The story that has been slowly breaking over the past few days regarding the compromise at Dutch certificate authority DigiNotar and the subsequent “theft” of many important credentials is one that is of huge importance for internet users, governments and even the trust foundation that underlies the internet in general.
What has happened exactly?
DigiNotar is a trusted authority. That means that they can issue certificates that allow websites offering secure, encrypted communications to prove that they are who they say they are. Think of it as a digital passport. When you browse to your bank, your email provider or any other secure site, in the background these certificates are exchanged before secured communications can begin.
Your web browser contains a list of “root authorities” whose certificates can be trusted. If a web site presents a valid certificate then your browser will trust it and begin encrypted communications. When the certificate is valid, this all happens transparently to you, the end user.
DigiNotar’s security has been compromised and a large number of fraudulent certificates have been issued. A full list can be found here (CSV file), although it should be stated that this list may yet grow over time.
What is a valid certificate?
A valid certificate is one that matches the name of the site that is using it, that has an expiry date that has not yet been exceeded and critically is signed by a trusted authority. It is this last step that is normally difficult for those with malicious intent to overcome. If I present an faked, expired or otherwise fraufdulent certificate, your browser will alert you and you may well choose not to continue the communication.
So what does this mean?
If I can set up a “man-in-the-middle”, for example a proxy server, between you and your bank it is very simple for me to intercept and read plain old HTTP traffic as it is not encrypted. However HTTPS traffic would be a problem, it is encrypted and I don’t have the keys to decrypt it, the encryption is between you and your bank.
If I have a valid certificate that appears to come from your bank I can overcome this problem, my proxy can pretend to be your bank, present the right credentials and I can decrypt and read all your content, before I pass it on to the real final destination.
Who is at risk?
In a normal situation where I am browsing the internet I can connect directly from my computer to my bank I am on a network I trust and I am not at risk. If however all my traffic must pass through a proxy, either at my Internet Service Provider or at state level, which is the case in some more restrictive nations then I am at risk.
The owner of the proxy can make use of fraudulent certificates and act as a man-in-the-middle. There is also a risk on public networks such as wi-fi hotspots, again the hot-spot provider will often make use of a proxy. Under normal circumstances encrypted traffic will simply be passed through untouched, but if I have a shady certificate and malicious intent I can intercept your traffic.
Alternatively I could infect your system with malware that configures your computer to pass all your traffic through a proxy of my choice, wherever you are located. For this to be effective I would need to be able to install code on your system to make these changes. At least one of the fraudulent certificates allows “code signing” meaning it can be used to certify that a program is from a valid publisher so this possibility certainly exists in theory.
The fraudulent certificates issued as a result of the DigiNotar compromise have disproportionately and suspiciously affected users based in Iran (link to TrendLabs blog to follow). In Iran, all web traffic must pass through state approved proxies, the perfect man in the middle.
In this scenario, the “benefits” of owning fraudulent certificates are clear. All encrypted traffic for affected destinations can now be decrypted at will and the end-user will be entirely unaware. It has been reported that the fraudulent certificates obtained include certs for *.com and *.org, meaning that all traffic for any web site with one of these suffixes can be intercepted.
Is the internet broken?
Does this event undermine the foundations of trusted communication online? Not entirely, although it certainly highlights a weak link in the chain. Authorities that are trusted to certify the identity and validity of web servers have a responsibility to ensure that the security of their systems and networks is second to none; they represent the top of the food chain. Having said that, security should always be designed on the assumption that a breach will occur.
The key to successfully responding to such an event lies in the honesty and transparency of an authority that has been the victim of such an attack. Details of any such breach should be made public immediately so that the bad certificates can be revoked and will no longer be accepted by browsers around the world, thus mitigating the effect of such an attack.
Unfortunately in the case of DigiNotar the extent of the breach was reported as minimal at the outset and the full details are only now becoming clear, several days later. We now know that 531 bad certificates have been issued, including those for *.com and *.org, making the certificates for WindowsUpdate look tame by comparison.
The compromise at DigiNotar happened in July of this year, at the time of the initial investigation the fraudulent cert for google.com was not discovered, meaning that that one at least was in the wild for over a month.
Trust in all certificates issued by DigiNotar has already been revoked by many browser and operating system manufacturers and the consequences for DigiNotar as a company are likely to be severe, possibly fatal.