Fake Certificates Reveal Flaws in the Internet's Security
A new report concludes that a breach at a single certificate authority can undermine the security of the entire Internet.
A major breach at a Dutch purveyor of digital certificates has caused some security experts to question the infrastructure that underpins the security of the Internet.
The breach allowed unknown attackers to issue at least 531 fraudulent certificates for major domains, including Google.com, Microsoft.com, and Yahoo.com. Certificates are supposed to verify a website as genuine to a visitor’s Web browser; that verification prevents an attacker from using a forged domain address to steal data. The certificates contain encrypted data that lets browsers and other software confirm that a website is legitimate. So by compromising the digital certificate, an attacker can pose as a secure website, such as Google’s Gmail, and intercept communications, or bypass security mechanisms and install malicious software.
“What is unusual here is not that a certificate authority was compromised, but that someone noticed,” says Moxie Marlinspike, chief technology officer and cofounder of Whisper Systems, a firm focusing on securing mobile communications. “This is happening all the time.”
The compromised certificate company, DigiNotar, is one of about 650 companies, known as certificate authorities, or CAs, that are trusted to issue the certificates. Earlier this year, another certificate authority, Comodo, acknowledged that an attacker had breached the security of its systems and issued at least nine certificates for large domains, including Google, Skype, and Yahoo. At the Black Hat Security Conference in August, Marlinspike criticized the current system of certificate authorities and offered a different model, known as Convergence, based on a peer-to-peer model of trust.
The Electronic Frontier Foundation, a digital rights group, argued in an analysis published this week that recent break-ins suggest that the choice of whether to trust a certificate authority should lay with the user, not with browser vendors or websites.
“These CAs appear to exist within around 50 countries’ jurisdictions,” the authors of the report write. “Any one of these countries could conceivably compel a CA to create fraudulent certificates for purposes of espionage or for spying on that country’s citizens.”
The latest attack demonstrates that a single breach can have far-reaching effects. A preliminary report issued by Dutch security firm Fox-IT in early September found that the intruders exploited significant weaknesses in DigiNotar’s network security, including a single account capable of controlling all its certificate servers and using a weak password for account access. The firm found that more than 300,000 unique IP addresses—almost entirely from Iran—encountered one fraudulent certificate issued for Google’s domain. Already, Apple, Google, Microsoft, and Mozilla have updated their browser to distrust any certificate signed by DigiNotar.
The Dutch government, which relies on the digital signatures issued by DigiNotar for its encrypted communications, has taken over the company’s certificate operations. In addition, it is investigating whether the focus on Iranian users could indicate that the nation’s government may have been involved in the attack.
The certificate system works, but needs increased focus on security, says Amar Doshi, a senior manager of certificate products with security firm Symantec, which acquired and now manages the certificate authority VeriSign.
“All the events of the last couple of weeks really go to show that ‘a cert is a cert is a cert’ doesn’t really apply,” Doshi says. “There are differences between certificates. There are differences between CAs.”
Some of the browser makers seem ready to focus on those differences. Last week, the Mozilla Foundation, the group that manages development of the Firefox browser, provided certificate authorities with a list of security checks to complete in eight days. It said that any authority that fails to comply with the request could find any certificates issued by them deemed untrustworthy by Mozilla.
“Participation in Mozilla’s root program is at our sole discretion, and we will take whatever steps are necessary to keep our users safe,” Kathleen Wilson, the program manager in charge of Mozilla’s CA Certificates Module, said in an e-mail to certificate authorities.
Become an MIT Technology Review Insider for in-depth analysis and unparalleled perspective.Subscribe today