Skip to main content
banner image
venafi logo

Do Not Blindly Trust Keys and the Encrypted Tunnels They Create

Do Not Blindly Trust Keys and the Encrypted Tunnels They Create

encrypted tunnels
January 4, 2017 | Nick Hunter

Recently the Department of Homeland Security and FBI released a joint analysis report (JAR) that provides the details of methodologies used to compromise and exploit sensitive data related to the U.S. election, as well as a range of U.S. Government, political, and private sector entities. That this attack could occur in a nation where critical infrastructure standards are so well defined highlights the need for increased scrutiny—in this case for encryption assets, such as digital keys and cryptographic certificates. 

The techniques used by adversaries to infiltrate the victims’ infrastructure for these election attacks are not unique. They are certainly not revolutionary. And these kinds of attacks will continue to remain undetected anywhere that encrypted traffic is natively trusted and minimally inspected. The problem is even more likely to occur when the associated private keys are not scrutinized and protected.

How can we prevent an attack of this severity from happening again? We can learn from physical attacks of a similar nature. Let’s take the example of a bank robbery where no one saw the robber. How was it robbed? Criminals may have used tunnels that went underground and came through the floor within the vault. Lately, there has been a lot of talk about building walls to protect borders, but a wall cannot protect against tunnels that go from a church in Mexico to a warehouse in California. Attacks that hijack encryption face essentially the same problem.

Tunneling is used in the internet world to communicate via SSL/TLS & SSH. These types of tunnels are natively trusted because their “identities” are linked to known certificates. When we natively trust a tunnel, we assume the certificate presented is that of the trusted actor, and therefore we trust whatever they do within the tunnel. In the case referenced in the diagram below, the espionage adversaries didn’t have to use “trusted” keys and certificates. They used their own unique private keys to appear to be trusted to establish an encrypted session, or “tunnel”. Once this trust was established and the tunnel was set up they could perform their attack and remain undetected.


If the unique rogue keys had been discovered, it would have indicated a possible attack. But that discovery would have required the organization to have the complete visibility that would identify keys that were not trusted or were installed in a location (or locations) they shouldn’t be. Because the organizations that were attacked did not have this intelligence, they were unable to locate this illegitimate tunnel, and the malicious actor remained free to perform the attack and steal data through the tunnel.

As encryption becomes more widely used and more tunnels exist, every organization will need to have complete control and visibility of all the keys end certificates that enable them. The only way to verify that our tunnels are legitimate, is to have real-time intelligence that can help us identify which tunnels can truly be trusted, where they are trusted to exist, and most importantly, exactly who is using them.

Like this blog? We think you will love this.
wildcard certificates
Featured Blog

Wildcard Certificates Make Encryption Easier, But Less Secure

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

Subscribe Now

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Nick Hunter
Nick Hunter

Nick Hunter is an accomplished infosec leader with proven performance in driving revenue through successful strategy, enablement, pre-sales, and marketing. He was formerly Sr. Technical Marketing Manager and Product Manager at Venafi.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more