Trusted Root Certificate Authority (CA)
The Trusted root certificate authority (CA) refers to the issuer of a certificate, where the certificate is the basis of trust.
- The trust between people and trust between computers using certificates share similarities in that both rely on a third party to establish and verify the trust. In the case of people, a government agency or other institution may issue a form of identification ID such as a driver's license or passport, and others can use that ID to verify the person's identity. Similarly, when computers communicate using HTTPS, a certificate authority (CA) issues a digital certificate that verifies the identity of the website, and the user's computer can use that certificate to verify the website's identity before sending sensitive information. In both cases, the trust is based on the assurance that a reliable third party has verified the identity of the party in question.
Contents
- 1 Certificate Authority (CA)
- 2 Commercial CA
- 3 Digital certificates
- 4 Trusted Root CA Folder
- 5 Case study: Disaster scenario for an IT worker
- 6 Examples of CA's being compromised before 2021
- 7 Summary of a Man-in-the-middle (MITM) attack
- 8 Kinds of damage
- 9 Distribution/installation of root CA certificates
- 10 References
Certificate Authority (CA)
A certificate authority usually refers to a computer running a special server software program that writes certificates.[1][2] There are variations on the phrasing but CA may refer to a root CA[3] or to an intermediate CA.
To display the secure padlock and use HTTPS, a website must obtain a TLS/SSL certificate from a certificate authority (CA). The CA must follow strict industry standards to ensure all certificates are properly validated.[1][4]
Commercial CA
A third-party organization that hosts a CA on their internal network and issues/sells/leases certificates publicly.
Digital certificates
A digital certificate is an electronic "ID card" that is issued by a certification authority (CA) and contains information that uniquely identifies the holder, such as their name and address, as well as the digital signature of the CA. A digital certificate typically contains two types of keys: a public key and a private key. The public key is used to encrypt data and verify digital signatures, while the private key is used to decrypt data and create digital signatures. Together, these keys form a key pair, which is used to secure communications and authenticate the identity of the certificate holder. For example, when viewing this page, the website presented to the users device a certificate signed by the "Go Daddy Secure Certificate Authority - G2" which one can verify by clicking the lock icon and locating the certificate path information. One can also find a certificate from this CA pre-installed in the trusted root folder on one's device.
Trusted Root CA Folder
The basis of trust between computer systems requires a 3rd party to have some sort of representation on each computer. The trusted root certificate is usually installed in a special folder by most of the operating systems and browsers.
Early CA infrastructure
There were several early problems that led to the need for having multiple CAs in the client-side trusted root folder.
- One of the main issues was that early CA infrastructure was centralized, and relied on a small number of large CAs to issue and manage digital certificates. This created a single point of failure, as the compromise or failure of one of these large CAs could lead to widespread trust issues and security breaches.
- Another issue was that early CAs were not always transparent or accountable in their operations, which led to a lack of trust in the digital certificate system. Some CAs were known to issue certificates without proper validation, which created opportunities for attackers to obtain fraudulent certificates.
- Additionally, the early CA infrastructure was not designed to scale to the level of the internet, which led to problems with trust and security as more and more websites and services came online. As a result, it became clear that a more decentralized and distributed CA infrastructure was needed in order to provide the level of trust and security required for the internet.
Overall, early problems with centralized, non-transparent, and unscalable CA infrastructure led to the need for having multiple CAs in the trusted root folder to provide more flexibility, redundancy, and security in digital certificate infrastructure.
Benefits of Multiple Trusted Roots
There are several risks associated with having only one certificate in the trusted root folder of a PC:
- Single point of failure: Having only one CA in the trusted root folder can create a single point of failure. If that CA is compromised or becomes unavailable, the PC may be unable to establish secure connections with any servers or services that rely on that CA.
- Lack of flexibility: Having only one CA in the trusted root folder can limit a PC's ability to establish secure connections with a variety of different servers and services. This can be particularly problematic if the CA is not trusted by all organizations or industries.
- Increased vulnerability to attack: Having only one CA in the trusted root folder can increase the potential attack surface of the PC's trust infrastructure. An attacker may be able to compromise the CA and use it to issue fraudulent certificates, which the PC would then trust. "If the root CA were to be compromised, an attacker could gain control of the entire PKI and compromise trust in the entire system, including any sub-systems reliant on the PKI. It is considerably more difficult to replace a root CA compared to an Intermediate CA."[5]
- Limited support for legacy systems: Having only one CA in the trusted root folder may limit the ability to support legacy systems or specific functionalities.
- Dependence on single vendor: Having only one CA in the trusted root folder means that the PC is dependent on a single vendor for the maintenance and updates of the trusted CA. If that vendor goes out of business or loses its accreditation it can lead to trust issues.
Overall, having only one CA in the trusted root folder of a PC can create a single point of failure, limit flexibility, increase the potential attack surface, and limit the support for legacy systems. It also puts the trust of the PC on a single vendor which may not be reliable in the long term.
Case study: Disaster scenario for an IT worker
Here's a fictional story that highlights the risks of having only one CA in the trusted root folder of a PC:
- Once upon a time, there was a small company Toys4Evr that relied heavily on the internet for their business operations. They had set up their PC's with only one CA in the trusted root folder, believing that it would be enough to ensure the security of their online transactions.
- One day, a malicious hacker Alex managed to compromise Toys4Evr's single certificate authority that the company was relying on. Using the compromised CA, Alex was able to issue fraudulent certificates for the Toys4Evr's website and email server to himself and masquerade as each of those servers, collect traffic and redirect it (see MITM section below).
- Unknowingly, Bob and Alice, the employees of Toys4Evr, continued to use their computers to access the website and email server, believing that they were communicating with the legitimate servers. In reality, they were unknowingly sending sensitive information and credentials to Alex.
- Alex then used the stolen information to gain access to Toys4Evr's financial accounts and steal a large sum of money. Toys4Evr was left in financial ruin and had to close down their operations. Sad.
The moral of the story is that having only one CA in the trusted root folder of a PC can create a single point of failure that can be exploited by malicious actors, leading to severe consequences. It is important to have multiple CAs in the trusted root folder in order to provide redundancy and failover, and to increase the overall security of the trust infrastructure.
Examples of CA's being compromised before 2021
- In 2011, the DigiNotar certificate authority (CA) was compromised, resulting in the issuance of rogue digital certificates for several high-profile domains. This incident highlighted the importance of diversity in the trust infrastructure, as relying on a single CA left the organization vulnerable to attack. [6][7]
- In 2011, the Comodo certificate authority (CA) was targeted by a phishing attack, which resulted in the issuance of rogue digital certificates for several high-profile domains, such as Google, Skype, Yahoo and others. The attacker was able to obtain the private key of the certificate authority, which allowed them to issue fake certificates. This incident highlighted the importance of proper security controls and diversifying the trust infrastructure. Relying on a single CA left the organization vulnerable to attack, as the attacker was able to use the compromised CA to issue fake certificates that were trusted by web browsers and other clients. This incident prompted the industry to review their practices and move towards a more robust trust infrastructure, with multiple CAs in place to reduce the risk of a similar attack occurring.[8]
Summary of a Man-in-the-middle (MITM) attack
Here are general steps that an attacker might take to execute a man-in-the-middle (MITM) attack using fraudulent certificates:
- Obtain or create a fraudulent digital certificate: The attacker may create a fraudulent digital certificate by mimicking the appearance and details of a legitimate certificate, or by compromising a legitimate certificate authority (CA) to issue a fraudulent certificate.
- Set up a rogue access point or intercept network traffic: The attacker will set up a rogue access point, or intercept network traffic, in order to position themselves between the victim and the legitimate server.
- Intercept and redirect traffic: The attacker will intercept and redirect the victim's traffic to their own server, rather than the legitimate server. This allows the attacker to intercept and view all of the victim's network traffic.
- Use the fraudulent certificate to establish a secure connection: The attacker will use the fraudulent certificate to establish a secure connection with the victim's device, making it appear as if the attacker's server is the legitimate server.
- Perform the attack: Once the secure connection has been established, the attacker can perform a variety of malicious activities, such as stealing login credentials, financial information, or other sensitive data, or using the victim's device to launch further attacks.
- Leave no trace: The attacker will clean up any traces of the attack and disappear without leaving any trace of the attack, making it difficult for the company or victim to detect or trace the attack.
It's important to note that these are general steps and a real attack may have variations or additional steps. Also, to prevent these kind of attacks, it's important to have a robust security infrastructure in place, including the use of multiple CAs and regular monitoring of the certificate infrastructure.
Kinds of damage
10 kinds of damage to company from fraudulent digital certificates
- Financial loss: Fraudulent digital certificates can be used to steal money from a company through phishing attacks, man-in-the-middle attacks, or other malicious activities.
- Loss of sensitive information: Fraudulent digital certificates can be used to steal sensitive information, such as login credentials, financial information, or other sensitive data.
- Damage to reputation: A company's reputation can be severely damaged if it is revealed that they have been the victim of a digital certificate fraud.
- Legal Liabilities: The company could face legal liabilities if data breaches or other security incidents occur as a result of fraudulent digital certificates.
- Loss of customer trust: Companies may lose the trust of their customers if they are unable to protect their personal and financial information from fraud.
- Loss of business: Companies may lose business as a result of fraudulent digital certificates, as customers may choose to do business with companies that have a better reputation for security.
- Compliance violations: Companies may be in violation of regulatory compliance requirements if they fail to properly secure their digital certificates.
- Difficulty in identifying and remediating the incident: Company may have difficulty identifying the incident and remediating the impact of a fraudulent digital certificate.
- Increased IT cost: The company may have increased IT cost as a result of fraudulent digital certificates, such as the cost of investigating and remediating security incidents.
- Loss of intellectual property: Fraudulent digital certificates can be used to steal valuable intellectual property, such as trade secrets or proprietary technology.
Distribution/installation of root CA certificates
Root certificates are typically distributed through a variety of methods, including:
- Operating System or Browser Distribution: Many operating systems and web browsers come pre-installed with a set of root certificates from trusted certificate authorities. These root certificates are automatically updated as part of regular software updates.
- Manually Installed: Some organizations may choose to manually install root certificates on their systems and devices. This is often done for custom or internal certificate authorities that are not included in the default set of trusted root certificates.
- Active Directory: Some organizations may use Active Directory to distribute root certificates to their systems and devices. This allows for central management of the root certificates and can make it easier to ensure that all systems and devices have the correct set of root certificates installed.
- Public Websites: Some certificate authorities make their root certificates available for download on their public websites. These root certificates can be manually downloaded and installed on systems and devices.
- Network Devices: In some cases, root certificates may be distributed through network devices such as routers, firewalls, or VPN gateways. This can be done through firmware updates or by manually configuring the device to trust the appropriate root certificates.
Overall, the distribution method will depend on the organization's security policies and infrastructure. The goal is to ensure that all systems and devices have access to the correct set of root certificates in order to establish trust for secure communication.
References
- ↑ 1.0 1.1 "what is a certificate authority?", https://www.digicert.com/blog/what-is-a-certificate-authority
- ↑ 'Certificate Authority', Glossary section, p716, Mark Ciampa, 6th ed, "Security+ Guide to Network Security Fundamentals", Cengage, printed 2020
- ↑ p154, Mark Ciampa, 6th ed, "Security+ Guide to Network Security Fundamentals", Cengage, printed 2020
- ↑ "Requirements for Validation", https://www.digicert.com/faq/ssl-validation-process.htm
- ↑ "Keep the root CA offline and be unavailable for use", Nov 6, 2020 , https://www.ncsc.gov.uk/collection/in-house-public-key-infrastructure/pki-principles/keep-the-root-ca-offline-and-be-unavailable-for-use
- ↑ "DigiNotar: Dissecting the First Dutch Digital Disaster", 2013 , https://digitalcommons.usf.edu/jss/vol6/iss2/4/
- ↑ "Digital Certificate Authority Hacked, Dozens Of Phony Digital Certificates Issued ", 2011, https://www.darkreading.com/attacks-breaches/digital-certificate-authority-hacked-dozens-of-phony-digital-certificates-issued
- ↑ "Fraudulent certificates issued by Comodo, is it time to rethink who we trust? ", 2011, https://nakedsecurity.sophos.com/2011/03/24/fraudulent-certificates-issued-by-comodo-is-it-time-to-rethink-who-we-trust/