their privacy against nation-states. We doubt it can bear this burden.

Browser vendors - e.g. Google's Chromium initiative - as well as independent organizations are engaging in creating systems to make the current model more secure. The fact that an updated version of some browsers were needed in order to revoke DigiNotar's root certificate, is an obvious problem, as it is known that many users fail to update software regularly.

In the longer run, it seems obvious that the current security model needs to be replaced by something that is less vulnerable for attacks from dedicated persons, organizations or governments.

Further details about the certification breaks

The Comodo incident

The DigiNotar incident