In recent months, we’ve seen a couple of situations where problems at
certificate authorities allowed unauthorized, authoritative signing certificates to be created or existing signing
certificates to be used in ways that were not legitimate. In both cases, we’ve seen the certificate authorities that are involved quickly respond by revoking the certificates and push that revocation in high priority updates to as many computers as possible.
Great. But what’s all that gobbledygook mean?
For example, you could visit a website via https (thinking that by using https, you were guaranteed to be visiting the website you thought you were), but in fact, you were not.
Rogue signing certificates don’t cause this problem alone, but they can
remove one of the important checks that we all rely on and perhaps even take for
granted.
Don’t panic, because it’s not common, but don’t ignore it either, because
when it does happen it’s serious.
To understand this whole chain of events, we need to – at least at
a high level – understand how digital signatures and certificates work, how
they relate to websites, and perhaps most importantly, how they are
legitimately created.
And it all starts with a tiny refresher in one important form of encryption,
and the importance of keeping secrets.
Because that’s all just a little lengthy, I’ll begin with the bottom line.
]]>
<
However, my certificate is signed. I gave my public key to GoDaddy
who performed some basic validation that I was who I claimed to be, and they in
turn signed my certificate using their own private key. (This is all that
“purchasing an SSL certificate” really boils down
to).
Thus, if you trust GoDaddy – or rather, if your computer trusts GoDaddy –then you can trust that my certificate is valid and that the site you just
connected to – secure.pugetsoundsoftware.com – really belongs to me.
The same is true for signed software. A digital signature can be included
with software that can be used to confirm that the software has not been
altered and that it comes from who it claims to come from.
Certificate authorities
In the example above, GoDaddy is what’s called a “Certificate Authority” or
just “CA” – they are an entity that has been authorized to sign certificates
for use on the internet.
Now, if you’ve been paying close and detailed attention to this point (I
wouldn’t blame you if you’ve dozed off 
), you
should be asking a question right now:
“If GoDaddy signed your certificate with their private key, how did
you get their public key, and how do you know that it is
valid?”
Enter the “root certificates.”
Installed on your machine and updated with Windows update (or, in some
cases, installed into your browser and updated by browser updates) are a set of
certificates that represent the CAs that your machine or browser will
implicitly trust from the start.
In Internet Explorer, click the Tools menu,
Internet Options menu item, the Content tab,
the Certificates button, and finally the Trusted Root
Certification Authorities tab. That lengthy sequence will bring up
something like this:
On my system, there are 39 “Trusted Root Certification Authorities” and
GoDaddy happens to be one of them.
If you’re really eagle-eyed, you’ll now ask this question:
“But wait! The trusted root certificate is for ‘Go Daddy Class 2
Certification Authority’, but your certificate was signed by ‘Go Daddy Secure
Certification Authority’ – they don’t match!”
Indeed they do not.
Certain types of CAs are allowed to create other CAs creating what’s called
a certification chain or path.
The certificate for “secure.pugetsoundsoftware.com” was actually signed by
an intermediate CA called “Go Daddy Secure Certification Authority” whose own
certificate was signed by “Go Daddy Class 2 Certification Authority.”
As long as a certificate chain ends in a trusted root certificate installed
on your machine, the chain of trust is intact.
Now, it gets interesting.
Rogue certificate authorities
You can see right away that if the private key of a root CA is ever stolen
then hackers can create certificates that would be trusted as valid by all
computers.
To the best of my knowledge, this has actually never happened.
However, the same cannot be said for intermediate CAs. In 2011, a couple of
CAs were hacked and the hacker was able to create intermediate CA certificates
that were signed by the root CA certificate, thus making them “valid.”
Using those certificates that he had created, he could then create website
certificates for any website that would be trusted simply because that
intermediate certificate looked valid and trusted by a root CA. These rogue
certificates were then allegedly used to perform “man-in-the-middle” attacks on
Iranians attempting to access secure sites such as Gmail.
In a different type of recent mishap, Microsoft accidentally set this “This
certificate can be used to sign code” flag on certificates that it provided as
part of its system software. Quoting Sophos’ Naked Security blog:
The Microsoft Terminal Server Licensing service is used for license
management and authorization in many enterprise environments. Microsoft had
been mistakenly issuing certificates for use on these servers that could be
used to digitally sign code.
This eventually allowed hackers to insert malware that looked like valid
software coming from Microsoft as part of Windows Update.
Why rogue certificates are bad
What you’re probably wondering right now is how this impacts you, the
average computer user.
Fortunately, it’s not common, but here’s one scary scenario:
- You bank at somerandombank.com and regularly connect to
https://somerandombank.com. - A hacker creates a rogue CA certificate, signed by a trusted root authority,
that he can use to create certificates for any website he likes. - The hacker creates a bogus, but valid-looking certificate for
somerandombank.com. - The hacker installs that certificate on a server that he owns and makes the
website on that server “look like” the somerandombank.com website. - The hacker manages to install malware on your machine, or your router, that
causes the DNS lookup for “somerandombank.com” to return his server and
not the actual somerandombank.com server. - You visit https://somerandombank.com and are connected to the hacker’s
server. - The server provides the certificate created by the hacker.
- Your computer trusts this bogus certificate because it’s signed by a trusted
root authority and therefore trusts that you are connected to the proper
server and site, when in fact you are not.
You actually have no indication that you’ve connected to a bogus, malicious
website even though it’s via https.
Hopefully, you can see why this isn’t terribly common and not something that
I spend a lot of time worrying about. First, the hacker has to somehow breach
security at the actual trusted CAs (who, after recent events, are probably more
secure than ever). Then, the hacker has to also breach your security in
order to redirect your browser to his bogus server.
It’s no simple task. Possible, yes, and worth protecting against, but not
common.
Certificate revocation
The current defense against certificate compromise is the concept of a
“revoked” certificate.
Two tabs down in the dialog we opened from Internet Explorer is Untrusted
Publishers. These are certificates that have been explicitly revoked and
marked as not to be trusted. When a rogue signing certificate is found, it or
its parent certificate in the signing chain is revoked and all other
certificates that may have been signed by the rogue certificate are instantly
no longer valid.
This is why keeping your system up-to-date is so important. When
certificates are revoked – as Microsoft just did to some of its own
certificates – you want that revocation to be known to your system as soon as
possible.
The future
It’s been said that the current setup of digital certificate signing
authorities is fragile – some even say broken – for an assortment of reasons, the hacking scenario above being one example.
There are improvements, both proposed and actually slowly being implemented
to increase the security of the overall system.
But from a practical perspective, I still believe that the system is
basically trustworthy for everyday use and continue to do my banking and other
sensitive transactions online via https connections.
But I definitely keep my machine as up-to-date as possible.
And so should you.
References
Ars Technica: Comodo hacker: I hacked DigiNotar too; other CAs breached
c|net: Comodo hack may reshape
browser security
Naked Security: Flame malware used man-in-the-middle attack against Windows
Update
Re the above:
•Data encrypted with key “A” can only be decrypted with key “B”
•Data encrypted with key “B” can only be encrypted with key “A”
Encrypt with one, decrypt with the other. That’s the only way it works.
Shouldn’t it read:
•Data encrypted with key “B” can only be DEcrypted with key “A”
Sorry, Leo. Not trying to be picky. My one working brain cell had a hard time making sense out of it.
06-Jun-2012
@Mary
Yes your are right. Thanks. It should be decrypted. It’s fixed now.
… and then there’s Flame that proliferates through bogus Windows Updates.
The Revocation List in my Firefox browser appears to be empty. Should I be worried about this? (The browser software downloads updates automatically.)
Hi Leo
Great article. Read it twice now and second time was a lot clearer.
Think it’s great that you can make even something like this sound easy enough
You only have 39 Trusted CA’s in your list? I have 40 that begin with the letter “A”! Is that a problem?
I managed to pass Security+ but there’s so much I simply regurgitated without understanding. Now, one less thing.
Leo, you’re a treasure. Thanks for helping us out.
I agree – you are a treasure. I still can’t believe that one woman who wrote in asking you to make your answers brief and to the point or something like that. Your writing style is perfect. Don’t change a thing. Free advice and she was complaining – unbelievable.