|Page 2 of 2 <|
Researchers Hack Internet Security Infrastructure
Tim Callan, vice president of marketing at Verisign, said the company -- which recently acquired Geo-Trust, RapidSSL's parent firm -- learned from Microsoft last week that the research was going to be presented. However, Callan said Microsoft was briefed under a non-disclosure agreement with the researchers and so was prohibited from passing along any significant details of the research.
"We are not in a position right now where we can tell you whether this attack works and whether it's something to be concerned about or not, because nobody has shared detailed information with us," Callan said.
Callan said Verisign has been phasing out MD5 in favor of more secure signing algorithms amongst its CA properties for the past couple of years, and expects to finish the process in January 2009.
"If it turns out that some clever security researchers have come up with an attack that would further weaken MD5, we may take an even more aggressive stance" in shifting to more complex encryption algorithms, Callan said.
Appelbaum said that his group's attorneys advised against giving Verisign advance notice, citing the possibility that the company could convince a judge that it was in the best interests of public safety to prevent the researchers from publicly presenting their findings.
"Our lawyers advised us that telling the CA about this increases the chances of us getting into serious legal trouble that may ultimately prevent us from speaking about it," Appelbaum said.
Gene Spafford, a professor of computer science at Purdue University, said he was not privy to the details of the research, but that a cyber criminal in control of a rogue CA could conduct very effective phishing attacks, scams that use e-mail to lure people into giving away personal and financial data at fake bank and e-commerce sites.
"If I as an attacker can either recreate someone else's certificate with a valid signature by pointing to my fake domain, or if I am able to alter certificates on-the-fly in some way, that gives me a real advantage for conducting a number of spoofing attacks, and makes phishing much more possible and believable," Spafford said.
Others in the computer security community, however, do not see this as a crucial threat.
Bruce Schneier, a noted cryptography expert and security gadfly, praised the researchers for their work, but said the average Internet user is no less secure because of their findings.
"Don't get me wrong: This is really good research, and it's a nice demonstration of fundamental flaw, but I don't see this as changing much," Schneier said. "Ask yourself this: When was the last time you checked the validity of a [SSL certificate]? The reality is that good SSL certificates do not improve security at all, because nobody bothers to check them. I mean, I'm a security guy, and I don't do it."
The National Institute of Standards and Technology (NIST) is hosting a contest to find a set of solid replacements for the current crop of certificate encryption options widely used today.
Schneier said researchers would continue to pick apart new encryption and hashing schemes. In fact, NIST announced on its Web site that three of the 51 teams have already acknowledged significant weaknesses in their proposed schemes, after having holes poked in their methods by competing teams.
"The CA system is broken, but it works because broken systems tend to be better for society, which needs fluidity in the face of complicated social constructs," Schneier said. "Systems that are broken but work are very common in the real world: Front door locks are surprisingly pickable. Think of faxed signatures, for example. It's a ridiculous form of authentication, yet people trust these documents all the time for very important stuff."