Wednesday, March 24, 2010

New paper

My latest paper, co-authored with Sid Stamm, is now online:

Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL

The abstract:
This paper introduces a new attack, the compelled certificate creation attack, in which government agencies compel a certificate authority to issue false SSL certificates that are then used by intelligence agencies to covertly intercept and hijack individuals' secure Web-based communications. We reveal alarming evidence that suggests that this attack is in active use. Finally, we introduce a lightweight browser add-on that detects and thwarts such attacks.

The first paragraph describing the threat:
A pro-democracy dissident in China connects to a secure web forum hosted on servers outside the country. Relying on the training she received from foreign human rights groups, she makes certain to look for the SSL encryption lock icon in her web browser, and only after determining that the connection is secure does she enter her login credentials and then begin to upload materials to be shared with her colleagues. However, unknown to the activist, the Chinese government is able to covertly intercept SSL encrypted connections. Agents from the state security apparatus soon arrive at her residence, leading to her arrest, detention and violent interrogation. While this scenario is fictitious, the vulnerability is not.


We are hoping to release the CertLock browser add-on described in the paper in the next few weeks. In the mean time, we welcome any feedback on our paper.

In general, the SSL/Certificate Authority system is horribly broken, and it needs to be fixed. However, broken SSL is still better than no SSL -- which is why the big name email providers, social networks and any other site that handles sensitive data needs to step up and protect their users.

10 comments:

Anonymous said...

What exactly do you want the email providers to do? You identify a problem, but offer only "maybe DNSSEC" as a solution.

Dead said...

current PKI implementation hopelessly broken, impossible to trust, every citizen trusting every govt whose CAs are included in products.... okay... current pki hopelessly f*cked.

2nd point: every software vendor and every online service must ssl'ize and improve ssl implementations, to have the best possible implementation of a largely hopelessly f*cked trust model.

not a great place to be. i hope the future generation(s) of crypto researchers/implementers do a better job than our extremely talented last generation of researchers/implementers.

god help the end user though. (and us atheists don't get such help).

Jason M. Christos said...

I appreciate you making these study available to me.

Jason M. Christos said...

I appreciate you making your study available to me.

Eddie said...

Great paper. I like the ideas implemented in the plugin to detect this kind of attack. However I think it can also be useful to 'cache' the expiration date of the certificate.
Why would a company replace a certificate that is not even near to expiry?
You could check if the certificate has been revoked but that would require online validation (and goes against the principles of the plugin).
But early replacement of a certifate could be an indication of "something fishy" :-D

shewfig said...

Breathlessly awaiting release of Certlock. I hope you don't mind that I mentioned it in my blog: http://shewfig.blogspot.com/2010/03/adding-trust-assurance-to-ssl-through.html

I'm playing with the idea of verification through a Web of Trust - trying to implement Perspectives without the loss of anonymity. Your comments would be most welcome.

N=1 said...

Is there a beta-users program for the CertLock add-on? If so, I'd like to apply!

Anonymous said...

is there an ETA for CertLock or a pending beta release?

Cheese Lover Bob said...

So, when will the Certlock plugin be released? I'd like to download it...

Anonymous said...

Is Certificate Patrol related to Certlock?

See: https://addons.mozilla.org/de/firefox/addon/6415/

I'll install CertPatrol and see what it can do.