View Single Post
  #8 (permalink)  
Old 03-30-2010, 03:25 PM
Anne & Lynn Wheeler
Posts: n/a
Default Re: Gov't coerced Certs thwart SSL/TLS

copy of some long-winded posts in another discussion group

Law Enforcement Appliance Subverts SSL

from above:

.... security researcher Chris Soghoian discovered that a small company
was marketing internet spying boxes to the feds. The boxes were
designed to intercept those communications -- without breaking the
encryption -- by using forged security certificates,

.... snip ...

financial crypto blog discussion:

Why the browsers must change their old SSL security (?) model
Pushing the CA into taking responsibility for the MITM

this is recent computer architecture blog (posting) discussing
connection between supercomputing and electronic commerce:

i.e. two of the people mentioned in the jan92 cluster scaleup meeting

leave and show up at small client/server startup responsible for
something called "commerce server". We are brought in as consultants
because they want to do payments transactions on the server; the startup
had also invented this technology they called "SSL" that they wanted to
use. As part of mapping "SSL" to payment operations (now frequently
called "electronic commerce"), required threat & vulnerability studies
.... which included lots of assumptions about how SSL had to be deployed
and used.

As mentioned in the financial cryptography blog ... majority of exploits
over the period since then ... have long been known.


one of the references are to the large number of digital certificates
for Certification Authorities that have been added to standard browser
distributions over the years. In some cases, the original
Certification Authorities have gone bankrupt and are no longer in
business (browsers have no method for differentiating business
practices of the increasing number of different Certification
Authorities that have been enabled).

one of the 20yr scenarios is criminal elements coming into some level
of influence of any of these Certification Authorities. This is
analogous to a number of situations where criminal elements were able
to influence ATM cash machine manufacturing ... with skimming
compromises installed at the time the machine was being built.

A compromised Certification Authority is able to issue a digital
certificate that is acceptable by every browser in the world ... for
any business ... even for businesses that have digital certificates
issued from totally different Certificate Authority.

This is the old adage that the security trust chain is only as strong
as the weakest link ... the criminal elements are likely to go after
the weakest link not the strongest link ... (picking some clerk at a
Certification Authority ... or a Certification Authority that has some
other kind of weakness/vulnerability).

From failure mode analysis ... having also done some number of
high-availability products ... a high availability infrastructure is
built so that the probability of infrastructure failure is the
probability of all redundant components failing at the same time (the
product/multiplication of the failure probabilities of the individual
redundant components ... as the number of redundant components go up
the probability of system failure decreases).

However, the Certification Authority infrastructure is not a
high-availability infrastructure .... its characteristic is the chain
analogy ... the system fails if there is any failure in any component
(basically adding the failure probability of each individual
component) ... as the number of acceptable Certification Authorities
increase ... the probability that there is an overall system failure
increases (the inverse of high-availability operation where adding
redundant components lowers the system failure risk).

There is old post about jan92 meeting in ellisons conference room that
draws a thread between high-availability cluster scaleup and current
SSL "electronic commerce"

Now, two of the people named in the above meeting, leave and show up
at a small client/server startup responsible for something called
"commerce server". As mentioned above ... we were then called in to
consult because they wanted to do payment transactions on their
server; the startup had also invented this technology they called
"SSL" they wanted to use.

another weak link in SSL domain name digital certificate infrastructure
is the domain name system. When I apply for SSL digital certificate, I
provide some information about who I am ... then the Certification
Authority validates with the domain name infrastructure that I am also
the true owner of the corresponding domain name.

An exploit is domain name hijacking at the domain name system ... and
then going to Certification Authority (that does the weakest validation)
.... and apply for a valid SSL digital certificate.

Countermeasures to domain name hijacking are using various technologies
to improve the integrity of the domain name system. However, there is
possibility that some of the technologies can also eliminate the need
for SSL domain name certificates. I've pontificated about this catch-22
in the past

another article:

Sneaking Into the Transport Layer With a Fake ID

If crooks can get into compromising POS terminal and ATM cash machines
during manufacturing (with built in skimming devices, at one point there
was an estimate that as many as 1/3rd of POS terminals being sold in
particular market had built in skimming devices at manufacturing)
.... what so unthinkable about crooks being able to obtain (valid) SSL
digital certificates using forged identification.

42yrs virtualization experience (since Jan68), online at home since Mar1970

Reply With Quote