DEFCON’S TWO-BEER version of Dan Kaminski’s PKI flaws presentation was a repeat presentation of his Black Hat talk. Kaminsky, a flamboyant security research with IOActive, described findings from a team of researchers looking at digital certificates. Digital certificates are the identity protection mechanism inside the TLS (a/k/a SSL) protocol we all use to protect credit card data and other sensitive traffic on the Internet.
In a performance, er, presentation entitled “Black Ops PKI, or when I hear the word certificate I reach for my gun”, Kaminsky described how independent security researchers Meredith Patterson, Len Sassaman, along with Kaminsky have been investigating security issues resulting from flawed engineering in modern digital certificate implementations.
They used a formal analysis technique called Language Theoretic Security to identify possible flaws in the certificate parsing process. This approach was designed to enable the construction of protocol message processors that offer increased robustness and are better hardened against malicious protocol attacks like these certificate problems. With this analysis and by collecting other pre-existing research, Kaminsky delivered an entertaining performance that exposed some serious flaws in the public key infrastructure (PKI) used on the Internet today.
In addition to the new work Kaminsky also discussed flaws in cryptographic hash algorithms currently deployed. He pointed out that MD2 (deployed by Verisign in 1998 and still in use) and MD5 (known to be at risk since Dobbertin’s paper in 1998 and recently broken in certificates (presented at CCC in Berlin last December.))
No cheezburger, only trends. Happy Dan has run out of happy.
Kaminsky makes the argument that we need to be more aware of these glaring flaws and we need to work on alternate mechanisms. Kaminsky is a proponent of a variety of security modifications to DNS – a protocol he is famed for analyzing in the past – that could address these issues.
Several specific issues were described:
1) MD2 in Root Signatures. Verisign’s Class 3 root (used among other things to protect the Amazon web site via digital certificate signatures) is known to be flawed. It’s so flawed that researchers are predicting it could be broken in the near future. This means a browser could be tricked into accepting an illegitimate certificate and therefore allow an attacker to compromise sensitive user data (like credit card numbers or bank data.)
2) Name Parsing Flaws. Kaminsky disclosed several flaws in how Firefox, IE, and other browsers inconsistently or incorrectly process parts of the name fields of a digital certificate. Proof of concept attacks exist against some of these flaws. These flaws can be used to apply known techniques to inject malicious input and cause denial of service attacks via parser crashes as well as injection attacks against for example a back-end SQL server.
Several other researcher’s work was referenced, including Zusman and Sotirov’s work on misrepresenting sites as possessing the theoretically more secure Enhanced Validation certificate. Kaminsky points out that various vendors have been made aware of these problems, so all is not gloom and doom. This was not the only PKI-oriented presentation, Kaminsky and his collaborators are far from alone in trying to call attention to issues in this area.S|A
Latest posts by Rodney (see all)
- Dan Kaminsky Feels a disturbance in The Internet - Aug 2, 2009
- Defcon 17: Still going strong - Aug 1, 2009
- It’s time for Black Hat once again - Jul 26, 2009
- Intel Research shows off next-generation crypto technology - Jun 24, 2009