[LINK] A Potage of CAs, or Why PKI Doesn't Work

Roger Clarke Roger.Clarke at xamax.com.au
Fri Sep 2 07:52:19 AEST 2011 

http://www.slate.com/id/2265204/
>  ... some ... certificate authorities have decided to delegate their 
>powers to yet more organizations, which aren't tracked or audited by 
>browser companies. By scouring the Net for certificates, security 
>researchers have uncovered more than 600 groups who, through such 
>delegation, are now also automatically trusted by most browsers, 
>including the Department of Homeland Security, Google, and Ford 
>Motors-and a UAE mobile phone company called Etisalat.
>
>In 2005, a company called CyberTrust-which has since been purchased 
>by Verizon- gave Etisalat, the government-connected mobile company 
>in the UAE, the right to verify that a site is valid. Here's why 
>this is trouble: Since browsers now automatically trust Etisalat to 
>confirm a site's identity, the company has the potential ability to 
>fake a secure connection to any site Etisalat subscribers might 
>visit using a man-in-the-middle scheme.
>
>Etisalat doesn't exactly have a clean record when it comes to 
>privacy. Tech watchdogs have already caught it deliberately 
>attempting to invade the privacy of its own users. In July 2009, 
>Etisalat abruptly announced a software update on all its BlackBerry 
>customers. Described as a "network upgrade," the application in fact 
>copied all messages written on the device to two private Etisalat 
>e-mail addresses. Research in Motion distanced itself from this 
>clumsy attempt at government spyware, clarifying that it was "not a 
>RIM-authorized software upgrade" and providing a counter-app to 
>remove the program.
>
>To date, no one has observed Etisalat fake a Web site to spy on an 
>individual's encrypted traffic. But because of the proliferation and 
>delegation of certificate authorities, Etisalat and hundreds of 
>other groups have that capability. The good news about misusing the 
>power of certificate authorities is that, like the BlackBerry 
>upgrade, such attacks can quickly be uncovered and publicized, given 
>enough vigilance and the right tools.
>
>A better solution is to clean up the certificate authority lists and 
>revoke the rights of organizations who could abuse it. The 
>Electronic Frontier Foundation, where I used to work, recently 
>published an open letter to Verizon asking them to consider publicly 
>revoking the certificate authority that the company granted 
>Etisalat. But that still leaves the hundreds of other certificate 
>authorities that could turn rogue and start spying on the Web's 
>secure systems.


Full article below.

The Internet's Secret Back Door
Web users in the United Arab Emirates have more to worry about than 
having just their BlackBerries cracked.
By Danny O'Brien
Slate
Posted Friday, Aug. 27, 2010, at 2:56 PM ET
http://www.slate.com/id/2265204/

The United Arab Emirates continues to wrestle with Research in Motion 
over government access to BlackBerry messages, threatening to ban the 
company's services if it doesn't severely weaken the anti-snooping 
protections on its smartphones. But years before the RIM battle 
boiled over, other Western companies handed the country a far greater 
power: the capability to infiltrate the secure system used by most 
banking, mail, and financing sites, making the most protected data on 
the Web available to the prying eyes of the emirates' 
government-connected telecommunications giant.

To understand how this happened, you need to understand the way much 
of the Web's private traffic stays private. Whenever you're sending 
sensitive information online-say, your credit card number to Amazon 
or a message over Gmail-the content is encrypted before being sent 
and then decrypted by the Web site you sent it to. (Sites using this 
secure mode have URLs that start with "https," and browsers add a 
padlock icon as well to demonstrate you're communicating securely.) 
Every vendor has its own rules for how to scramble information so 
that only it, the intended recipient, can decode it. If anyone 
intercepts the message along the way, it will appear to be a 
meaningless digital jumble.

Cryptographers are reasonably confident that the mathematics behind 
this method of encryption makes it unassailable by direct assault, 
even by the most well-funded intelligence agencies. But they have 
also long been aware of a potential weakness in its design: There's 
no way for your computer to know if the recipient is who they say 
they are. Because of this, cyber-criminals (or curious governments) 
can trick you by staging a "man in the middle attack," where the 
snoop acts as an uninvited mediator between you and the intended 
recipient. Your computer thinks it's contacting your bank when in 
fact it's contacting the snoop, using his own rules for encrypting 
information. He decodes it, copies your sensitive data, then 
re-encodes it according to the bank's rules and sends it along. He 
does the same thing for traffic coming from the bank to you. Both 
your bank and you would believe you were talking directly to each 
other with no one else listening.

To overcome this deficiency, the Web's security relies on the idea of 
"certificate authorities": organizations that independently verify 
the identity of the Web site you're communicating with and provide a 
digital confirmation that it's authentic. A certificate authority's 
digital endorsement decides whether your browser believes a site when 
it claims to be GMail, Microsoft, or even the New York Times, which 
has a secure version. Middle men can't fake this authentication 
without getting a similar endorsement. These certificate authorities 
are supposed to conduct due diligence in ensuring that only the real 
Web site gets their stamps of approval.

Who are these certificate authorities? At the beginning of Web 
history, there were only a handful of companies, like Verisign, 
Equifax, and Thawte, that made near-monopoly profits from being the 
only providers trusted by Internet Explorer or Netscape Navigator. 
But over time, browsers have trusted more and more organizations to 
verify Web sites. Safari and Firefox now trust more than 60 separate 
certificate authorities by default. Microsoft's software trusts more 
than 100 private and government institutions.

Disturbingly, some of these trusted certificate authorities have 
decided to delegate their powers to yet more organizations, which 
aren't tracked or audited by browser companies. By scouring the Net 
for certificates, security researchers have uncovered more than 600 
groups who, through such delegation, are now also automatically 
trusted by most browsers, including the Department of Homeland 
Security, Google, and Ford Motors-and a UAE mobile phone company 
called Etisalat.

In 2005, a company called CyberTrust-which has since been purchased 
by Verizon- gave Etisalat, the government-connected mobile company in 
the UAE, the right to verify that a site is valid. Here's why this is 
trouble: Since browsers now automatically trust Etisalat to confirm a 
site's identity, the company has the potential ability to fake a 
secure connection to any site Etisalat subscribers might visit using 
a man-in-the-middle scheme.

Etisalat doesn't exactly have a clean record when it comes to 
privacy. Tech watchdogs have already caught it deliberately 
attempting to invade the privacy of its own users. In July 2009, 
Etisalat abruptly announced a software update on all its BlackBerry 
customers. Described as a "network upgrade," the application in fact 
copied all messages written on the device to two private Etisalat 
e-mail addresses. Research in Motion distanced itself from this 
clumsy attempt at government spyware, clarifying that it was "not a 
RIM-authorized software upgrade" and providing a counter-app to 
remove the program.

To date, no one has observed Etisalat fake a Web site to spy on an 
individual's encrypted traffic. But because of the proliferation and 
delegation of certificate authorities, Etisalat and hundreds of other 
groups have that capability. The good news about misusing the power 
of certificate authorities is that, like the BlackBerry upgrade, such 
attacks can quickly be uncovered and publicized, given enough 
vigilance and the right tools.

A better solution is to clean up the certificate authority lists and 
revoke the rights of organizations who could abuse it. The Electronic 
Frontier Foundation, where I used to work, recently published an open 
letter to Verizon asking them to consider publicly revoking the 
certificate authority that the company granted Etisalat. But that 
still leaves the hundreds of other certificate authorities that could 
turn rogue and start spying on the Web's secure systems.

Ironically, RIM's enterprise BlackBerry encryption is one of the few 
secure Internet communication channels that doesn't depend on 
certificate authorities, which could be one of the reasons the UAE is 
so obsessed with cracking it. RIM's defense against the UAE's demands 
is that corporations and individuals expect the same level of privacy 
in their BlackBerry communications as they get from any other 
Internet service. "Everything on the Internet is encrypted," CEO 
Michael Lazaridis told the Wall Street Journal, slightly 
inaccurately. "This is not a BlackBerry-only issue. If they can't 
deal with the Internet, they should shut it off." What's worrying is 
that the UAE may indeed have already "dealt with" the rest of the 
Internet-just not in the way that most of us would like.


-- 
Roger Clarke                                 http://www.rogerclarke.com/
			            
Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW
Visiting Professor in Computer Science    Australian National University

More information about the Link mailing list