On paper and in theory, asymmetric authentication answers all cybersecurity concerns. But, is not the panacea that all the hype has made us believe. What make asymmetric ciphers “safe” is not the algorithm, key length or patents. It’s the ability to protect the Private Key. Once that Key is compromised the rest of the security flies out the window.
Asymmetric Keys are only as secure as the infrastructure, the technology, and the human element used to protect them. Bruce Schneier stated that, “The error of [my book] Applied Cryptography is that I didn’t talk at all about the context. I talked about cryptography as is if it were The Answer(tm). I was pretty naïve.”
The Complexity: Asymmetric authentication is a complex and involved infrastructure. The more complex an infrastructure is, the more places for a hackers to exploit. Certificates and Keys have brought serious complexity to network security. They require special Advanced Mathematics, Key Generators, Certificate Authorities, Registration Authority, Validation Authentication, Revocation Lists, Cryptographic Accelerators, Special Hardware (secure hardware modules and smartcards), specialized training, and more. Security is only as good as its weakest link, and there are a lot of links when it comes to networks and computers. Asymmetric authentication only adds to it. Complexity tends to create confusion, unknown parts, and mistakes. Keys are often mismanaged at best and, at worst, completely un-managed. The average corporation employing PKI has over 20,000 different cipher Keys and Certificates, and over 50% of those corporations’ IT administrators don’t know where all the Keys are located within their own network. This lack of knowledge allows hackers to easily inject their own certificates into networks, undetected by IT.
In a recent Ponemon Research: 2015 Cost of Failed Trust Report, it states: “Research shows the digital trust that underpins most of the world’s economy is nearing its breaking point, and there is no replacement in sight. Security professionals rank a Cryptoapocalypse-like event, a scenario where the standard algorithms of trust like RSA and SHA are compromised and exploited overnight, as the most alarming threat.”
Registration/Certification Authentication (RA and CA): With the increase in identity theft, it’s not always about the victim’s credit card. It’s about stealing a person’s good reputation so hackers can then use that information to request certificates into an RA to start their attack.
If stolen identities are used or the CA gets hacked, bogus certificates are issued. In 2011, a Dutch CA was breeched when a hacker impersonated an RA. The fraudulent certificates affected the operating systems, applications, and browsers of such industry giants as Google, Microsoft, Yahoo, Mozilla, and others.
One of the components that allowed Stuxnet to infiltrate the Iranian nuclear enrichment system in 2010 was the use of what Windows thought was a valid certificate. This certificate weakness example demonstrates an administrative problem and not whether certificate-based systems offer viable authentication.
Key Storage: Where do you keep the Private Key is important. Debbie Deutsch and Beth Cohen in their June 17, 2003 eSecurityPlanet.com article, “Public Key Infrastructure: Invisibly Protecting Your Digital Assets,” summed up the security of the Private Key as follows:
PKI operation depends on protecting the Private Keys. Sometimes keys are generated by a computer and stored in memory and on disk. This is acceptable for everyday security. However, it is possible for someone to break into the computer—perhaps in person, perhaps over a network—and retrieve the Private Key. As a result, very sensitive information or resources need greater protection. Specialized hardware peripheral devices can provide stronger security by generating Keys, signing, and decrypting information, so the Private Key never leaves the device. Protecting the Key then becomes a matter of protecting the device from unauthorized use. It may be carried by its owner, locked up, password protected, etc.
Here’s another example: Cloudflare, a popular off-site storage hosting service, launched “The Heartbleed Challenge” on April 11, 2014. They tasked the hacking community to use the “Heartbleed” virus to steal the private Secure Socket Layer (SSL) keys off their servers running the Open SSL framework. The results of the challenge surprised even Cloudflare.
Nine hours later, software engineers Fedor Indutny and Ilkka Mattila at NCSC-FI had obtained the server’s Private Keys. Cloudflare announced that it is possible to expose the SSL private encryption keys. Both Indutny and Mattila sent numerous pings (2.5 million and 100,000 respectively) requesting the Private Key. The next day, two other hackers were able to get in. It seems that when a server reboots, there is a period of time when these keys are vulnerable, and Cloudflare rebooted the server about six hours into the challenge.
The Insider: In a recent article I read it was surprising to see that 20% of employees are willing to sell their company’s logon passwords on the black market for $1000 or less. So does that mean asymmetric ciphers protect against the insider threat? No. It you have untrustworthy employees who are looking for more money, or are disgruntle, they will always find ways to hurt the company. The trick is to limit their knowledge and keep a record of logon activities. Asymmetric and symmetric authentication is irrelevant since both are able to hide secrets and create reports.
Key Storage: When a customer pays for a purchase with an ATM or Debit card, they type in a PIN. PINs are supposed to be encrypted in transit, which should theoretically protect them if someone intercepts the data. The problem, however, is that a PIN must pass through multiple HSMs across multiple bank networks before it reaches the customer’s bank. At every switching point, the PIN must be decrypted, then re-encrypted with the proper Key for its next leg in its journey. That PIN can be grabbed by an IT person inside the network.
The security of the entire process depends on by whom and how well these HSMs are configured and managed. The most common method criminals are using to get the PIN numbers is to trick the application programming interface (or API) of the hardware security module (HSM) into providing the encryption key. This is possible due to poor configuration of the HSM or vulnerabilities created from having bloated functions on the device.
In a Cambridge University paper published in 2003, a researcher presented how attacks, with the help of an insider, would yield PINs from an issuer bank’s system. Then in 2006, two Israeli computer security researchers devised a much more sophisticated attack that also required the assistance of an insider. With access to the HSM and the API, knowledge of the HSM configuration, and knowledge of the network’s architecture, it is possible for a hacker to acquire bank PINs.
Brian Phelps, Director of Program Services for Thales Group, emphasizes that the problem is how systems are configured and managed. “It’s a very difficult challenge to protect against the lazy administrator,” Mr. Phelps said. “Out of the box, the HSMs come configured in a very secure fashion if customers just deploy them as is. But for many operational reasons, customers choose to alter those default security configurations—supporting legacy applications may be one example—which creates the vulnerabilities.”
Hacking the other parts: Smartcards are also used to generate and store Private Keys. Because of their mobility, they offer a good alternative to a server-based HSM. When the Sykipot, a zero-day Trojan, was combined with a keylogger malware, thieves were able to steal a smartcard’s PIN and read the stored certificate. While the smartcard was never actually cracked, Sykipot capitalized on a weakness found in the computer’s operation system and applications that allowed the hacker to take control of the smartcard as if he were the owner.
The U.S. Department of Defense (DoD) uses one of the most advanced and expensive PC/SC x.509 deployed multi-factor smartcard infrastructures to date. In 2011, the DoD claimed that Chinese hackers infected their computers with the Sykipot virus and stole the PIN numbers of many government employees’ smartcards. With these PINs, the hackers were able to use the stored certificates to access files and networks. The DoD has yet to publicly disclose what information was accessed or the sensitivity of the data.
Surrender All Your Key: Well, I think most of us are aware of the Apple-DOJ-FBI fight to get the encryption keys to unlock (backdoor) the Apple iPhone. This is not the first time such an attempt has been tried by the government. Remember the “Clipper Chip?” There has also been the argument to make a global “Key Escrow” of Private Keys. This would splits up a Private Key into two parts. If you get half of it then the time to break the other half is cut exponentially. Where the escrow Keys are stored will now also be a target.
In July, 2013 where the United States Department of Justice (DOJ) demanded, and then subpoenaed, a privately held company, Lavabit LLC, surrender the private encryption keys of their 410,000 customers. What is particularly disconcerting about the Lavabit case is that the DOJ believes that it can take away the privacy of innocent civilians in order to investigate one nefarious suspect.
Putting the privacy rights argument aside, there is a vulnerability with the security of Private Keys. The logic follows that a subpoena assumes that an IT administrator has the ability to gain access to the Private Keys. Access confirms that the Private Keys are vulnerable. Since the Keys are vulnerable, they will be targeted by hackers, organized crime, nation-states, hacktivists, and others. If they are targeted, they are susceptible to compromise. If compromised, the security of that PKI installation is destroyed.
Cost: One of the biggest barrier for companies to deploy asymmetric authentication is the costs. Some of the expenses include more backend server hardware, advanced smartcards, training of the IT staff and building up relationships with RAs and CAs. Furthermore, the long term expense is what really hurts: employee turn-over.
Companies are constantly having old employees leave and new ones come in. A certificate is “Non-Transferable.” So if the company bought a cert for $150 and then the employee leaves within 6-month, now the company has to start all over again to purchase another key. The costs includes HR/IT time to gather and submit the information, the cost from the RA and CA, new credential, and so forth, Depending on the industry and size of the business, this could become a very substantial expense of time and money.
Finally, so few operating systems, websites, and applications actually use asymmetric keys or certs to logon. The more common approach is to use the cert to access the computers LDAP or Active Directory (AD). The AD actually stores the URL address, user name and password. So all the cert does is authenticate into the AD, symmetric authentication is not eliminated from the system.
Wrap-up: Do you abandon one authentication for another simply because it looks good on paper? No. If a flaw in the architecture is discovered, do you discredit the overriding strength of a technology or authentication philosophy? No, you fix it. Do you adopt a whole new authentication when the rest of the industry and components aren’t ready for it? Maybe / maybe not. The Rip ‘n’ Replace strategy causes more security problems because companies cannot justify the cost, security patches are introduced, and often the whole infrastructure is not understood or analyzed for weaknesses. Building upon existing infrastructures and developing a migration strategy will get cybersecurity moving faster and more securely.
Passwords (symmetric authentication) are also not going away for one obvious reason: They are one of the three legs to multi-factor authentication. By killing passwords you are reduce authentication from three-factor to only two. Something no security pundit would ever endorse. Plus, passwords are the only factor that can be changed quickly and inexpensively. Something of great importance when it comes to cybersecurity.
My purpose here is to educate readers to understand both the good and bad about every solution. Passwords have been made the scapegoat of the cyber industry when in reality they are a very secure form of authentication. If Private Keys and biometric templates were managed as poorly as passwords have been, then they too would be constantly criticized. The solution is to fix the password management side of the equation.
When it comes to cybersecurity, there are no silver bullets, one size fits all. Rather it is a layering effort. Put in enough layers and then frequently change some of the parameters (like passwords) can build a very strong front door. The doorway is only part of a cybersecurity strategy. There also has to be intrusion detection, anomaly monitoring, rapid response and many services added behind the firewall.
So often it takes time, and often too much time, to get everyone on board. This gives the hackers the advantage. People need help yesterday, but the best we can do is fix the problems of today. Instead of the security industry trashing one technology over another, it is better to understand all the security avenues from the user’s perspective, and that they all have merit. Technology is best when it solves a targeted problem; it fails when it searches for one. As I always say, “When security is cumbersome, no matter how technically advanced it is, employees will always circumvent security for their own personal convenience.”
Finally, as a shameless plug for my new book Making Passwords Secure: Fixing the Weakest Link in Cybersecurity, I discuss these and many more issues in much greater detail.
I think Bruce Schneier summed it up best in his introduction in Secrets & Lies: Digital Security in a Networked World where I quote. “If you think technology can solve your security problems, then you don’t understand the problems and you don’t understand the technology.”