[LINK] RFC: Could CAs Be Eavesdropping on Their Clients?
Roger.Clarke at xamax.com.au
Sat Aug 14 10:02:09 AEST 2010
The NYT story below says that Certificate Authorities (CAs) have
proliferated to c. 650, and, worse than that, are out of control.
Here follows a quick analysis (off the top of the head, without
research) on two key aspects of the points made in the article. I'd
be delighted if linkers can show me that my analysis is awry.
The fundamental function of a CA is to attest to the association
between a public key and an entity.
1. Re the Value of a Certificate
(a) few organisations that could be expected to act as CAs actually
do so. Possibilities in Australia, for example, include ASIC
for companies and Medical Registration Board(s) for health care
(b) few organisations that act as CAs are trustworthy
(Verizon, for heaven's sake??)
(c) quite limited investment is made by CAs in authenticating the claim
by the applicant that it really, truly is the entity that it
represents itself to be. (There's been talk about enhanced
authentication processes, including in the article below, but
I remain sceptical about how much progress has been made)
(d) the level of assurance provided by CAs to people who rely on the
certificates that they issue is almost zero
Ergo: certificates are worth very little, nomatter who issues them.
Ergo: whether a browser-supplier uses certificates issued by a
'brandname' organisation like Verizon, or by a twice-removed
sub-licensee called Dodgy Bros. Ltd, doesn't make much difference to
the assurance level.
2. Re Eavesdropping by CAs
"Mr. Eckersley noted that [Dodgy Bros. Ltd] could misuse its position
to eavesdrop on the activities of Internet users".
I don't get it. The analysis below explains why.
In order to "eavesdrop" on a channel protected using SSL/TLS, a third
party needs two things:
(1) copies of the messages that flow between the two parties
(2) the key needed to decrypt the messages. (That's exchanged between
the parties using a public key-pair owned by one of the parties.
So the third party needs that particular private key, in order to
decrypt the key-exchange message and extract the encryption key)
As regards (1), an organisation that provides a CA service would not
normally be on a traffic-route between its customers. So the CA
would have to either contrive to be there, or intrude spyware into
its client's device in order to get copies of messages. In either
case, it would be in serious breach of its role, and quite probably
of local laws.
As regards (2), an organisation that asks for a certificate from a CA
provides its public key, but must under no circumstances expose its
private key - to anyone, least of all the CA. So the CA would have
to either trick its client into providing its private key (e.g. by
offering a key-generation service), or intrude spyware into its
client's device in order to get a copy of the private key. In either
case, it would be in serious breach of its role, and quite probably
of local laws.
I have no respect for Dodgy Bros Ltd, and little respect for Verizon.
But is corporate criminality so mainstream that behaviour of this
kind is actually going on?
A Warning About a Weak Link in Secure Web Sites
By MIGUEL HELFT
Published: August 13, 2010
SAN FRANCISCO - Computer security researchers are raising alarms
about vulnerabilities in some of the Web's most secure corners: the
banking, e-commerce and other sites that use encryption to
communicate with their users.
Those sites, which are typically identified by a closed lock
displayed somewhere in the Web browser, rely on a third-party
organization to issue a certificate that guarantees to a user's Web
browser that the sites are authentic. But as the number of such
third-party "certificate authorities" has proliferated into hundreds
spread across the world, it has become increasingly difficult to
trust that those who issue the certificates are not misusing them to
eavesdrop on the activities of Internet users, the security experts
"It is becoming one of the weaker links that we have to worry about,"
said Peter Eckersley, a senior staff technologist at the Electronic
Frontier Foundation, an online civil liberties group.
The power to appoint certificate authorities has been delegated by
browser makers like Microsoft, Mozilla, Google and Apple ... to
various companies, including Verizon.
[The expression 'delegation of power' isn't appropriate. Less loaded
would be 'Browser-makers use certificates issued by various
Those entities, in turn, have certified others, creating a
proliferation of trusted "certificate authorities," according to
Internet security researchers.
According to the Electronic Frontier Foundation, more than 650
organizations can issue certificates that will be accepted by
Microsoft's Internet Explorer and Mozilla's Firefox, the two most
popular Web browsers. Some of these organizations are in countries
like Russia and China, which are suspected to engage in widespread
surveillance of their citizens.
Mr. Eckersley said Exhibit No. 1 of the weak links in the chain is
Etisalat, a wireless carrier in the United Arab Emirates that he said
was involved in the dispute between the BlackBerry maker, Research in
Motion, and that country over encryption. The U.A.E. threatened to
discontinue some BlackBerry services because of R.I.M.'s refusal to
offer a surveillance back door to its customers' encrypted
communications. Mr. Eckersley also said that Etisalat was found to
have installed spyware on the handsets of some 100,000 BlackBerry
subscribers last year. Research in Motion later issued patches to
remove the malicious code.
Yet Mr. Eckersley noted that Etisalat was one of the "certificate
authorities" and could misuse its position to eavesdrop on the
activities of Internet users.
In an open letter signed by Mr. Eckersley, the Electronic Frontier
Foundation is asking Verizon, which issued Etisalat's power to
certify Web sites, to consider revoking that authority.
Verizon declined to comment. Etisalat did not respond to an e-mail
Mr. Eckersley wrote that Etisalat could issue fake certificates to
itself for scores of Web sites, including google.com, Microsoft.com
and Verizon.com, and "use those certificates to conduct virtually
undetectable surveillance and attacks against those sites." Etisalat
could also eavesdrop on virtual private networks used by corporations
to communicate securely around the world, he wrote.
"We believe this situation constitutes an unacceptable security risk
to the Internet in general and especially to foreigners who use
Etisalat's data services when they travel," he wrote, adding that the
foundation did not know whether Etisalat had misused its authority
Concerns about certificates have been raised before. When Firefox
considered granting certificate authority to a Chinese company
earlier this year, members of the Firefox community worried that the
company might be pressured by the government to eavesdrop, for
example, on the Gmail accounts of Chinese dissidents. Eventually,
Firefox decided to go ahead with the process.
Other security experts said that they were concerned about the
proliferation of certificate authorities.
"I think it is a really big deal," said Stephen Schultze, associate
director of the Center for Information Technology Policy at Princeton
University. Mr. Schultze said that the problem "is not a reason to
panic and stop doing online banking or e-commerce. But it is bad
enough problem that it should be receiving a lot more attention and
we should be trying to fix it."
Some browser makers, however, suggested that while attacks were
possible in theory, the system had worked reasonably well for more
than a decade.
"It has proven itself historically to be relatively secure," said
Johnathan Nightingale, Mozilla's director of Firefox development. Mr.
Nightingale said that many e-commerce sites were using a new type of
certificate that required extensive verification. If a certificate
authority was misusing its power to eavesdrop, he said, a user with
technical skills could detect the attack, and the organization's
power to issue certificates would be revoked.
Roger Clarke http://www.rogerclarke.com/
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au http://www.xamax.com.au/
Visiting Professor in the Cyberspace Law & Policy Centre Uni of NSW
Visiting Professor in Computer Science Australian National University
More information about the Link