Does SSL Equate to Privacy?

by Colin Berkshire

Colin here.

Perhaps the most frequent question I get asked recently is whether SSL/TLS security certificates protect the privacy of communications. Should we all switch to using SSL/TLS for our electronic communications?

The short answer is that it depends upon who you want to protect your communications from: The government or from private eavesdropping thieves?

Security certificates encrypt communications using a “chain of trust.” An SSL certificate is issued to you from a company that you buy it from. That company is authenticated by a company that they buy a master certificate from. And, finally, the root certificates are authorized by some master authority.

Each level down the chain of trust has access to both the public and private encryption keys, and thus you trust them to hold their keys secret so that your own secrets are kept secret.

If you are concerned about keeping communications private from commercial eavesdroppers, then 256 bit security is relatively effective. It takes about a year to slice through 256 bit encryption with current botnets and hacking computers. The older 128 bit encryption is no longer very secure and can be cracked in a matter of hours or days by a sophisticated intruder.

But, if you want to have privacy from government the story is entirely different. You have no privacy whatsoever. It has long been hypothesized that the government has some secret mathematical back-door to decrypt SSL encrypted communications. I don’t know if this is true or not. I have never been informed that this is the case, although some of the early DES encryption standards did have such a built-in “feature.”

A magician performs slight-of-hand right in front of you with your eyes open and with an entire audience watching. The same thing applies to government decryption of SSL encrypted traffic.

Remember that the SSL certificate authority has access to BOTH the public and private keys. This is how they sent you the private key. Duh. So you inherently trust the certificate authority to keep these secret. And, their key issuance is dependent upon the master key issued to them, and so on up the chain of trust.

But consider for a moment what the implication would be if the top-level keys were known by the government? Why, of course, all of the certificates underneath could be compromised.

There are two ways of performing this compromise of all certificates ever issued…

The first is simply to decipher the certificates down the chain. This takes some work, but as you are starting with the encryption key it isn’t that much work. It’s a viable solution, and one that I am told is used.

The second attack is a form of a man-in-the-middle attack. Basically, if you are a government you can redirect certificate validation requests to your own servers rather than to the real issuing authorities. This is trivial. You just change the IP address in the DNS table. So, if you wanted all certificate inquiries for a particular user to go you you, (the government) instead of the actual authority then you just return your own IP address when the DNS inquiry is made. Now, you are the authority. The nice thing about this particular attack is that it can be done for a whole country by changing the top-level IP address or it can be done for just a single user by sending just that one user the fake IP address. Consequently, it would be trivial for Comcast to compromise the certificates for any single one of their users.

There are many variations of this compromise. Another method is to hijack the real IP address for the certificate authority by putting in special router instructions to re-route traffic to yourself. This is a popular method for foreign governments.

I have over simplified just a bit. But the concept is simple: The easiest way to attack highly encrypted communications is to compromise the chain of trust. And, this sort of compromise should take an entry-level network engineer just a few minutes.

For those who are less technical, let me offer this: Remember that if you have the public and the private certificate you can decrypt all communications. The certificate issuing authority has both of those things. So they can simply give them to the government. (No rocket science there.) And, when the public and private keys were transmitted to and from the certificate authority…and if that communications channel was being monitored by the government then they also acquired them as they were sent to you.

So, let’s come back to that analogy of magic and slight of hand because it is very applicable here.

Everybody spends a lot of time speculating on whether or not the NSA has the ability to crack strong encryption. This is an endless debate which is almost silly. The NSA has access to the top-level encryption certificates. They record all communications. They can slice through certificate-based encryption like a hot knife through butter. They do this either through compromised top-level certificates and/or by having the public and private keys either from being intercepted via transmission or simply by asking for them (in real-time?) from the issuing authority.

So as this whole PRISM thing unfolds, we should not even bother to debate why the NSA is intercepting all of these encrypted communications and whether they have the ability to decrypt them. They cut them with ease, and don’t even have to resort to brute force.

So, the next time you think about installing SSL to keep your secrets private you need to ask yourself: Who are you keeping them private from? If from thieves then SSL works. If from the government then you are kidding yourself. Don’t be silly.