DigiNotar a weathervane of failed trust

By on
DigiNotar a weathervane of failed trust

Industry reacts.

The fraudulent Google.com SSL certificate issued by Diginotar may be one of many, according to analysts.

The Dutch certificate authority (CA) admitted yesterday it issued fraudulent certificates - including a *.google.com wildcard - after it was hacked.

Diginotar revoked an unnamed number of affected certificates while Microsoft, Google and Mozilla blacklisted the CA's root certificate.

The Digitnotar breach permitted the "fraudulent issuance of public key certificates for a number of domains, including Google.com," according to the statement from US company VASCO, which owns DigiNotar.

But a code analysis of the upcoming Google Chrome release first identified by The Register shows fraudlent certificates could have been issued for hundreds of websites. 

The analysis identified that Google would blacklist 257 certificates in Chrome, up from 10 in the current version.

Neal Wise, director of penetration testing firm Assurance.com.au said the Chrome blacklist could encompass DigitNotar SSL certificates used by a large number of web sites, along with intermediate signing certificates.

"I could almost guarantee that it was not just Google that the certificates were issued," Wise said,.

"Maintaining this [list] in the browser code will get old once we're talking about thousands and thousands of revoked certificates from similar CA problems in the future."

Intermediate signing certificates are CAs used to create SSL certificates. It allowed a root CA to be used in the event that the intermediate CA was compromised or revoked.

He said SSL sessions established by Chrome would likely consult the list against the serial number of certificates served.

A sample test of signatures in a pastebin dump of what appeared to be revoked DigiNotar certificates did not match against the Chrome list. But Wise noted that the signatures could refer to different certificate lists, or the lists may simply contain serial numbers and fingerprints respectively.
He said the breach may be a result of problems with DigiNotar's request/requestor validation process or with application flaws in its ordering system.

Wild west

The DigiNotar breach was for many a symptom of deep problems with the certificate trust model.

For Wise, the breach highlights the danger of wildcard certificates because they were valid across a string of subdomains for a nominated site.

"We have been telling people for 10 years that wildcards are a bad idea," Wise said. "You get fly-by-night CAs selling certificates for $10 without concern for security or who they are selling to."

Wise had often grabbed wildcard certificates in penetration tests and used them to compromise client systems.

"It increases risk, and makes it so much harder to defend," he said.

AusCERT security analyst Richard Billington said wildcard certificates were often an easier or cheaper alternative to multiple certificates.

"Unfortunately costs and business models come into play here. This can often result in the easiest solution or best revenue stream being picked or perpetuated, rather than the best solution," Billington said.

It raised bigger issues about the much-troubled trust model that underpins certificates, according to AVG threat researcher and Virus Bulletin contributor Nick Fitzgerald.

"In face-to-face interactions with strangers over thousands of years, humans have developed a process of being reticent about things that we are told by strangers - it's why we mightn't trust used car salesmen and the like," Fitzgerald said.

He points to a 2001 breach in which Verisign accidentally issued Microsoft certificates to someone posing as a Microsoft employee. 

"No one in their right mind should trust major certificates authorities, the really big ones, because at some point they have released fraudulent certificates.

"By rights, if the chain of trust is upheld, [breached] CAs should be removed, but in Microsoft's case that should have invalidated maybe 25 percent of the certificates."

Billington said failings in the certificate model could often be pinned on human error.

"Not patching servers, not separating networks and systems, or even just a user letting their guard down," he said.

Non-technical end users were particularly exposed by the certificate model. Fraudulent certificates can be used to impersonate web sites and intercept account information.

Security researcher Moxie Marlinspike, who launched the Convergence project as an alternative to the trust model at the DefCon conference this month, had long-called for the framework to be replaced.

Suspended

In response to this apparent in-the-wild attack, VASCO said it plans to indefinitely suspend the sale of its traditional and extended-validation (EV) SSL certificates.

"The company will only restart its SSL and EV SSL certificate activities after thorough additional security audits by third-party organisations," the statement said.

Typically, users that visit websites that have been issued forged certs are unlikely to notice anything amiss, said Christopher Soghoian, a noted privacy researcher.

In an attempt to quell any speculation that hackers impacted other parts of VASCO's network, the company said the compromise was confined to its CA environment.

"The technological infrastructures of VASCO and DigiNotar are completely separated, meaning that there is no risk for infection of VASCO's strong authentication business," the company said.

Regardless of the scope, the incident highlights the precarious nature of the current CA system.

In March, hackers gained access to competitor Comodo's certificate generation system to fabricate nine fraudulent credentials for big-name sites like Google, Yahoo, Skype and Microsoft's Hotmail. An independent Iranian hacker claimed responsibility.

Copyright © SC Magazine, Australia

Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?