The Secure Socket Layer (SSL) encryption and authentication technology built into every Web browser relies upon the concept of trust. When a browser requests a secure page, the web server sends its public key with its certificate. The browser checks that the certificate was issued by a trusted party, usually a root certificate authority (CA). If the certificate is still valid and related to the site, the browser proceeds — all because of the implicit trust in the CA. Most browsers and applications have already loaded the root certificate of well-known CAs.
What if the CA is compromised?
That very chilling scenario has become a startling new reality in the world of SSL encryption. Over the past few months, attackers have hit several major CAs, including Comodo, StartSSL and DigiNotar. The attackers have stolen certificates and, in some cases, issued fraudulent certificates to themselves. An attacker even published one of RSA’s private encryption keys.
The implications are serious and far-reaching. A signed certificate cannot be modified, so a certificate is not secure until it is signed. However, you can sign a certificate using itself — a so-called self-signed certificate. All root CA certificates are self-signed.
By some estimates, more than 530 certificates have been stolen. This may include so-called intermediate signing certificates, which would enable the attackers to sign and validate certificates that seem to come from trusted sources. How do you know that you are dealing with the right web site if you can’t trust the certificate or the person who signed it?
Tip of the Iceberg
With DigiNotar recently joining the ranks of Comodo, StartSSL and RSA as a trusted third-party CA compromised by hackers, enterprises need to move past the shock and begin formulating their own compromise recovery and business continuity plans, say experts at enterprise key and certificate management (EKCM) firm Venafi.
“People have not given much thought to the impact or ramifications of a certificate authority compromise,” said Venafi CEO Jeff Hudson. “The attack against DigiNotar marks 2011’s fourth major breach of a trusted third-party security provider. There will be more breaches of third-party trust providers like this in the future.”
Hackers apparently used the fraudulent certificate to intercept Iranian users’ email, among other items. The attack went undetected by the users because their browsers trusted the DigiNotar certificate.
“A third-party trust provider represents an extremely high value target for hackers. Once attackers can access and steal trust credentials, they can commit various cybercriminal acts in pursuit of their own nefarious agenda,” Hudson said.
Hudson went on to explain that SSL and PKI remain solid and reliable technologies. That does not mean that enterprises can relax. They need to be aware that any individual third-party trust provider, like a CA, can be compromised and is therefore a known risk.
“And,” he added, “known risks require solid, well-conceived contingency plans.”
Beyond the Browser
Mozilla, Google and Microsoft have implemented browser updates that will revoke trust in certificates signed by compromised CAs, which will safeguard users of those browsers. The ripple effects of a hack like this do not stop at the browser, however.
“All enterprises need to look at their highest-value assets — servers, VPN concentrators, SSL off-loaders, application servers and applications where sensitive and regulated data flows, and that are protected by certificates,” Hudson said. “Plans must be in place to recover anytime the trust provider is compromised.”
Hudson says there are steps organizations must take to deal with a compromised CA. First, they must use multiple CAs so that if one is compromised, the other non-compromised CA and its certificates and keys are available for continued use. Second, organizations must have an accounting of all the CAs that they use as third-party trust providers. Third, they must have a complete inventory of the owner and location for each certificate in the enterprise. This often numbers in the thousands and even tens of thousands or more in Global 2000 organizations.
Finally, every organization must have an actionable and comprehensive plan in place to recover from a CA compromise. The time to recover needs to be measured in hours, not weeks or months.
Cover Your Assets
Hudson said that most enterprises have glaring holes in their certificate inventories. An organization may estimate that it has, say, 3,000 certificates, when in reality it has two or three times that number. That many unidentified certificates represent significant unmanaged and unquantified risk.
Further, few organizations have a management platform in place that gives them the power to replace compromised certificates quickly. Otherwise, the replacement of known, compromised certificates is largely a manual effort. This forces organizations to continue operations in a compromised condition — possibly for many months — while the thousands of compromised certificates are manually replaced. In some cases that may not even be an option and entire systems may have to be shut down until remediated.
“None of us knows where the next breach will occur,” Hudson said, “or whether it will occur in a week or three months. Enterprises must ready themselves to respond immediately if they implement the four steps of CA compromise recovery. The very serious implication is that you better wake up. Get out of denial. Understand that this is a huge issue of business continuity. And don’t think you won’t be compromised, because you will.”
In theory, SSL certificates provide proof that you are talking to a bona fide entity on the Internet. That theory is being challenged by a rash of security breaches at root CAs. If you can’t trust the trusted third party, who can you trust?
