Michael Hayes CTO B-4-U Inc. : Black Hat 2009 Session - Infrastructure Something or Other
July 2009 by Marc Jacob
We now know how to build parsers, we need to use today’s technology not Legacy hashing systems from the 90’s. Dan stated: “There are a lot of ambiguities in the X.509 protocol they that have baggage from the 90’s both business processes and technology” these need to be fixed. Jeff Moss stated: “we are picking away at the foundation, we see the attack coming, lets plan to intercept this in advance”. Registration Authorities need to be involved in a new solution. Dan’s musings include: We need to drive to “a robust infrastructure like DNS coupled with encryption, delegation of Authority working with the Registration Authorities administrating local verification of domain names may be viable, DNSSEC. It should be noted that this proposal is different from the U.S. Federal government on DNSSEC that is planned to be partially complete this year.
Dan Kaminsky et al identified that there is a crises in Authentication. Unfortunately a large number of vulnerabilities are due to human factors, 60% of compromises are based on flawed implementation of technology, no passwords, or default passwords etc.
The area that Dan’s posse focused on was the Certificate Authorizing process used in PKI specifically x.509 a 90’s type technology. During his presentation he identified that the current PKI issuing process cannot be easily improved due to the inherent weaknesses of X.509, plus the fragile and burdensome process associated with acquiring a certificate through a Registration Authority (RA).
Vulnerabilities focused on two areas, business processes and technical issues. The technical problems are centered on the “Common Name” and the crypto issues related to hashing algorithms. The weakest link is the weakest Registration Authority Globally who issues certificates without doing appropriate background checks.
Very specific attacks worked with an old hashing method called MD2, VeriSign is the primary certificate issuer of old certificates of this type. This legacy hashing algorithm is vulnerable to a future Mathematical Hacks that are predicted to surface in the next 6 to 18 months based on algorithms and computational power. This specific issue can be hacked through an offline processes so it is more sensitive VeriSign is working the to close this vulnerability, currently as of today there is no network evidence that this particular route has been used to impersonate smartcards or crack any firewalls.
The actual use of MD2 has stopped, but legacy application, systems and some browsers still accept certificates with this hash; specifically certificates issued by VeriSign 10 to 15 years ago, this is real “Network Persistence”. VeriSign’s VP of Marketing Tim Callan has stated: “We have started the process to close this vulnerability, but need to work with a large number of companies that built the MD2 verification process into their applications, so this may take months to close”. According to Len Sassaman, one of Dan’s co-researchers; “Self signature has no real purpose, but there still in the network”. Open SSL, Firefox and IE are currently being fixed to minimize the impact of a Mathematical hack.
Though the majority the vulnerabilities have been addressed in X.509, including the Numeric Codes used as Common Names, this technology is to fragile. Certificate can be valid, but different browsers will see these differently. With Internet Explorer, Netscape, FireFox all parse null strings, and strings with leading 0, differently. Each of these browsers need to be patched to minimize future problems, also all these browsers need to eliminate the use of MD2 certificates. Note: The hashing algorithm MD5 is also used in the Certificate Authorization, has also been compromised encryption (Stevens and Sotirov), so we need to plan in the future.