Skip to main content

Google discovers new security holes in SSL — is the entire system fundamentally flawed?

Data security

Share This Article

Google has discovered that an intermediate certificate authority had issued unauthorized certificates for multiple Google domains. The problem arose because the intermediate authority, MCS Holdings, had issued certificates for the Google domains, despite not holding those domains itself.
The reason it’s critical that companies not mint certificates for websites they don’t operate themselves is because doing so breaks the function of SSL itself. Here’s how the system is supposed to operate:
How SSL works
Your PC contacts a Google server, which returns a certificate. Your computer uses that certificate to encrypt a data session. The server confirms that the key is good and establishes the secure session with your PC. When certificates are signed by third parties, it allows the false server to execute a classic man-in-the-middle attack.
Main_the_middle
In a man-in-the-middle attack, an intervening certificate authority can pretend to be the genuine issuing authority, particularly if the intermediate certificate company is given the full authority of an issuing CA, which is what happened here. That’s not supposed to happen, as Google points out — the original Certificate Authority, CNNIC (the Chinese Internet Network Information Center) should never have given such authority to MCS Holding in the first place.

Fixing the TLS/SSL system

The problem with the SSL system — in addition to all the bugs, at least — is that it relies on the idea that Certificate Authorities will always issue good certificates. History has proven this simply isn’t true — multiple Certificate Authorities have been hacked, including companies like VeriSign and the now-defunct DigiNotar. Google wants to revamp the process of issuing certificates with its Certificate Transparency initiative. This project would:
  • Make it impossible (or at least very difficult) for a CA to issue a SSL certificate for a domain without the certificate being visible to the owner of that domain.
  • Provide an open auditing and monitoring system that lets any domain owner or CA determine whether certificates have been mistakenly or maliciously issued.
  • Protect users (as much as possible) from being duped by certificates that were mistakenly or maliciously issued.
Certificates would be logged, and the logs would be monitored by public servers that would periodically check to see if malicious or unauthorized certificates were being used across the net. For example, if Certificate Authority XYZ issued an unauthorized certificate for Gmail, a Certificate Transparency Monitor would detect the problem and alert Google itself. Finally, the logs and monitors would themselves be guarded by a cryptographic watchdog program, which would check to ensure that SSL certificates were properly logged and that the logs weren’t tampered with.
The other problem with the TLS/SSL system, beyond the fact that it relies on intrinsic trust, is that the system can be easily subverted. Unless certificates issued by a particular authority are revoked, those certificates can continue to be used to wreak havoc. This is why the recent Lenovo-Superfish debacle was so dangerous. Until Google, Microsoft, and Firefox updated their own software to reject the Komodo certificate, it remained available and functional — effectively end-running around any security that a website might try to provide.

Comments

Popular posts from this blog

How ad-free subscriptions could solve Facebook

At the core of Facebook’s “well-being” problem is that its business is directly coupled with total time spent on its apps. The more hours you pass on the social network, the more ads you see and click, the more money it earns. That puts its plan to make using Facebook healthier at odds with its finances, restricting how far it’s willing to go to protect us from the harms of over use. The advertising-supported model comes with some big benefits, though. Facebook CEO Mark Zuckerberg has repeatedly said that “We will always keep Facebook a free service for everyone.” Ads lets Facebook remain free for those who don’t want to pay, and more importantly, for those around the world who couldn’t afford to. Ads pay for Facebook to keep the lights on, research and develop new technologies, and profit handsomely in a way that attracts top talent and further investment. More affluent users with more buying power in markets like the US, UK, and Canada command higher ad prices, effectively

Best Web Design Company in Pondicherry

#Technology    has two faces. We all feel it, but sometimes can’t find words to describe it.  #Ebooks    are the best example to show the 0-1 nature of emotions the  #technology  evokes. #itwhere    provide a  #Best     #solutions    to  #Growyourbusiness    feel free to drop a  #Mail    info@itwheretech.co.in www.itwheretech.co.in 

Phoenix OS is (another) Android-as-a-desktop

Google Android may have been developed as a smartphone operating system (and later ported to tablets, TVs, watches, and other platforms), but over the past few years we’ve seen a number of attempts to turn it into a desktop operating system. One of the most successful has been  Remix OS , which gives Android a taskbar, start menu, and an excellent window management system. The Remix OS team has also generated a lot of buzz over the past year, and this week the operating system gained a lot of new alpha testers thanks to a  downloadable version of Remix OS  that you can run on many recent desktop or notebook computers. But Remix OS isn’t the only game in town.  Phoenix OS  is another Android-as-desktop operating system, and while it’s still pretty rough around the edges, there are a few features that could make it a better option for some testers. Some background I first discovered Phoenix OS from  a post in the Remix OS Google Group , although I’ve also found mentions of th

HOW TO CREATE UEFI BOOTABLE USB DRIVE TO INSTALL WINDOWS 8/8.1

Before comes  Windows 8 and Windows 8.1  you made the bootable iso  for  Windows 7. Boot from USB and start to setup the Windows 7.  Windows 8/8.1  don’t include the traditional BIOS . They use UEFI firmware  so you must follow another way to create a bootable USB . If you interest to read what is UEFI  you can find a small description  here  and more details here . UEFI  is more secure and faster than traditional  BIOS  but here comes the problem when you try to boot from an iso file to install  Windows 8/8.1 . I have spent lot of hours until found the right way to boot from a USB to install  Windows 8/8.1 . As an IT when  Windows 8 realeased I download the iso,  create the bootable usb to start the installation but never boot.I change USB , download again the iso , create multiple times the bootable usb but every time the same results. After lot of search I understand that must create a  UEFI bootable USB  to start the installation of   Windows 8/8.1 . Follow I will exp

Windows 10 for phones will be released on this Friday

Microsoft's head of the Windows Insider program, Gabe Aul, has announced today on Windows Weekly that they will release a  new build of Windows 10 for phones  on Friday at 10 AM PT. Windows 10 release date A few weeks back, the company announced a new list of supported devices for the next release but for the version that will be released on Friday, the Lumia Icon and Lumia 930 will not be supported. Gabe said during the announcement that it came down to the new UI being too small on these devices and as such, will not be included in this release. List of supported devices Lumia 1020 Lumia 1320 Lumia 1520 Lumia 520 Lumia 525 Lumia 526 Lumia 530 Lumia 530 Dual Sim Lumia 535 Lumia 620 Lumia 625 Lumia 630 Lumia 630 Dual Sim Lumia 635 Lumia 636 Lumia 638 Lumia 720 Lumia 730 Lumia 730 Dual SIM Lumia 735 Lumia 810 Lumia 820 Lumia 822 Lumia 830 Lumia 920 Lumia 925 Lumia 928 Lumia ICON Microsoft Lumia 430 Microsoft Lumia 435 Microsoft Lumia 435 Dual SIM Microsoft Lumia 435 Dual SIM D