Safety certificates

The hidden threats when using safety certificates

Cases of unauthorized invasion into systems and thefts of data become more and more frequent, and many organizations suffer from their effects, losing income, losing intellectual property, receiving claims from users or feeling the loss caused to a trademark of the company. The key problem consists here that in process of complication of technologies of protection, there are harder and harder also technologies of the attacks of malefactors.

Hackers actively look for new vulnerabilities in systems and create new methods for their discredit. Recently digital certificates, especially in case of the companies which mainly use such certificates for security of communications in IT systems become one of such purposes.

From many problems concerning certificates, one of them is connected with the organizations having rights of their issue such as VeriSign, Network Solutions, GeoTrust and in tens of similar. The large number of such organizations and risks connected with their discredit are a concern source for many IT heads.

The problem consists in this case that certification bodies can be skompromentirovana as such that took place, for example, with such organizations as DigiNotar, Comodo and DigiCert. These cases can be only an iceberg top, and the increasing quantity of cases such means only one — malefactors delivered methods of discredit of the bodies issuing certificates on an industrial basis.

The Microsoft company recognized that in 2012 malefactors could use its internal certificates, having got access to a subsystem of distribution of patches and to execute the attack like MITM (a-man-in-the-middle) that allowed to implement the malware on several thousands of computers. In this case, computers were infected with the notorious Flame virus which allows to collect and transfer imperceptibly outside information from the computer. This case showed that in Microsoft company vulnerable certificates for which signature was generated by a weak algorithm were applied.

In the last year, at least, to five certification bodies there were similar cases that allowed, in particular, hackers to intercept all traffic entering on the certain website protected by the changed certificate. Thus, at the general increase in trust to use of certificates there is nevertheless a probability of failures of systems because of their unauthenticity which effects are comparable with effects of other types of violation of security systems. Influence of such problems can be substantially weakened by application of anticipatory measures which usually are considered by the organizations as minor.

Unsatisfactory policy of management of certificates

The Gartner research company recommends to the organizations to estimate influence on their activity of the incidents connected with digital certificates. Simple cancellation of certificates can be not such short case as it looks at first sight. Many organizations lost control of the certificates owing to the disordered work with them.

Eric Oulle and Vick Vitmen, vice presidents of Gartner company, noted that it is frequent at approach of effects of expiration of certificates, in many organizations first of all pay attention to failures of the equipment or to problems with software, and only after that begin to look for a cause of error in use of certificates of standard X.509 with the expired validity period. It usually leads to big delays in determination and elimination of a basic cause of failure of a system.

When there is a malicious substitution of certificates, there is a set of the parties, guilty of it. Sometimes responsible for the incident call the people who are responsible for security in systems, sometimes appoint guilty vendors of software, and in other cases and end users who could not provide effective protection of access to storages of certificates. Nevertheless, the basic reason can consist in the unsatisfactory policy of management of certificates.

The main vulnerability of safety certificates consists in management of these certificates, but not in certificates as such or in basic technologies of security — eventually, is proved that cryptography techniques and protection have very high reliability.

When the malefactor can manage the certificate, or is capable to forge it or to make it invalid, all advantages of use of digital certificates become only theoretical. Additional problems appear when at certificates validity period expires: if not to trace it and in time not to renew them, then in systems to the certificates which lost force there can be failures. Permission of such situations requires anticipatory approach, but understanding of the prime causes of the problems connected with certificates is the first step in this direction.

Problems of such type can be formulated as follows: the industrial companies often do not know how many certificates they have and where they are stored. It complicates the procedure of management of them.

In a number of the organizations standards of security in which length of keys and encryption algorithms are defined are accepted. Very often, specialists in the field of security experience difficulties in the choice of length of keys — 1024 or 2048 bits.

Encryption keys are used in the SSH protocol for a remote input on Unix - and Linux system. A number of auditing organizations already indicated the risks connected using SSH.

The threats connected with encryption keys

For the last 16 years use of certificates accepted explosive character — they are applied both in systems, and to interaction between systems, both on routers, and in software applications. It aggravated a problem of management of certificates, in particular, because certificates and the related encryption keys are used in a manual way. Moreover, malmanagement of keys for enciphering creates the same security risk, as well as malmanagement of certificates.

When using keys for enciphering, data are ciphered and will be decoded using keys of two types — the secret key is used for data encryption, and the public key (used by the host party) is applied to decoding. I.e., possession of these keys is a way to gaining access to confidential information, and therefore they should be protected reliably.

Survey of 471 senior managers in the field of security conducted by Venafi certifying authority showed that 54% of respondents came up in the organizations against a situation when keys for enciphering either were stolen, or were unaccounted. IT managers, technical directors and chiefs of information services often used possibilities of transition to longer keys for the purpose of increase in security of systems and data protection, but it sometimes yielded ambiguous results: malicious invasions continued to take place and quantity them only increased.

The Gartner company issued the research report 'Management of certificates on the basis of standard X.509: elimination of risks and damage of reputation' in which the recommendations concerning security when using certificates are made. 'The organizations in which about 200 or more issued certificates on the basis of standard X.509 are used are included into group of the high risk connected with unplanned expiration of certificates or with certificates which were requested, but were not enacted. In this case, the organizations should begin as soon as possible the formalized procedure of reclamation of certificates'.

'The automated procedure of verification of certificates and their updating will allow to minimize risk from effects of unplanned expiration of certificates. Manual or automated management of certificates should be used for increase in responsibility in application of X.509 - certificates in the organizations'.

'The companies need to have the register of X.509 - certificates and issuers of certificates to minimize damage at discredit of certificates, suspicions on discredit or at the direct attacks that were influenced by some organizations which are engaged in release of certificates in the last 18 months. Besides, the companies should have accurately registered plans of what needs to be done when there was a discredit of certification body and, thereby, the security system is broken'.

Protection of the organizations against the violation of their security system and temporary failure to act caused by such incidents requires anticipatory actions on the basis of common sense and situational knowledge. The companies which headed for effective security technologies will be better prepared for reflection of the attacks and threats of more sophisticated type.

You watch also (Affiliate programs)

• The hidden threats when using safety certificates