Hidden Certificate Authorities Undermine Public Crypto Infrastructure • The Register
Security researchers have verified the Web’s public key infrastructure and measured a long-known but little-analyzed security threat: hidden root certificate authorities.
Certificate authorities, or CAs, vouch for the digital certificates we use to build trust online. You can be reasonably sure that your bank’s website is in fact your bank’s website when it presents your browser with an end user or leaf certificate linked via a chain of trust to an intermediate certificate and ultimately to the X.509 root certificate from a trusted certification authority. .
Each browser relies on a trust store made up of around 100 root certificates belonging to a smaller set of organizations. Mozilla’s CA certificate list, for example, currently has 151 certificates representing 53 organizations.
Some of the more well-known certification authorities in the United States include IdenTrust, DigiCert, Sectigo, and Let’s Encrypt.
But it’s not the known CAs that are the problem. Researchers affiliated with universities in China and the United States recently examined the certificate ecosystem and found that there are a large number of hidden root certificates. They are of concern because root certificates and their associated CAs are supposed to be known – this is the basis of the chain of trust.
Seven computer scientists – Yiming Zhang, Baojun Liu, Chaoyi Lu, Zhou Li, Haixin Duan, Jiachen Li and Zaifeng Zhang, affiliated with Tsinghua University, Beijing National Information Science and Technology Research Center, 360Netlab and QI -ANXIN Technology Research Institute in China and the University of California at Irvine, USA, explore these obscure CAs in an article titled “Rusted Anchors: A National Client-Side View of Hidden Root CAs in the Web PKI Ecosystem ”.
The paper[PDF] was presented this week in the Proceedings of the ACM SIGSAC 2021 conference on computer and communications security.
With the help of the 360 Secure Browser, a browser widely used in China, researchers analyzed certificate chains during volunteer web visits over the course of five months, from February to June 2020.
“In total, more than 1.17 million hidden root certificates are captured and they have a profound impact from the perspective of web customers and traffic,” report the researchers. “In addition, we identify approximately 5,000 organizations that hold hidden root certificates, including bogus root certification authorities posing as large trusted authorities.”
Hidden root certificates refer to root certification authorities that are not trusted by public root programs. The situation is loosely analogous to looking in your wallet and finding what appears to be official currency until you realize that the note represents Bozo the Clown. You don’t know how that questionable bill got into your wallet – you might have been a victim of fraud – and you might be able to spend it – if no one is looking too closely – but something’s probably going on. fishy.
“The issuance of certificates from hidden root CAs is typically unaudited, allowing them to arbitrarily issue forged certificates and intercept secure connections, breaking authentication and posing threats to security, ”the document explains.
Hidden root certificates, the authors explain, come from a variety of sources – some benign, some less so. They can be installed by VPN, parental controls or security software, malware, corporate networks, or government agencies. Basically they are all problematic as they usually do not comply with audited policies or do not allow monitoring through a system like Certificate transparency. And they undermine the chain of trust because they don’t offer the same verification modes as public root CAs.
Baojun Liu, postdoctoral researcher at Tsinghua University, gave an example of the risks posed by bogus root certification authorities. “We discovered that a Windows Trojan was implanting root certificates disguised as SecureTrust CA 2 into infected hosts, which was confirmed by the Cisco threat intelligence [PDF], he said in an email to The register. “Cases of malware using bogus root certificates have also been reported in previous work.”
These hidden root certificates were involved in approximately 0.54% of all measured visits. Together, they represented 5,005 groups of certificates, most of which (4,362 groups or 87.2%) consisted of only one certificate. The remaining 12.8 percent of the groups accounted for 99.6 percent of all certificates.
The largest of these groups consisted of 254,412 root certificates from “Certum Trusted NetWork CA 2” – an entity masquerading as Certum CA, which uses a lowercase “w” in its certificates with the word “Network”. Another similar certification authority identified was “Verislgn trust Network” – not to be confused with legitimate “Verisign”.
Even in scenarios where hidden root certificates were used legitimately by government agencies and businesses for appropriate purposes, researchers found implementation flaws: 75% of these certificate chains had verification errors due to errors. weak signature algorithms. It would be less of a problem if certificates were confronted internally, but researchers say a majority of self-built root CAs sign certificates for public websites.
These hidden root certificates exacerbate security issues despite incorrect implementations. For example, researchers found that 41.4% of hidden root CAs owned by government agencies and businesses are used for direct in-chain certificate signing. Root certificates are supposed to sign intermediate certificates which in turn get used to signing leaf certificates – this way the intermediate certificate can be revoked if there is a security issue, leaving the root intact.
Another problem: more than 79% of hidden root certificates are valid for more than 60 years (the current opinion, according to the boffins, is that a lifespan of between six months and 16 years is more appropriate, depending on the strength of the problematic public keys).
The document makes several recommendations on how to improve the situation. Operating systems should better regulate root store modification, the authors argue. Browsers should do more to communicate certificate issues to Internet users, and the ways in which local applications intercept traffic should be standardized, to make malicious intervention more obvious.
“It could be very beneficial if the software [makers] would make their uses of certificates more transparent for regulatory oversight, ”Liu said. “With regard to large-scale plans, establishing hierarchical authorization structures (for example, managing system root certificates separately from user root certificates) or other forms to limit the effective reach of third parties. Part CAs are also a qualifying option. “
When asked if better automated detection measures could be built into browsers to detect non-compliant certificates, Liu said there are currently no lightweight tools suitable for browsers and more serious tools like Zlint are not suitable.
“However, these validation modules could be extended by sorting out security-sensitive non-conformities with rule-based verification, which is not too complex a task for automated deployment,” he said. . “And we are also looking forward to doing it.” ®