SSL is Broken and Nearly Impossible to Fix

SSL is the protocol that underlies most of the Internet’s encrypted traffic, and lately many people have begun to realize that SSL is flawed in a pretty obvious and easily exploited way.

SSL relies on certificates to setup a secure connection between computers. Generating a certificate is easy, and it’s possible to create a valid certificate for any address on the Internet. Certificate authorities (or CAs) ensure trust and prevent mayhem by validating the certificate owner is who they claim to be and then adding a signature to a certificate labeling it as legitimate.

When you visit a secure website, your browser gets a certificate signed by an authority saying that this website is authentic. The browser compares that signature against its own built-in list of known certificate authorities (and their public keys). How many authorities does your browser know about? Try more than 600!

The SSL certificate authority model works well if you assume the authority treats its super-secret private key like the gold in Fort Knox: the key is only handled by a small group of Internet priests who open the vault in a solemn ritual, remove the key, calculate a signature using nothing but slide rules and chalkboards, and then hastily return their private key to the sacred vault. Obviously, most CAs skip this time consuming and expensive process and trust their computer systems to manage their private key securely in a way that’s resistant to theft by outsiders.

If you think 600 different people can secure their data perfectly, then have we got news for you. I could throw a party for 600 of the smartest people in the world, and chances are good that one of them would forget to wear deodorant. You simply can’t trust 600 different certificate authorities to properly manage their private keys.

And this is the problem. All it takes to compromise SSL is to get access to a single private key from one of the 600 certificate authorities. Once I have that, I can create a certificate claiming to be any site on the web, and your browser will accept it without question.

Fixing this problem won’t be easy. Already several proposals have been created, and many of them advocate eliminating the certificate authority (along with their multi-million dollar industry) entirely. Others have the CAs performing different roles, possibly even in conjunction with each other. Ars Technica recently published an overview of a couple of competing new standards.

Of course, deploying any protocol update will require the agreement of all the major browser vendors and possibly the existing certificate authorities (and they won’t go quietly if their role is reduced). And then it will take time for websites to generate new certificates and build out a chain of trust (however that would work).

Until then, it’s critical for end users to update their browsers and operating systems frequently. Certificate authority updates are published often, and having an outdated certificate in your browser is just asking for trouble. Automatic updating features are critical to ensuring proper application security for any app that relies on certificate validation.

 (BTW, we’ve covered problems with SSL before. Ken Hsu wrote about a certificate authority breach last year, and I wrote about an unrelated SSL flaw that hit Twitter in 2009.)

Essential Guide to Mobile App Testing

Comments

  1. says

    Hey! Someone in my Myspace group shared this website with us so I came to give it a look.
    I’m definitely loving the information. I’m bookmarking and will be tweeting this to my followers!
    Excellent blog and terrific design.

  2. Ian says

    Sorry, but “”All it takes to compromise SSL is to get access to a single private key from one of the 600 certificate authorities.” is complete nonsense.

    Assuming I had a key (by whatever means) I could theoretically craft a seemingly genuine certificate that would be accepted by a browser. But I would still have to get you, somehow, to my bogus, fake web-site.

    And it wouldn’t take long before those attacked to notice a common thread in the key being used and revoke all certificates generated with that key.

    If it were so easy to “compromise SSL”, don’t you think we’d be hearing just a little bit more about it?

  3. says

    Thank you for sharing this post with us. Very nice and informative post. How about sharing your thoughts on imporatnce of Security Testing, I still feel that many of us neglect this aspect untill we fall in trap and realize that we missed out on security testing.

Leave a Reply

Your email address will not be published. Required fields are marked *