Black Hat Conference Highlights SSL Trust Issues

Underscoring questions around SSL, a researcher showed a Firefox add-on that bypasses SSL certification

Researchers have long highlighted some of the security issues with the Secure Socket Layer system used to secure Internet communication. One of the issues happens to be one of trust as the SSL Certificate Authorities have been compromised in recent months, a researcher told Black Hat attendees.

The attack on certificate authority Comodo in March highlights the problems with the current CA system and the need for replacing it, Moxie Marlinspike, co-founder and CTO of Whisper Systems, said on 4 August at the recent Black Hat security conference in Las Vegas. An Iranian hacker claimed responsibility for the attack in which he managed to trick Comodo into issuing valid certificates for major websites belonging to Google, Microsoft, Yahoo and Mozilla. Comodo did not face any lawsuits or suffer any other consequences for the incident, Marlinspike said.

Trust issues

For the SSL system to work properly, security, integrity and authenticity are needed, according to Marlinspike. Currently, the system does not work as well it was supposed to because authenticity is the weak link, he said. CAs have to ensure that sites are authentic and prevent man-in-the-middle attacks where malicious web sites trick users into accessing a fraudulent page instead of the real site.

“The real story with the Comodo attack is that it’s not unique,” Marlinspike said, noting that it is “happening every day”.

The SSL structure has not been fundamentally altered since the early 1990s, and Marlinspike claimed the original SSL authors told him the security technology used to secure web communications was developed almost as an afterthought. The sheer number of certificate authorities – approximately 650, according to the Electronic Frontier Foundation – means there are plenty that can provide signed certificates to cyber-attackers or maliciously intercept Internet communications.

Comodo’s feisty chief executive Melih Abdulhayoglu agreed with Marlinspike’s assessment in an interview with eWEEK earlier this year. While defending Comodo’s security and practices, he offered a scathing commentary on “fly by night operators offering certificates for $10 (£6)” without any verification process to ensure domain ownership.

Comodo is likely not as trustworthy as it should be, but there is nothing the user can do under the existing system, Marlinspike said. Removing Comodo, the second largest certificate authority, from the list of trusted authorities in the web browser would mean the user would no longer be able to access “a quarter of the Internet”, which is why browser vendors haven’t already done so, he said.

Agility

“The truth is, somewhere along the line, we made a decision to trust Comodo”, Marlinspike said, adding, “And now we are locked into trusting them forever, and this is the essence of the problem.”

The current system doesn’t support “trust agility”, or the flexibility to revise the list of who to trust and who not to trust, according to Marlinspike. Comodo may have been trusted at one point, but now it’s near impossible to remove from the list without making large swathes of Internet “disappear”, he said.

Users also do not have a choice of which certificate authorities to trust under the current CA system, Marlinspike said. When a user accesses a website it connects to the CA authority, which authenticates the SSL certificate. Marlinspike wants to change the system so that the user decides which CA authority to connect with to authenticate the site’s certificate.

Convergence, a Mozilla Firefox add-on released by Marlinspike, is intended to replace CAs. Instead of a certificate authority, there is a notary server that checks SSL authenticity on the user’s first visit to the site. Certificates are locally cached on the browser side and checked on repeated visits. As long as the certificates match, there is no need to access the notary server again. Web site administrators won’t have to make any changes to be available to users using the Convergence plugin to bypass CAs altogether, Marlinspike said.

Implementation questions

While Marlinspike’s ire was directed at Comodo, he distrusted all certificate authorities, including VeriSign. “There isn’t anyone doing a great job,” he said, noting that it was not realistic to expect that any organisation can look at sites “as carefully as necessary” to certify them.

Other issues with SSL were highlighted during Black Hat. According to a survey from Qualys, a significant majority of supposedly SSL secured sites are not actually fully secured, Philippe Courtot, chairman and chief executive of Qualys, told eWEEK. Organisations are implementing the security technology incorrectly, making the websites insecure despite claiming to have SSL. Mixing encrypted and unencrypted data puts users at risk for session hijacking, for example.

“If anyone is trying to convince you to use a trust system, you have to ask, who do I have to trust and for how long?” Marlinspike said at the end of his presentation.