Recently, there has been a bit of a commotion regarding hackers gaining access to valid SSL and code signing certificates. First there was the stuxnet worm, that was signed with actual certificates stolen from Realtek and JMicron. Then there was comodo-gate. The most recent, and most serious incident happened at dutch company diginotar, and resulted in an (as of yet) unknown number of certificates being issued for unknown sites to unknown parties.
As reporters start to catch on to the magnitude of the diginotar case, and begin to understand the trust implications of a compromised root Certificate Authority, the conversation takes a turn toward gloom and despair. In this post I will offer an alternative reading that strongly suggest that hackers attacking certificates and certificate authorities is actually a huge step forward for security and privacy on the internet.
Back in the dark days of the internet, only a very small number of web-sites insisted on secure communications using encryption and certificates. These were usually sites that handled financial transactions, and the use of encryption and certificates was borne not so much out of a desire to protect the privacy of the user, but out of regulatory compliance and insurance issues.
A man-in-the-middle attack, where someone lures internet users to a fake version of a prominent website, then relays traffic to the real website while monitoring the exchange, was reasonably easy to pull off in the dark days of the internet, especially for state actors that can pressure internet service providers into manipulating a user's internet connection. As a hacker you did not have to deal with encryption and certificates to get your grubby little hands on people's personal data. But then everything changed.
In October 2010 Eric Butler released a Firefox extension called Firesheep, a user friendly point-and-click tool that, using well-known properties of wireless networks, allowed even the least sophisticated of users to hijack other user's Facebook sessions. The security community was not impressed. They had known about these vulnerabilities for years. The only real solution -- commenters wearily pointed out, as they had many times before -- was end-to-end encryption using SSL certificates. But that was never going to happen.
As usual, the security community got the facts right, but the sociology wrong. The mere existence of Firesheep changed the game completely. Session hijacking was no longer a a "purely theoretical" threat, something that pimply misfit nerds did by chanting dark incantations at a wireshark window. Every jock with a laptop could do it. Social networks and other sites scrambled over each other in a rush to deploy, and in some cases even to mandate, SSL encryption. Firesheep did more for the adoption of end-to-end encryption in a week, than security researchers had done in two decades.
In the post-firesheep world, connections are increasingly protected with SSL encryption, and users have trained themselves to make sure the SSL certificate is valid. The only way a man-in-the-middle attack can take place is if the attacker has access to a fraudulent certificate for the web site in question. In order to attack a site that uses SSL encryption, the hacker must subvert a critical piece of internet infrastructure.
Security news has lately been dominated by compromises of certificates and even certificate authorities.
Given the key position of these entities in modern internet security, this is clearly a very bad thing. The diginotar affair in particular is inexcusable. Certificate issuers need to get their security act together to make sure hackers cannot steal certificates or issue rogue ones. They must operate in a transparent manner, disclose breaches in a timely manner and revoke compromised certificates, or even suspect certificates, immediately. They must act in accordance with the trust they are given, and the extortionate fees they are paid.
The bottom line however, is that it is easier to protect a handful of root certification authorities from compromise than tens of thousands of individual internet sites from man-in-the-middle attacks. By performing widespread deployment of end-to-end encryption with SSL we are closing off thousands of potential back doors and forcing the hackers to attack the most hardened part of the internet security apparatus head on.