A year ago nobody could have cared less about certificate authorities (CAs), a dull but critical part of Internet that makes it possible for web servers to authenticate themselves to other computers, including ordinary browsers, using SSL. But every year has its ‘threat nobody saw coming’ and in 2011 it has turned out to be SSL certificates pilfered on an almost industrial scale from companies that claimed to be in the business of issuing them securely.
From March onwards, a growing list of companies have had to admit that they have suffered serious attacks on their certificate infrastructure, leaving big cracks showing in a technology the Internet can’t really function without. In an uneasy and ill-defined way, the multi-billion dollar Secure Sockets Layer industry no longer seems to be the cosy security blanket everyone assumed it was.
The latest company to ratchet uncertainty has been a Dutch company KPN which this week has admitted (unhelpfully in Dutch rather than English) that something appears to have gone awry with a server used for purchasing of SSL certificates.
‘Awry’ in this case means that the server was compromised as long ago as 2007 to host DDoS attack tools, which has nothing directly to do with issuing bogus certificates except that who would trust an SSL security company that lets hackers ‘pwn’ its servers to do anything? With past certificates issued by it now in theoretical doubt at least, the company has suspended issuing any new ones while it investigates what actually happened.
So what is an SSL certificate?
It’s tempting to explain the self-effacing chunks of encrypted data that make up certificates in purely technological terms but first and foremost SSL (or ‘https’ to browser users) is an industry worth tens of billions of dollars to the hundreds of companies around the world that are allowed to generate and sell them to website owners.
The most important part of the digital hierarchy are the large, heavily-audited companies (Verisign, GoDaddy and Comodo for instance) called Certificate Authorities (CAs) that issue root certificates, which are also sold on by a network of reselling intermediaries, including companies such as KPN and Digicert Malaysia, another outfit recently blacklisted by Microsoft and Mozilla.
Someone trying to hack these companies, or their resellers, is really trying to do something fairly simple. If they can get inside the system it might be possible to issue forged certificates for large Internet brands that can be used to undermine the server-to-client security link essential for financial transactions and secure communications such as email.
Normally this system works without computer users being aware it even exists, with root certificate public keys being quietly sifted by browsers against a list of accepted authorities (you can see which in a browser’s security settings tab), with warnings usually issued only when encountering one that is out of date.
With doubts now growing, the key to understanding the significance of a breach incident is working out which bit of the infrastructure has been compromised. A problem at a reseller means that this company probably has no business model; a serious hack at a root certificate authority could end up undermining the whole industry.
There hasn't yet been a major breach at a root provider but it’s been a close-run thing at times.
Trouble began with a compromise of US company Comodo, a root certificate authority, on 15 March. In an attack later claimed by Iranian hacker protagonist ‘Comodohacker’, a compromised partner account was used to issue bogus certificates for a clutch of big-name domains, including mail.google.com, www.google.com, login.yahoo.com, login.skype.com, addons.mozilla.org and login.live.com. Anyone logging into web pages secured using these certificates would have been allowing the attackers to eavesdrop on their traffic at will as long as the DNS resolution system had also been tinkered with.
This sounds bad but it would have been much worse had Comodo itself been hacked without the involvement of an intermediary. The unpleasant atmosphere that has hung around the incident remained the company's status as a root authority and the fact that the compromise turned out to have been used in documented attacks.
In late summer came the potentially more serious compromise of Dutch Vasco subsidiary DigiNotar, another company with root status, also blamed on the same Iranian ‘Comodohacker’ source, in which hundreds of bogus certificates were put into circulation. The disaster was so great that with its status revoked the company went out of business only weeks later.
Not content with this show of strength, Comodohacker made similar claims about pulling a similar trick at Belgian company GlobalSign, by which time the industry was becoming a bad joke.
Some have rather dismissed the attacks on certificate authorities as the work of a single possibly state-backed attacker with a political motive, but events have clearly shown up serious weaknesses in the SSL certificate system that have, it turns out, been an anxiety in the security industry for years.
The structure of the industry has expanded rapidly in the last decade on the back of easy profits, with trust being passed around from company to company without much care for the risks being created.
Even when it becomes clear that certificates issued by an authority have been compromised, there is no easy way to patch the hole. Browsers can and do revoke certificates from specific companies as long as they are minor players or resellers but doing the same for a root authority such as Comodo would cause chaos if a master key was involved. Tens of thousands of companies will have purchased certificates from that authority legitimately and would find themselves suddenly 'untrusted'.
Some have proposed salvation in DNSSEC, basically an extra security layer built into the system by which DNS requests are resolved to underlying IP addresses using an authentication mechanism. That would make it difficult for sites using forged SSL certificate to redirect users to wherever they choose. This probably won’t work. If attackers have enough state backing to interfere with the DNS system itself, adding another layer won’t on its own make much difference.
In the absence of a quick fix, and with browser makers getting less and less patient in the face of breaches, vendors will ironically try and push bigger and tougher Extended Validation SSL Certificates. The innovation here is simply that issuing a certificate requires a greater number of checks, including personal validation. The idea of EV SSL has been around for years but has never taken off because of its unpleasant expense.
What will probably happen is that CAs all over the world circle wagons, tighten up their infrastructure and the problem will appear to recede for a while, as security problems have a habit of doing. Alternatively, the next big attack could spell serious trouble. Is there a plan B? The world might have to find out the hard way.