Certified Hype: Government Interception Attacks Against SSL

In the latest example of researchers trying to point out "flaws" in the design of SSL, researchers Christopher Soghoian and Sid Stamm recently released a paper explaining the possibility of a government interception attack against SSL.

The paper gives a great overview of how the current system of trust for SSL certificates works while presenting the theory that governments could compel certificate authorities to issue fake SSL certificates which could then be used for espionage by intelligence agencies. The paper supposedly "reveal[s] alarming evidence that suggests that this attack is in active use." This evidence consists only of learning about a device marketed to governments that could (not does) use a fake certificate (none of which have been confirmed to exist) to enable a man-in-the-middle attack. It is hardly "alarming evidence" to learn that man-in-the-middle attacks are possible.

There is one important flaw in logic that needs to be pointed out. The researchers make clear that a government would be unlikely to use their own trusted root certificates to create a fake certificate because it would be directly traced back to them. Instead, governments would compel commercial certificate authorities to create a fake certificate for them. The problem with this? The fake certificate would be traced back to the commercial certificate authority who would have its reputation tainted, its roots revoked, and would essentially be out of business. That isn't going to work any better than using their own roots which means that it isn't going to happen.

It seems that they are inventing a cure for a theoretical disease. However, they do propose an interesting, though not novel, change to the way that browers treat SSL certificates:

The Firefox extension essentially, warns if a certificate was issued by a CA that is in a different country than the country of the CA that the certificate was issued to on a previous visit. This could be a useful change to completely prevent CA abuse, however unlikely it is.

Originally posted on Fri Mar 26, 2010

Comments

Robert(2014-12-13)

You're right that it wouldn't be simple to detect a fake certificate, but using tools like the one mentioned in the article would allow users to detect when different SSL certificates are being used on the same site. There are several cert databases that would also catch certificate changes and prompt more investigation. One of the biggest dangers with the latest US government surveillance leaks is that they are bypassing encryption altogether by getting the data directly from the company that individuals are using (i.e. your email is encrypted on the way to Google but Google can access it unencrypted and give this information to the government). They are also storing encrypted data and building massive computing power to brute-force decrypt high target data.

Counterpoint(2014-12-13)

We are currently aware that GCHQ and US agencies are processing vast amounts of internet traffic. You boldly claim that governments could not use fake SSL certificates, because they would be traced back to them. How, exactly, would you detect a fake certificate? In what way is it distinguishable from a genuine one?