Business conducted over the Internet has benefited hugely from web-based encryption. Retail sales, banking transactions, and secure enterprise applications (such as virtual private networks or VPNs) have all flourished because of the end-to-end protection offered by encrypted Internet communications. An encrypted communication, however, is only as secure as the process used to authenticate the parties doing the communicating. The major Internet browsers all currently use the "Certificate Authority Trust Model" (CA Trust Model) to verify the identity of websites on behalf of end-users. Unfortunately, Internet researchers have recently concluded that the CA Trust Model is deeply flawed, leaving it vulnerable to attack in various ways.1 These attacks include "man-in-the-middle" wiretap exploits that enable a party to read encrypted communications, as well as "phishing" attacks using imposter servers.2 Although select companies have taken steps to jettison the CA Trust Model for business-to-business communications-and the U.S. government aims to essentially scuttle the Model at some point in the indefinite future-the vast majority of all encrypted Internet communications still rely upon it as a matter of course.3 Because the CA Trust Model requires businesses to trust numerous, far-flung, third-party actors to carry out the authentication process, General Counsel should be involved in determining which third-party actors should be trusted and how to best alert end-users to weaknesses in the trust Model.
Most encrypted communications taking place over the Internet use special transport protocols that operate largely out-of-sight known as "SSL" or "TLS" (Secure Sockets Layer and Transport Layer Security) (collectively, "SSL"). When an end-user tries to establish a secure connection using SSL, his or her browser will attempt to authenticate the identity of the destination website. For example, when an end-user wishes to access his or her account at "Amazon.com" using SSL, the end-user's browser will try and authenticate that the server representing itself as being operated by Amazon.com is telling the truth. The major Internet browsers perform this authentication process by using "digital certificates."
Although the actual process is somewhat technical, the general concept is not. A third party known as a "certificate authority," or "CA," issues digital certificates to websites as well as to the sponsors of the major Internet browsers. When an end-user seeks to establish a secure connection with a website, the end-user's browser attempts to match one of its CA-issued certificates with one of the website's CA-issued certificates. If the match is successful, then the browser will establish a secure connection. The point is that everyone is supposed to be able to trust the CA. Or so the story goes...
There are at least three major problems with the CA Trust Model. First, there are a staggering number of CAs. The major browsers each trust more than 100 CAs by default.4 Globally, there are in excess of 600 CAs.5 There are simply too many to trust. That is as true for sophisticated, organization-based end-users as it is for individual end-users.
Who are these countless CAs? The CAs consist of commercial and quasi-governmental entities from all over the globe. A significant number of CAs are either controlled by, or closely associated with, governments that one would not trust for routine matters, let alone for verifying who is who on the web for the purpose of carrying out confidential communications. One CA in the Middle East, which is also a telecom carrier, reportedly used digital certificates to insert, on a wide scale, wiretap software on mobile devices under the guise of a required service upgrade.6 It is unclear why anyone would voluntarily trust this CA for anything involving communications or digital certificates. Yet trust we must, because this unsavory CA is officially trusted by another CA that is, in turn, trusted by the major browsers-making browser trust of the unsavory CA automatic.7 Under the CA Trust Model, one must not only trust the hundreds of CAs recognized by the major browsers, but also the CAs that are simply trusted by other CAs.
The second problem with the CA Trust Model is that legitimate CAs have, at numerous times, proved themselves to be incompetent by either issuing digital certificates that were improperly configured, or by issuing digital certificates without even checking to see if the entities requesting the digital certificates were who they said they were.
The third problem with the CA Trust Model is that it allows any of the hundreds of CAs to issue bogus, yet technically valid, digital certificates for any website on the web. This means that any CA can issue an SSL certificate for "XYZ Bank Corp" to HackerAttacker.com. If an end-user's browser already recognizes the issuing CA as trusted (either by default, or by being trusted by another CA) then the end-user's browser will treat the bogus certificate as if it were valid and rely upon it to perform authentication. This is true even though XYZ Bank Corp never purchased its SSL certificates from the issuing CA and has no affiliation or connection to the issuing CA. This also means that the attacker can attempt to obtain such a bogus certificate from the least scrupulous or secure CA, regardless of which CA is the issuer of the legitimate XYZ Bank Corp SSL certificates. A bad actor can then use the bogus certificate to: (1) conduct a man-in-the-middle, wiretap attack in which the end-user's encrypted communications can be decrypted and read, or (2) conduct a phishing attack using an imposter website. As for the wiretap attack, at least one company has already promoted equipment that is apparently designed to effectuate just such an attack.8
The systemic flaws in the CA Trust Model impact a business organization both in the organization's capacity as an end-user, as well as in its capacity as an owner or operator of a website that offers secure connections to customers, clients, and the browsing public. In the case of the organization as end-user, the risk consists of possible man-in-the-middle and phishing attacks that enable data breach, loss of trade secrets, and wiretapping. In the case of the organization as website operator, the risk is that either the organization's selection of a CA (from which to purchase digital certificates) might put customers or clients at risk, or that the organization's failure to apprise customers and clients of the use of digital certificates in the first instance might create unnecessary exposure for the organization in the event of an exploit.
Taking the case of businesses as end-users first, organizations can take a number of steps to ensure that exploiting the CA Trust Model is made more difficult. As an initial matter, it is important for General Counsel to determine which outside organizations can be trusted with the security of the organization. Although the IT department should certainly be involved as well, it is a task that is most appropriate for General Counsel because it requires legal and investigative resources to: assess the criminal and regulatory background of the CAs, analyze affiliations with state actors and quasi-governmental entities, and determine the governing law that controls the CAs' conduct. The goal is for the organization to configure its browser platform so as to trust as few CAs as possible, and to "untrust" those CAs deemed to be unnecessary or untrustworthy. Additionally, the IT department may wish to explore the use of various plug-ins and software add-ons to assist in the detection of CA irregularities and CA-based attacks. Finally, businesses can also engage a CA in dialogue regarding the CA's practices, both with respect to adherence to best practices, and also to address the issue of whether, or to what extent, the CA trusts other CAs.
Turning to the business organization's role as website operator, the organization should maintain a written policy regarding how it will determine which digital certificates to purchase and which criteria it will employ for selecting a CA (or CAs). The organization should also review its own website's terms and conditions of use to ensure that they account for the fact that third-party digital certificates are used in authentication.
In summary, until the CA Trust Model is displaced by something simpler and more secure, it is important for businesses to take account of the Model's shortcomings, buttress the Model's authentication processes, and use appropriate legal documentation.
1. See Stephen Schultze, "Web Security Trust Models". Mr. Schultze, who is the Associate Director of the Center for Information Technology Policy (CITP) at Princeton University, graciously reviewed and offered comments on the technical aspects of the CA Trust Model discussed in the body of the current text.
2. See Steve Gibson, Security Now, Episode 243 "Subverted SSL," available at thisweekintech.com/sn243.
3. Certain pharmaceutical companies have implemented their own authentication infrastructure, "Safe BioPharma" in lieu of the CA Trust Model. The U.S. government has announced its "National Strategy for Trusted Identities in Cyberspace" that would replace the CA Trust Model with alternative institutions, hardware, software, and authentication processes. See National Strategy for Trusted Identities in Cyberspace (July 10, 2010).
4. Christopher Soghoian and Sid Stamm, "Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL" (2010).
5. "The EFF SSL Observatory."
6. Danny O'Brien, "The Internet's Secret Back Door," Slate (August 27, 2010).
8. See Soghoian and Stamm.