The SSL certificates that are required to encrypt your online services, such the HTTPS delivered web, are tied to domain names. Very often someone will own a domain name for a limited period of time. Let’s say for instance I bought the rights to hyperdimensionneptunia.ca for three years. During that three-year period, I made a secure website which uses that domain name, at URL https://hyperdimensionneptunia.ca. I needed SSL certificates for the HTTPS protocol’s TLS implementation to work properly, so I had them made by a certificate authority and deployed them.
Time passes and I get bored with my JRPG video game fan website, and I don’t bother renewing my ownership of hyperdimensionneptunia.ca after the three year period. People still have SSL certificates on their PCs and mobile devices for the expired domain because they visited https://hyperdimensionneptunia.ca while I hosted a website there.
A few months after I let hyperdimensionneptunia.ca expire, someone else buys it. This presents a difficult cybersecurity problem. Some certificates have multiple domain names (“hyperdimensionneptunia.ca” and “nepneppudding.org,” for example). Sometimes one domain name remains registered to the same owner, but the other domain name expires, which really complicates the problem further. Researchers have even found a certificate with about 700 domain names on it!
Ian Foster and Dylan Ayrey created their Insecure Design project to bring attention to the problem of old SSL certificates and the changing ownership of domain names. Their BygoneSSL demo shows why this security problem is a major man-in-the-middle attack and denial-of-service attack vulnerability.
There used to be no simple way to track expired SSL certificates. Then in 2013, Google launched their Certificate Transparency project. According to the website:
“Google's Certificate Transparency project fixes several structural flaws in the SSL certificate system, which is the main cryptographic system that underlies all HTTPS connections. These flaws weaken the reliability and effectiveness of encrypted Internet connections and can compromise critical TLS/SSL mechanisms, including domain validation, end-to-end encryption, and the chains of trust set up by certificate authorities. If left unchecked, these flaws can facilitate a wide range of security attacks, such as website spoofing, server impersonation, and man-in-the-middle attacks.
Certificate Transparency helps eliminate these flaws by providing an open framework for monitoring and auditing SSL certificates in nearly real time. Specifically, Certificate Transparency makes it possible to detect SSL certificates that have been mistakenly issued by a certificate authority or maliciously acquired from an otherwise unimpeachable certificate authority. It also makes it possible to identify certificate authorities that have gone rogue and are maliciously issuing certificates.”
Foster and Ayrey determined that about 7 million domain names share a certificate with a bygone domain!
Here’s how BygoneSSL denial-of-services work. A certificate has both “hyperdimensionneptunia.ca” and “nepneppudding.org.” Hyperdimensionneptunia.ca expires, but I maintain ownership of nepneppudding.org. If someone else buys hyperdimensionneptunia.ca, my ownership for nepneppudding.org can be revoked because it is shared with hyperdimensionneptunia.ca. That’s so devious and simple that even Arfoire would be impressed.
Here’s how BygoneSSL man-in-the-middle attacks work. My SSL certificate has my expired hyperdimensionneptunia.ca and my maintained nepneppudding.org. Someone else buys hyperdimensionneptunia.ca. I can then use my old certificate to authenticate into HTTPS sessions from hyperdimensionneptunia.ca’s new owner’s website, acting as a man-in-the-middle.
So, in both of these cyber attack scenarios, the new owner of hyperdimensionneptunia.ca can perform a denial-of-service of my nepneppudding.org website by revoking my domain name. But I can perform a man-in-the-middle attack on the new hyperdimensionneptunia.ca website.
The key to preventing this vulnerability is to keep track of your domain name ownerships and when they expire. If you decide to let a domain name expire, contact your certificate authority to revoke the certificates with the expired domains and generate new certificates that only have your currently owned domains. If you lose track, Google’s Certificate Transparency project may be able to help you find which of your domains have expired.