Scott Merill wrote a great article on the latest research revealed at the 25th Chaos Communication Congress (CCC). Basically this team of researchers utilized a collision attack against the MD5 algorithm to create a rogue certificate authority. This is huge news!

As we all know that when we make a secured connection to a website via HTTPS, a public key certificate is sent from the server to our computer. This certificate contains a digital signature which our computer then uses to verify the identify of the site to which we are connecting.
Certificates are “signed” by a Certificate Authority (CA), which acts as the middle-man: we trust the CA, so we can trust the certificates signed by the CA. Anyone can create a certificate authority, though, so most browsers have a list of known reputable and trustworthy CAs. When our computer gets a certificate from a server, our browser checks the CA that issued it to determine whether the CA is trustworthy. If the CA is trustworthy, our browser assumes that the certificate being presented is trustworthy.

The public key cryptography utilized by Certificate Authorities is still evolving. Many CAs used the MD5 algorithm to compute the digital signatures for certificates. MD5 has been known for some time to be weak against collision attacks, but running a CA is a pretty complex operation, so the entities behind them are slow to change.

This team of researchers attacked the MD5 algorithm using 200 PlayStation 3 systems and were able to construct a bogus Certificate Authority that looks like a known trusted CA. What this means is that these guys could generate a certificate for www.amazon.com which, when presented to our browser, would be accepted as the real thing. The digital signature on the fake certificate is listed as coming from a supposedly reputable CA, so our browser happily accepts it, reassuringly showing us the little padlock icon.

Okay, so how does this affect you? If the researchers’ results can be duplicated by a malicious agent, they could generate any number of certificates that would be trusted by browsers all around the world. This alone might be sufficient, though this attack could be coupled with a sophisticated DNS attack to make it really really really hard for anyone to realize that they’d been suckered. Your browser would report that you’re at yourbank.com; your browser would report that you were using HTTPS to protect the connection; and your browser would report that the SSL certificate being used for that HTTPS connection really did belong to yourbank.com. Granted, the level of effort required to perform such an attack is currently enormous, and the potential gains are probably limited, so it’s likely not the kind of thing that would be pulled on average Internet users. But it’s still something about which we all should be concerned.

The attack outline states “[w]ith optimizations the attack might be done for $2000 on Amazon EC2 in 1 day.” Thankfully, the researchers are not releasing their specific implementation. That’s somewhat reassuring, but expect conniving folks somewhere to try to recreate the researchers’ results for less academic purposes.

The PDF concludes with this: “No need to panic, the Internet is not completely broken” and assures us that the “affected CAs are switching to SHA-1″. SHA-1 is believed to be weak against certain attacks, though, so it might be better for the vulnerable CAs to jump right to SHA-2 or SHA-3.

Bottom line: as always, is that we should always be aware of our browsing habits. If something looks or feels fishy, we should not provide any account names or passwords. We should use different passwords for different websites, so that if we do get suckered by a phishing attack the phishers don’t get the keys to life. But hey - we all know its easier for bad guys to just trojan your mothers PC then to bother faking ssl certs. Lets hope its something the cybercrimers don't decide to take up by the masses!

No votes yet