In a recent study, academic researchers found a thriving marketplace for TLS certificates sold individually and packaged with a wide range of crimeware. These services deliver machine-identities-as-a-service to cybercriminals who wish to spoof websites, eavesdrop on encrypted traffic, perform man-in-the-middle attacks and steal sensitive data. In this post, I’m going to focus on a different element of certificate mis-use—the abuse of root certificates. I’ll also highlight some indicators for analyzing certificate misuse as well as explore the impact of Certificate Mis-issuance and Certificate Transparency.
First, a bit about root certificates. Root certificates are the linchpin of authentication and security. Indeed, they form the basis of an X.509-based public key infrastructure (PKI), determining the foundation of trust for an organization. In a certificate trust tree or certificate path, the root certificate is at the pinnacle and certificates signed by it inherit the trustworthiness. What does this mean? To use a real-world analogy, a signature from a root certificate is somewhat comparable to having your personal signature notarized by an authorized entity.
Because of the inherent trust that they engender, root certificates are incredibly valuable—not only to organizations, but also to the attackers that wish to compromise those organizations or impersonate an organization for financial or other gain.
Attackers have used the tactic of illicitly obtaining a root certificate in many incidents and campaigns—highlighted by MITRE’s ATT&CK framework—because it can allow them to:
It’s important to continually monitor SSL/TLS certificates for any security risks or vulnerabilities. When analyzing TLS certificates either as part of a potential or actual incident investigation or as part of security audit or review, the following are some indicators or areas that one can look for:
The abuse of root certificates can occur when a particular CA issues a TLS certificate improperly. This could be due to any of the following:
When you discover that certificates are mis-issued, it is important that you remediate the situation immediately. The longer it takes you to invalidate the mis-issued certificates, the longer attackers have a window to abuse them.
One of the ways to mitigate this concern of abuse associated with mis-issued certificates is to provide the user with the capability to audit / monitor certificate issuances of trusted CAs. Google’s Certificate Transparency (CT) effort, started in 2013 was created to address this to improve security by allowing analysis of suspicious certificates. The use of the word “Transparency” in the name comes from the framework’s public auditing and public monitoring features.
The setup of Certificate Transparency adds a public oversight framework for the current SSL/TLS ecosystem. In other words, it allows anyone to log, audit, and monitor SSL/TLS certificates that are newly issued via any of the CAs such as DigiCert, GlobalSign etc. It’s important to note that while Certificate Transparency helps in the detection of mis-issued certificates, it cannot prevent certificate mis-issuance.
CT logs utilize a crypto mechanism called Merkle Tree Hash that doesn’t allow modification or deletion of entries, so once posted they become visible to the public. Also, CT does introduce some privacy and security risks due to the ability for an attacker (with the help of CT logs) to conduct reconnaissance and extract info. in potentially mounting an attack. Because a discussion of such risks is outside the scope of this blog, I will discuss that issue in a separate post.
Without Certificate Transparency, it would be difficult for a legitimate domain owner to detect whether an authorized but undocumented or otherwise unexpected certificate was issued for their domain. Also, Certificate Transparency enables a legitimate domain owner to determine in a timely manner if any unauthorized certificate(s) were ever issued as part of a security compromise or breach.
While Certificate Transparency is an important tool in detecting and preventing the abuse of root certificates, it is not the only tool. It is also critical that you protect the entire certificate lifecycle for all machine identities used in your organizations. To learn more about how you can do that, click here.