New, major weakness in Internet security reported

Published 31 December 2008

New weakness discovered in Internet security; the vulnerability allows impersonation of secure Web sites and e-mail servers; it also allows hackers to perform virtually undetectable phishing attacks

Independent security researchers in California and researchers at the Centrum Wiskunde & Informatica (CWI) in the Netherlands, EPFL in Switzerland, and Eindhoven University of Technology (TU/e) in the Netherlands have found a weakness in the Internet digital certificate infrastructure that allows attackers to forge certificates which are fully trusted by all commonly used web browsers.

This weakness allows impersonation of secure Web sites and e-mail servers. It also allows hackers to perform virtually undetectable phishing attacks, meaning that visiting secure Web sites is not as safe as it should be and is believed to be. By presenting their results at the 25C3 security congress (official name: Chaos Communication Congress) in Berlin yesterday, 30 December, the experts said they hope to increase the adoption of more secure cryptographic standards on the Internet and therewith increase the safety of the Internet.

When you visit a Web site whose URL starts with “https,” a small padlock symbol appears in the browser window, indicating that the Web site is secured using a digital certificate issued by one of a few trusted Certification Authorities (CAs). To ensure that the digital certificate is legitimate, the browser verifies its signature using standard cryptographic algorithms. The team of researchers has discovered that one of these algorithms, known as MD5, can be misused.

The first significant weakness in the MD5 algorithm was presented in 2004 at the annual cryptology conference “Crypto” by a team of Chinese researchers. They had managed to pull off a ”collision attack” and were able to create two different messages with the same digital signature. This initial construction was limited, but a much stronger collision construction was announced by the researchers from CWI, EPFL, and TU/e in May 2007. Their method showed that it was possible to have almost complete freedom in the choice of both messages. The team of researchers has now discovered that it is possible to create a rogue certification authority (CA) which is trusted by all major Web browsers by using an advanced implementation of the collision construction and a cluster of more than 200 commercially available game consoles.

All this means that the team of researchers has managed to demonstrate that a critical part of the Internet’s infrastructure is not safe. A rogue CA, in combination with known weaknesses in the DNS (Domain Name System) protocol, can open the door for virtually undetectable phishing attacks. For example, without being aware of it, users could be redirected to malicious sites that appear exactly the same as the trusted banking or e-commerce Web sites they believe to be visiting. The Web browser could then receive a forged certificate that will be erroneously trusted, and users’ passwords and other private data can fall in the wrong hands. Besides secure Web sites and e-mail servers, the weakness also affects other commonly used software.