| Rogue Certificate Vulnerability Through MD5 |
 |
 |
 |
| Security - Enterprise Security |
| Saturday, 03 January 2009 20:10 |
|
SummaryThis article [1] by Kelly Jackson Higgins explains a recently developed attack which can allow an attacker to circumvent SSL certificate security. SSL public certificates are used to provide proof that a website belongs to some owner and further allows for secured communications between an end user and the secure web server for which the certificate was issued. These certificates have become instrumental in providing secure communications over the Internet and to establishing trusted application environments. This attack could allow attackers to forge certificates by hijacking the signing authority of a certification authority. As a result, it is possible to impersonate a legitimate website. This major threat to Internet security exists because many certificate authorities still use MD5 hashing, as opposed to SHA-based hashes which are still considered to be secure. MD5 hashing is no longer secure because of a known algorithmic weakness which is exploited through collision. The article notes that the certificate authorities will be moving to more secure hashes soon, but there is no deadline or oversight in this action. Further compounding this problem, existing certificates which are not set to expire for some time are also vulnerable; it would be a very difficult process to revoke and replace these existing certificates which will not be expiring soon. The author explains that combined with a DNS attack created by Dan Kaminsky, attackers could redirect users to a phishing website and then use fake certificates in order to appear legitimate. The web browser would report that this is an organization’s legitimate website, even when it actually is not. In non-technical terms, the secure lock displayed by a user’s web browser could be displayed on a phishing website. As a result, even a highly technical user could be tricked. Such an attack would also be very difficult to detect. The article also explains another situation where an attacker could monitor encrypted traffic. This threat could come from hackers, but may also be used at the government level in order to monitor encrypted traffic. It should be noted that the attack is not trivial to perform. The security researchers used a large cluster of PlayStation 3s in order to calculate the collision attack. While some attacked the announcement of this zero-day attack, no source code was released, and major vendors have been notified about this attack previous to public disclosure. Relation to Enterprise SecurityThis vulnerability and related exploits is of great importance to enterprise security because it diminishes trust relationships needed for secured communications over the Internet. Secured communications may be used in VPN solutions or data exchange between organizations. Furthermore, some organizations may use vulnerable certificates in order to provide secure communications channels to their customers (e.g. banks and other financial institutions). SSL certificates are also commonly used in securing business-to-business transactions; for example, securing web services interactions [2][3]. SSL certification over the Internet is not limited to specific cases, but is used anytime secured communications are required. Through this vulnerability, both internal and external data, credentials, and communications can be intercepted. This presents major challenges to providing CIA and privacy. Furthermore, this article demonstrates the need for proactive security measures. The MD5 hash was proven to be insecure many years ago [4]. The certificate authorities represent the core of the Internet public key infrastructure (PKI), and thus were responsible to update to more secure methods. Until now, the possible threat was much lower because there was no major real world exploit known. However, it was still a well known fact that MD5 was insecure and susceptible to some attack. While it is likely not trivial to convert to a stronger hash, if planned properly the project could have been implemented properly over time. Instead, the certificate authorities will now have to rush to find a solution. As the author states, SSL and the Internet PKI are major institutions of the Internet. It logically follows that they would be likely targets for attackers. When considering security for one’s own organization, it is important to be diligent and proactive. This means keeping up to date with news and vulnerability reports (CVEs, etc.) as well as developing an action plan in response to these news items. Analysis/Discussion This attack is very recent and only seems to have received coverage in technical circles. I imagine that once news of this attack reaches mainstream Internet users pandemonium will ensue. Users are constantly being told to watch out for spoofing and phishing attempts, and have come to trust the in-browser verifications. I imagine that many users, even those who attempt to check for certificate validity will be fooled and will become victims of identity theft or fraud. Many users will likely not hear about this attack or will not upgrade their systems when fixes become available. As a result, it may be very difficult to prevent long-term, large-scale exposure to this vulnerability. For a better understanding of the attack, I visited the authors’ explanation [5].The report details how the attack works and explains the background issues related to the attack. The attackers were able to easily predict the needed information from the RapidSSL certificate authority because they used very predictable mode of certificate generation: The validity period lasts for one year, starting 6 seconds after the user click the final “OK” button and the serial numbers were found to be sequentially incremented. Thus, they could generate a collision and buy many certificates around the time the collision would occur, giving a high likelihood of exploiting the vulnerability. It should be noted that the entire process was non-trivial and could have failed if other customers happened to be purchasing during the necessary time window. It took the authors many attempts to time and to execute everything perfectly, and they incurred a minimal dollar cost (under $700 USD). They do not believe that their attack can easily be replicated at this time, but hoped to demonstrate the need to update the Internet PKI. The end of their report has recent responses from vendors and software authors showing a speedy response and progress in addressing this problem. The attack author’s also provide some history about the MD5 vulnerability. According to their research, MD5 was created in 1991, with the first weakness pointed out in 1993, with the first documented collision reported in 2004. After further research in 2005 and 2007, it became evident that MD5 was no longer viable because the collision attack could be highly customized and could compromise certificates not created in a laboratory setting. The authors created the attack documented in order to prove that MD5 should be replaced in all applications. The PKI was a logical choice since it would bring about greater attention than in some other applications. Hopefully, this research will have trickledown effect so that software authors will upgrade to SHA-2 or other more secure hashing algorithms. The researchers also explain that while SHA-2 is currently seen as very secure, NIST is already looking for a successor algorithm by 2012. It should be assumed that any given security measure will eventually be compromised. Thus, significant investments should be made to replace security controls before they become obsolete. Bibliography1. Higgins, Kelly Jackson. New SSL Hack Imperils Secure Websites. darkReading. [Online] December 30, 2008. [Cited: January 4, 2009.] http://darkreading.com/security/attacks/showArticle.jhtml?articleID=212700234.
Add this page to your favorite Social Bookmarking websites              |
Comments