Ian Grigg wrote:
Costs are still way too high. This won't change until browsers are shipped that treat self-signed certs as being valid. Unfortunately, browser manufacturers believe in cert-ware for a variety of non-security reasons. [...]
Jason Holt <jason@lunkwill.org> wrote:
Self signed certs defeat the purpose of the certificate chain mechanism, which is not just there to make Veri$ign rich.
I understand that we are all working to make Veri$ign rich by pushing their cert-ware. Let me offer you a way in which we could make them richer. Believe me, they need our help.
Mallory can self-sign a cert for bob.com, and hack Alice's DNS to point bob.com at her own site. But it's (theoretically, anyway) much more difficult for her to convince Verisign that she owns bob.com. If we trust Verisign to do that, then we know we're really talking to Bob when we visit bob.com.
What you describe above is an arcane theoretical attack. An MITM is an extraordinarily difficult thing to do. In practice, totally impractical in risk analysis terms. Its impracticality is because there are always easier pickings out there than conducting this attack. Consider the attack. You have to be able to so some spoofing, or some interception, or some hacking of critical infrastructures to do this. After all, you have to be able to insert yourself where Mallory needs to be in some sense, which means perverting the normal flow of packets. This is generally highly risky. It is also expensive and hard to control. Say you are attacking Amazon. If you pervert the DNS, as you suggest, you will have to be able to handle a lot of DNS requests. Also, there is a high chance that you will be noticed. Net techies and hackers and ISP people are looking at this sort of thing all the time. Now consider what you get: you can sit in the middle and manage some SSL traffic. So you'll need some capacity to sift through all the different sessions to snaffle the good data. At the end of the day, you'll be burning up a lot of CPU cycles to manage that traffic. (So you'll need access to some good sized hardware if you are attacking Amazon.) Finally, you manage to start farming those valuable CCs. Depending on how much hardware you've got that is managing the thousands of MITM sessions, you could pick up quite a bunch. But, if you do manage to get to the point of actually harvesting some CCs, you will by now have laid out such a road map that someone should be able to find you. So, you had better have a fast exit. Here's the thing: even if you get some, it wasn't worth it. Think like a crook. Any thing that you can do with SSL, you can do easier just by hacking into some poor NT box and accessing the database to read off the CCs. Then you get to walk away without leaving any tracks. Then you get the last month's takings, because the company already did the harversting for you. And, in practice this is how it goes. No thief ever bothers to do an MITM, even over *un*encrypted traffic. They simply hack into the machines and steal it all. That's why there has never been a case of CCs sniffed over the net and being used to commit a fraud (at least, no recorded ones). Change the analysis to small merchants, and it is even worse (of course Amazon will have a cert, so even its rich bounty is unavailable, you have to do this on small merchants). So, how do we make Veri$ign richer? Easy, switch browsers to accepting self-signed certs. To see this, we have to have tried or heard about small enterprises who have tried to set up their SSL certs. It's very expensive. Most don't do it. If we had the money we could ask Netcraft.com for the figures, but, last I checked, only 1% of servers have proper setups with proper certs. Why? because it is so expensive to set up. Most sites try and fail. They give up when they realise it isn't worth their time. So Veri$ign fails to sell the cert. And the site remains unencrypted, uncerted, unprotected only by the fact that nobody is watching. (Security by obscurity is indeed the greatest friend that we have, by actual saved amounts of money.) Now, if there was a halfway house, the site could at least be set up so that it is encrypted. Right there, is a big improvement in security. If we could do that, if we could encourage the browsers to accept the self-signed but encrypted web sites, that would let all the poor people in the world (the other 99% that can't afford all the hoo-haa of dealing with VeriSign and techies and ISPs and ...) have a go at setting up secure web sites. Secure by encryption that is. My guess is that it would get the number up to 10%. Why would that make Veri$ign richer? Because taking that 10% of encrypted sites would be a much more powerful target market. Veri$ign knows they care. Those sites just haven't got around to doing the work to get the cert set up. But they are encrypted. They are half way there. They want to be there! A decent, marketing approach to this user base would result in a pretty good conversion rate. We are talking 20-30% here, because we know they care. So, that expands the market for cert-ware by 2-3. Such doesn't work when you are dealing with a untargetted site base of 10 times that. All they have to do is understand that their MITM model, as learnt from the textbooks, does their market more harm than good. Sack the cryptographers, and employ some script kiddies to tell them what it is about. Should be worth a doubling of their share price. -- iang
On Thu, 30 May 2002, Ian Grigg wrote: [...]
And, in practice this is how it goes. No thief ever bothers to do an MITM, even over *un*encrypted traffic. They simply hack into the machines and steal it all. That's why there has never been a case of CCs sniffed over the net and being used to commit a fraud (at least, no recorded ones).
Change the analysis to small merchants, and it is even worse (of course Amazon will have a cert, so even its rich bounty is unavailable, you have to do this on small merchants).
So, how do we make Veri$ign richer? Easy, switch browsers to accepting self-signed certs. To see this, we have to have tried or heard about small enterprises who have tried to set up their SSL certs. [...]
If MITM attacks are so hard that you don't consider them a threat, why bother with SSL at all? SSL provides two things: * A certificate chain that demonstrates who you're talking to * Secrecy and message integrity between you and the person you're talking to You remove the first benefit by using self-signed certs. The second one is still nice, but if you're worried about me *watching* your traffic, shouldn't you also be worried about me intercepting your DNS lookup and replacing the response with my own IP? If we all use self-signed certs, you'll never be the wiser. Yes, the attack you describe where I get the root nameservers to redirect *all* amazon.com traffic to me is hard. And it can be pretty tough to watch and modify an individual user's traffic. But it's not nearly as tough as breaking the crypto behind SSL. If we use it right, that security extends to the domain I type into my browser. If we don't, we reduce it to the hardness of manipulating the wire. I certainly agree that merchants need to use better security on the server end. But that's orthogonal to the SSL issue. -J
participants (2)
-
Ian Grigg -
Jason Holt