In his latest security posting, Knight argued that organisations need to consider moving more of the SSL certification process into hardware-based appliances known as HSMs, short for hardware security modules.
The Thales' director said that, whilst some people are saying that the whole structure of certificate authorities needs to be changed/abolished, he does not view such as a radical approach as necessary, although he does think that browser vendors needs to do more when it comes to revoking the rogue certificates.
Fundamentally, he adds, the certification authority community needs to be more tightly regulated and a system-wide approach to security is needed.
“While vendors, consultants and regulators have advocated the benefits of PKI and define security practices and standards to ensure the integrity of the infrastructure upon which all e-commerce depends, attacks have typically been theoretical”, he says.
“Now the undeniable evidence that the threat is real. And while the recent attacks have (eventually) become public knowledge I cannot help but wonder how many other breaches remain undiscovered or unannounced”, he added.
Knight went on to say that it is tempting to assume that certificate revocation solutions such as the Online Certificate Status Protocol (OCSP) are effective at controlling the impact of a CA breach.
However, he noted, as currently implemented, OCSP isn't a reliable solution to the threat of falsified certificates as not all applications support OCSP – for example mobile devices and older Windows XP based systems – and where OCSP is supported, the default configuration is often to trust a certificate even if the revocation service cannot be contacted.
As a result, he said, any attacker who can hijack IP routing or DNS can simply block access to the corresponding OCSP responder.
The second problem, he added, is that browsers only check for certificate revocation using the OCSP responder that is listed in the certificate they are validating. If that certificate is falsified, he argued, this revocation information cannot be trusted anyway unless the entire certification authority is revoked.
Against this backdrop, Knight said that the industry needs to find ways to increase the integrity of the certificate issuance process itself.
“The response to the recent attacks is likely to be a series of more rigorous standards that mandate system-wide protection for certificate issuance, much as PCI-DSS has become a standard defining system-wide protection for credit card information. Standards may be defined by browser vendors who can choose which root certificates to include in their products”, he said.
So where does HSM figure in all of this?
Today, he noted, it is quite routine for these valuable keys to be protected in an HSM appliance and, by moving these keys away from standard servers and into an HSM, they are protected from risks such as viruses and hackers.
However, he said, other critical parts of the certificate issuance process still typically run on general purpose servers where, as in the case of DigiNotar, they can be vulnerable to attack.
“Moving sensitive business processes into HSMs will take time, as existing certificate issuing applications will need modification. Other interim approaches exist; for example HSMs can provide a simple key use counter that provides an authoritative count of certificates that have been issued. Such counting features should be enabled and in the event of a mismatch, certificate issuance should cease immediately”, he said.
“Until these issues are addressed and confidence is restored, there is a question mark hanging over the widespread trust of cloud based services. The assumption that a padlock symbol in a browser proves your connection to a service can be trusted is starting to be questioned. However while we should all be cautious, SSL and https will undoubtedly remain far safer than plain old http”, he added.