Trust Of The Web
It is the big trend of the moment, yet totally antinomic with the conception and design of the Internet. How to trust anonymity ? We are confronted every day with this need of Trust on the Web.
This article aims to make a point between trust as we know it in the real world and the trust we get in the digital world. We will see that the conception of digital trust is not representative of the real world and that efforts still need to be made to achieve something viable.
The social and political side is transversal to trust and regalian notions come to mix with this big subject.
What are we talking about?
Here I’m mainly talking about the most used PKI (Public Key Infrastructure) in our computer world which is TLS/SSL. For those who really don’t know what is it, it is the protocol you use to secure your communication with my blog. It’s https. This protocol is a good way to expose the risks and problems encountered in a PKI.
There are many other PKI to which less attention is paid such as WhatsApp or Telegram but also Bitcoin which in itself provides information relatively similar to a traditional PKI.
A PKI is simply the distribution of cryptographic public keys. It’s quite a story between Bob and Alice in an asymmetrical exchange. It’s quick to say, but to be reliable (and secure), it requires solving some headache.
To really simplify things, if I wanted to send you an encrypted message, well I would have to retrieve your public key. With this one, I could encrypt the message and only you will be able to decrypt it with your private key.
The PKI corresponds precisely to the way these keys are distributed. So if a PKI was to send bullshit, you could send a message to an intelligence service and it could forward it to the real source but with false data.
Thus the PKI gets all the attention. So much so that it can be defined as the weakest link in a cryptographic chain. I would even say that it has become the central technical point that we could call digital trust.
TLS/SSL uses a generic file format called x509 to store the different public and private information as with PKCS12. I won’t go into details because x509 and its subsets are really complex and mix an impressive number of components.
The Usufruct
In the TLS/SSL architecture, the entities that manufacture their certificates are not authorities. This notion is important because it does not offer any bias on the fact that the TLS (PKI) makes it possible to see that the certificate holders are not the actual owners of the certificates. Therefore, TLS/SSL certificate holders can be assimilated to entities that simply have the usufruct of the certificate in question.
On the other hand, there is no proof (mathematically speaking) that another authority has not manufactured another certificate and offers the usufruct of this certificate to another entity on the same common name. It is a bit like making 2 houses one on top of the other … I understand that this image is strange but it represents quite well what happens with our systems.
To obtain a valid certificate, it is essential to go through a certificate request (CSR) to an authority. It is this authority that will provide the certificate and the chain associated with it. With this protocol, nobody will have the right to derive this certificate, provided by the authority, nor the right to sign other (sub)certificates.
From now on, you must remember one thing: you are not an authority. For this reason, it is preferable to buy your SSL/TLS certificates from the authority of your country. For example, if you wish to obtain SSL/TLS certificates from the Swiss Confederation, it would be more judicious to turn to Swisssign in case of legal issues.
The problem arises on a larger scale in our social life. Every day, we are confronted with the need and obligation to issue information that only each of us is capable of producing. When you write a letter or produce a legal act or use your mandates, you have authority over what you emit as information, in any case, in real life (speaking, writing, gesture) but absolutely not in the digital world.
In the digital domain, a legal act that does not come from you can be considered as valid because the chain of authorities is unreliable. In order to understand the deception and remove suspicion, you usually have to go back to real world. But it’s not always that simple and it’s likely to become even less so.
Certificate Authority
Certification Authorities operate in an opaque, uncontrollable and potentially already compromised world. I’ll start at the end. Can we prove mathematically that Certificate Authorities are secure and that there are no other intermediary CAs on the Internet?
In order to understand the basis of the intermediate CA or certificate chain, we need to understand the technical need for authorities that use HSMs (Hardware Security Module) to sign certificates. In order to isolate HSMs, each one receives an intermediate certificate issued by the CA. These certificates are not known by a mathematical proof (except its attachment to the parent CA) and exhaustively (at least not publicly). They are stapled with the server certificate when connecting a client to a server. This is also known as certificate chaining.
From a security point of view, one could say that it is a good thing to isolate powers. However, if one of my HSMs were to be compromised, I would immediately disassemble the parent CA because it will certainly use the same IT architecture, team, hardware, management etc…
In any case, the simple fact that this intermediate CA obtains an authoritative right without being referenced (or consensually accepted) makes the whole system unstable and does not respect the traceability obligation that any cryptographic implementation must have.
The most real scenario (a bit crazy anyway) would be the following:
- A CA is compromised, an intermediate certificate is manufactured, nobody knows it…
- A MITM (Man In The Middle) attack is performed on a specific Web or Mail server (on submarine cables, that way it’s more fun). The server traffic is intercepted but TLS encrypts the communications.
- Traffic to OCSP responders is blocked with RST TCP eliminating potential traces. A true false OCSP Stapling response can also be stapled to the server certificate.
- The interceptor will use the intermediate certificate to rebuild the server certificate.
- User traffic is intercepted by proxies and everything is passed in clear text 👌
The user can detect an ongoing interception by monitoring the fingerprint of the certificate obtained. However, this verification renders the entire TLS/SSL chain obsolete since if a certificate fingerprint is known to be valid then there is no longer a need to verify the certificate chain.
At CTF, in order to exchange information on the Web between team members, we preferred to make a self-signed certificate (therefore invalid according to TLS/SSL and CAs) and then “share” the fingerprint between us through secure channels. In this case, interception was made impossible. We obtain the ultimate security in terms of trust.
The other major problem with CAs is that they are private companies and, globally, each of them has its own network of trust where they add and remove authorities as they want (even if some of them make efforts). The traceability is not necessarily total and the law applied to these legal entities is usually under the law of the USA.
In another article dealing with the topic of DNS attacks I talk about different possible techniques to intercept Internet traffic. PKI can be severely affected in case of an attack. In fact if you compose an attack of several underlying vectors then you get a particularly vicious attack tool. The PKI of TLS and DNS is quite mixed in this sense.
The exhaustiveness (in particular because of the intermediate CAs) of the trusted network is not known, its architecture allows interception and very often the right of reference is that of the USA, so we can affirm that these networks are not trusted networks.
Trust, a social tool
It was interesting to note that trust is directly linked to a psychological concept. It is also interesting to look at the Latin root of trust, “confidere” (“avec” and “fier”), which means to hand over something precious to someone, trusting in him and thus abandoning oneself to his benevolence and good faith. It is like a trust is a gift of self.
“Trust is a psychological state involving the intention to accept vulnerability based on positive expectations about another’s intentions or behaviour”.
In real life, trust could be projected into a network because if we give of ourselves we don’t just give what comes from us. Thus a third person can attest to a trust by rebounding and we memorize it. It is an obvious networking concept that everyone practices consciously or unconsciously every day. If you think about it, you realize that the evolution goes through the trust box, without which it would be impossible for a social group to organize itself.
In the same way, belief is omnipresent in trust because we cannot generally materialize trust information, we have not materially observed it.
You are not born knowing who is king, queen, president of this state. This information is not recorded in your memory or your DNA. You are taught this information and you can trust the information you are given (if it is from a reliable source). This is why trust is often brought back to the regalian power.
Web Of Trust
Web of Trust is a concept used by PGP, GnuPG, and other OpenPGP-compatible applications. The Web Of Trust allows to check the relationship between public keys by reputation. To do this, identity certificates are verified by the digital signature of other users. These users, by signing this certificate, can reinforce (and for others) the association between a public key and the person or entity designated by this certificate.
Beware, there is a latent confusion in the Web Of Trust. It is not intended to show a link between a public key and a digital identity, in fact this identity is accepted consensually but it does not indicate whether it is authentic.
The Web Of Trust is a bit like a science fiction movie that necessarily ends badly. On second thought, we don’t necessarily need a Web of trust but rather a Trust Of The Web or the difference between cause and reason.
https://portswigger.net/daily-swig/openpgp-cert-spamming-attack-throws-encryption-system-into-chaos
True and False
Trust has no field, it is not synonymous with correction or (good) judgment. It can mean something good or bad, true or false.
Here we refer to the abuse of the trust that others may have in a whole. It comes down to talking about ideas that can be hijacked by individuals, groups, … We are talking about the belief that we have in a set of things to build our own judgment.
Thus trust does not determine whether something is good or true, it will just determine its validity by consensus and in particular thanks to the notions of number / vote present in the concept of trust. Whoever is not aware of this can find himself in the middle of a battlefield without even understanding why.
“It is because they are all wrong that they are right”.
In the digital world, everyone must take responsibility, and everyone must have the right to that responsibility, just as they do in the real world. Digital must not transgress these rules at the risk of seeing people abuse them (even more) by inflicting damage that can already be seen in the real world.
Individual interest above all
Trust is above all an individual interest because it allows him to discover the world more simply and safely. Trust is an essence of curiosity but can also become its fuel.
As indicated above, trust has no field but it is nonetheless essential for the individual. It is a (primary?) public interest, it should be open, transparent and accessible to all without complexity.
The Machine
The machine needs digital confidence as much as a human does. Imagine a world where a state would have confidence in current systems and manufacture driver’s licenses and IDs based on existing CAs. A person in authority (CA) could manufacture all the documents and become Swiss in a few seconds. He could pass through any type of access control device.
That’s why the machine needs trust because it will automatically check a lot of things and will use OCSP and TLS/SSL (x509) to do that. As explained elsewhere, malware verification involves application signatures verified by your machine.
So you can’t dissociate the need for trust for a human or a machine. Machines have to trust in us.
Blockchain Assistance
We see that the so-called superior architecture is opaque (due to its old age) and this simply because it is impossible to formally trace the movements of authorities.
It is here that a witness blockchain and network can be used to improve this traceability and block some attacks. The interest here is to obtain traces commonly accepted by nodes of a network that become, in concept, witnesses of movements.
One could push the subject further by saying that these nodes could also be compromised. I will not deal with this subject in this article, but it is of course possible to obtain perfect transparency from the nodes of the network. It’s all a matter of architecture and individual willingness to achieve digital respect.
Daily
I’m like everyone else with my pile of cards and papers of all kinds indicating that I have an identity (!), a driver’s license, insuranceSSSssssSS, etc…
And yet, I see people fascinate me about Mars colonization projects that seem so far away. What is the relationship you may ask me. Well, we would be ready to go to Mars without being able to have a real network of trust that would allow us to simply agree on the digital validity of a paper that we make and that incidentally costs the planet an arm (and 2 legs).
And I am also, like you, to have to send original papers by mail in this Covid19 period or to have to travel to obtain certified compliant documents. Especially when one knows that scanning a paper document removes all protection (authenticity) from it.
In the end, I would like to have Trust in the Web when it is necessary and I am not interested in the question of knowing if a network is made of trust (?).