Saturday, September 14, 2013

SSL is Broken. Here's how to Fix it!

In the last few days, Brazilian television show Fantastico published a video with details on how the NSA has been backdooring SSL connections and intercepting supposedly secure Internet communications. They accomplish this through the use of a well known technique called 'Man in the Middle" whereby the NSA inserts itself between the computer of the person they want to compromise and the computer to which that person is connecting. By doing so, they are able to establish an SSL encrypted connection with each side thereby allowing the targeted user to believe they are securely connected to a website while giving the NSA access to every single byte that crosses the wire.

This is not an encryption break. It is a well known flaw within the system that SSL relies on called "Certificate Authorities". Generally, when a website wants to offer users a secure way to connect to them, they purchase an SSL certificate from a certificate authority. Your browser has several certificate authorities defined as 'trusted' so any site that has a certificate signed by one of these authorites will also be trusted without question.

The problem is that any certificate authority can issue a valid certificate for any site and that certificate will not be questioned by the browser. That's because your browser doesn't care which certificate authority the certificate comes from, only that it's from one that it trusts. This is the NSA's ace-in-the-hole.

Let's say you buy a certificate from Verisign. Users who connect to your website will see the little lock and know that their connections are absolutely secure from eavesdropping. What the NSA does is either compel Verisign to issue a second certificate that is controlled by the agency or goes to another authority (they might even run their own) and get a second certificate. Then, they use traditional man-in-the-middle techniques to insert themselves between the users they want to attack and your site and, because their second certificate is signed by a trusted authority, it too is also trusted. The little lock engages, everything looks fine, and the NSA can watch and read everything you say and do on that particular site.

We've long suspected that this was happening. We've long known that it was possible. In fact, police successfully used this attack a number of times in the past to gather evidence that was later used to convict someone. But everyone downplayed the severity of the problem because, well, we didn't have anything better and we didn't realize that it was such a massive threat.  The leaks from Edward J. Snowden have changed that. We now know, beyond doubt, that the NSA and probably other federal agencies are actively using this attack against targets.

There is an answer and it's pretty simple...

A few years ago, security researcher and programmer Moxie Marlinspike presented a very elegant solution to the problems we face in blindly trusting certificate authorities. It was called "Notaries" and it works almost exactly like it sounds like it would.

Under the notary system, every time your browser receives a new certificate from a website, it asks several other computers on the Internet (either random ones or ones you've pre-selected) if they see the same certificate. If you're being man-in-the-middled and presented with a fake certificate, the notaries won't see the same certificate and you'll easily be able to detect a forgery. The system can be set up so that it requires the consensus of all of the queried notaries in order to mark a certificate as valid or a majority.  That means that, even if there are a few bad actors within the system - notaries controlled by the NSA, for example, it's still possible to get a reliable answer as to if the certificate you're seeing is real or not.

Notary security comes with a price...

As you might have already noticed, there is a glitch in the system that some people probably won't like. Since you're asking other computers if the certificate they see is the same certificate you're seeing, you are allowing other computers to know the sites you visit.  There isn't a good work around for that yet in Moxie's system but, for the time being, the answer seems to be 'only use notaries you trust and untrust any that violate your privacy'.

Since seeing Moxie's presentation, I've given this a lot of thought. In the end, I'm alright with selected other sites knowing what sites I visit as long as 1) I know they can't see what I'm doing on those sites and 2) they provide me with good security.  I'm sure that, once the system comes into wide use this problem will be solved pretty quickly though and there are a number of ways to address it even now. But I'll leave that as an exercise for you.

Our idea of trust has to change now...

Out of everything the leaks from Edward Snowden have shown us, the most important thing we need to take away from them is that our idea of trust and who we trust needs to change.  It turns out that the web is built on some pretty fragile security technologies that we need to seriously reevaluate. Even if we trust the companies that provide our services, that's not enough. We also need to be able to find trustable ways of consuming those services and plain old SSL simply isn't one of them.

If you want to learn more about notaries and how they very well could be the savior of web security, check out the presentation on them that Moxie did here. If you'd like to try out the concept now and you're using Firefox, you can download the plugin from here.

Liked this post?  Why not donate some Bitcoin?

1 comment:

Blogger said...

Did you consider exchanging with the most recommended Bitcoin exchange company: YoBit.