New Research Suggests That Governments May Fake SSL Certificates
Today two computer security researchers, Christopher Soghoian and Sid Stamm, released a draft of a forthcoming research paper in which they present evidence that certificate authorities (CAs) may be cooperating with government agencies to help them spy undetected on "secure" encrypted communications. (EFF sometimes advises Soghoian on responsible disclosure issues, including for this paper.) More details and reporting are available at Wired today. The draft paper includes marketing materials from Packet Forensics, an Arizona company, which suggests that government "users have the ability to import a copy of any legitimate keys they obtain (potentially by court order)" into Packet Forensics products in order to impersonate sites and trick users into "a false sense of security afforded by web, e-mail, or VoIP encryption". This would allow those governments to routinely bypass encryption without breaking it.
Many modern encryption systems, including the SSL/TLS system used for encrypted HTTPS web browsing, rely on a public-key infrastructure (PKI) in which some number of CAs are trusted to vouch for the identity of sites and services. The CA's role is crucial for detecting and preventing man-in-the-middle attacks where outsiders invisibly impersonate one of the parties to the communication in order to spy on encrypted messages. CAs make a lot of money, and their only job is to make accurate statements about which cryptographic keys are authentic; if they do this job incorrectly — willingly, under compulsion, by accident, or negligently — the security of encrypted communications falls apart, as man-in-the-middle attacks go undetected. These attacks are not technically difficult; surveillance companies like Packet Forensics sell tools to automate the process, while security researchers like Moxie Marlinspike have publicly released tools that do the same. All that's needed to make the attack seamless is a false certificate. Can one be obtained?
This risk has been the subject of much speculation, but Soghoian and Stamm's paper is the first time we've seen evidence suggesting that CAs can be induced to sign false certificates. The question of CAs' trustworthiness has been raised repeatedly in the past; researchers recently showed that some CAs continued to use obsolete cryptographic technology, signed certificates without verifying their content, and signed certificates that browsers parsed incorrectly, putting users at risk of undetectable attacks. What's new today, however, is the indication that some CAs may also knowingly falsify certificates in order to cooperate with government surveillance efforts.
Soghoian and Stamm also observe that browsers trust huge numbers of CAs — and all of those organizations are trusted completely, so that the validity of any entity they approve is accepted without question. Every organization on a browser's trusted list has the power to certify sites all around the world. Existing browsers do not consider whether a certificate was signed by a different CA than before; a laptop that has seen Gmail's site certified by a subsidiary of U.S.-based VeriSign thousands of times would raise no alarm if Gmail suddenly appeared to present a different key apparently certified by an authority in Poland, the United Arab Emirates, Turkey, or Brazil. Yet such a change would be an indication that the user's encrypted HTTP traffic was being intercepted.
Who are these CAs, and why do we trust them? Most are for-profit companies, though Microsoft Internet Explorer is willing to trust two dozen governments as CAs, from a list of around 100 entities. Soghoian and Stamm identify the governments Internet Explorer currently trusts as Austria, Brazil, Finland, France, Hong Kong, India, Japan, Korea, Latvia, Macao, Mexico, Portugal, Serbia, Slovenia, Spain, Switzerland, Taiwan, The Netherlands, Tunisia, Turkey, the United States and Uruguay. (Some countries have more than one government entity on the list; Internet Explorer also trusts subnational governments like that of the Autonomous Community of Valencia in Spain, and government-affiliated organizations like the PRC's China Internet Network Information Center.) Although there is no public evidence that this power has been abused or that government-run CAs are less trustworthy than private-sector CAs, each of these states has the power to facilitate attacks on encryption anywhere in the world — not just in its territory or Internet domain.
Certificate authorities get on browsers' trusted lists by making a public statement about how they operate and submitting to some sort of external audit. If they do their job properly, they make it easy for users to securely interact with web sites and services automatically, without having to somehow look up and manually verify encryption keys. Yet these organizations' position at the center of the web encryption infrastructure is largely unaccountable, since users will never know if a CA signs off on something untrue. But any CA could choose to do so. Given what we now know about the vulnerability of the trust infrastructure to both technological and legal interference, we urgently need a meaningful way to double-check the CAs. Soghoian and Stamm propose some mechanisms and offer a plug-in to give users browsers' more information about who is certifying sites and where the CAs are located, which could be of particular interest to those concerned about international espionage.
Concerned by this and other research on the vulnerabilities introduced by CAs, EFF has also been working on concepts to help Internet users make use of many more sources of information to supplement and double-check the CAs — and help detect when they certify things that are not true. We will be publishing a whitepaper to outline some of our proposals in the near future.
Recent DeepLinks Posts
-
Jan 4, 2016
-
Jan 3, 2016
-
Jan 3, 2016
-
Jan 2, 2016
-
Jan 2, 2016
Deeplinks Topics
- Fair Use and Intellectual Property: Defending the Balance
- Free Speech
- Innovation
- International
- Know Your Rights
- Privacy
- Trade Agreements and Digital Rights
- Security
- State-Sponsored Malware
- Abortion Reporting
- Analog Hole
- Anonymity
- Anti-Counterfeiting Trade Agreement
- Biometrics
- Bloggers' Rights
- Broadcast Flag
- Broadcasting Treaty
- CALEA
- Cell Tracking
- Coders' Rights Project
- Computer Fraud And Abuse Act Reform
- Content Blocking
- Copyright Trolls
- Council of Europe
- Cyber Security Legislation
- CyberSLAPP
- Defend Your Right to Repair!
- Development Agenda
- Digital Books
- Digital Radio
- Digital Video
- DMCA
- DMCA Rulemaking
- Do Not Track
- DRM
- E-Voting Rights
- EFF Europe
- Encrypting the Web
- Export Controls
- FAQs for Lodsys Targets
- File Sharing
- Fixing Copyright? The 2013-2015 Copyright Review Process
- FTAA
- Genetic Information Privacy
- Hollywood v. DVD
- How Patents Hinder Innovation (Graphic)
- ICANN
- International Privacy Standards
- Internet Governance Forum
- Law Enforcement Access
- Legislative Solutions for Patent Reform
- Locational Privacy
- Mandatory Data Retention
- Mandatory National IDs and Biometric Databases
- Mass Surveillance Technologies
- Medical Privacy
- National Security and Medical Information
- National Security Letters
- Net Neutrality
- No Downtime for Free Speech
- NSA Spying
- OECD
- Offline : Imprisoned Bloggers and Technologists
- Online Behavioral Tracking
- Open Access
- Open Wireless
- Patent Busting Project
- Patent Trolls
- Patents
- PATRIOT Act
- Pen Trap
- Policy Analysis
- Printers
- Public Health Reporting and Hospital Discharge Data
- Reading Accessibility
- Real ID
- RFID
- Search Engines
- Search Incident to Arrest
- Section 230 of the Communications Decency Act
- Social Networks
- SOPA/PIPA: Internet Blacklist Legislation
- Student and Community Organizing
- Student Privacy
- Stupid Patent of the Month
- Surveillance and Human Rights
- Surveillance Drones
- Terms Of (Ab)Use
- Test Your ISP
- The "Six Strikes" Copyright Surveillance Machine
- The Global Network Initiative
- The Law and Medical Privacy
- TPP's Copyright Trap
- Trans-Pacific Partnership Agreement
- Travel Screening
- TRIPS
- Trusted Computing
- Video Games
- Wikileaks
- WIPO
- Transparency
- Uncategorized