Certificate hacks: PKI didn't fail us, humans did

Roger A Grimes says digital certiciate warnings are routinely ignored

With the high likelihood that GlobalSign has been hacked, this brings to at least three the number of popular public PKI certification authorities (CAs) attacked in recent months by a single hacker. The other CAs are Comodo and DigiNotar. The computer security world is aflutter because hundreds of bogus digital certificates have been issued. "It's a massive failure of PKI," they say. "It proves that there's too much trust spread around," say others. But it's hard for me to get worked up about any public CA or PKI compromise. Here's why: Almost nobody pays serious attention to digital certificate warning messages in the first place. I've yet to see the person who, when presented with a certificate error, didn't continue on and visit the website they were trying to access. Most users are simply annoyed by digital certificate warning messages. How dare they get in the way of a quick-loading Web page! It's not just mom and granddad who are ignoring digital certificate warnings. A few years ago, a survey revealed that the more users knew about digital certificates and PKI, the more likely they were to ignore the warnings. Part of the problem is that for as long as public PKI has been in existence -- nearly two decades -- it has tended to be implemented poorly. Websites with SSL certificates are notorious for having mistakes in their certificates. Mostly they have incorrect host names, where the subject name does not match the host name being contacted -- but certificates are often expired or have other x.509 mistakes. I attended a Black Hat Las Vegas 2010 conference on the subject where Ivan Ristic, directory of engineering at Qualys, revealed that the majority of websites using SSL certificates had errors. Qualys found 22.65 million SSL-enabled websites and hosts on the Internet (out of hundreds of millions of websites). Only 720,000 had SSL certificates with a valid name match. Only 28 percent of the most popular SSL websites had a proper name, although 70 percent had digital certificates that were linked to a trusted CA. That's good. But 28 percent were untrusted, and 4 percent had trust chains that could not be verified. Moreover, Qualys said more than 2 percent of the 22.65 million sites were suspicious. More than 137,000 certs were expired, 96,000 were self-signed, and more than 1,000 were revoked (but still being used). Twenty-one thousand had invalid digital signatures, and more than 57,000 had unknown CAs. Ninety-nine digital certificates had known bad keys left over from the Debian random number generator vulnerability, which was found and fixed more than a year before. I'm sure that these statistics have improved over the last year, but if only 3 percent of SSL-enabled sites (720,000 divided by 22.65 million) had a correct and valid SSL certificate (including only 28 percent of popular websites), can we really ask end-users to rely on public PKI? Don't get me wrong: I'm sad anytime I hear that a CA is hacked. CAs have heavy, tight security around the digital certificates that can issue other certificates. Most are protected by hardware security modules (HSMs), which usually require smart cards, USB tokens, or some other physical security device. In fact, it usually takes multiple physical tokens (each attached to different people) in order to access the important digital certificates. HSMs should be used by any company with a PKI, but especially by CAs. The Comodo hacker referenced above talks about being thwarted by an HSM. My guess is that the other compromised CAs were either not using HSMs or were not using them appropriately. The bottom line is that PKI didn't fail us. Its mathematical beauty and potential assurance is something rare in the computer security world. If run correctly, it would greatly benefit our online world. But as with most ongoing security risks, human nature ruins the promise.

Join the newsletter!

Error: Please check your email address.

Tags Security ID

Show Comments