October 21, 2012

Planet SSL: mostly harmless

One of the essential requirements of any system is that it actually has to work for people, and work enough of the time to make a positive difference. Unfortunately, this effect can be confused with security systems because attacks can either be rare or hidden. In such an environment, we find persistent emphasis on strong branding more than proven security out in the field.

SSL has frequently been claimed to be the worlds' most successful most complicated security system -mostly because mostly everything in SSL is oriented to relying on certificates, which are their own market-leading complication. It has therefore been suggested (here and in many other places) that SSL's protection is somewhere between mostly harmless, and mildly annoying but useful. Here's more evidence along those lines:

"Why Eve and Mallory Love Android: An Analysis of Android SSL (In)Security"

...The most common approach to protect data during communication on the Android platform is to use the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols. To evaluate the state of SSL use in Android apps, we downloaded 13,500 popular free apps from Google’s Play Market and studied their properties with respect to the usage of SSL. In particular, we analyzed the apps’ vulnerabilities against Man-in-the-Middle (MITM) attacks due to the inadequate or incorrect use of SSL.

Some headlines, paraphrased:

  • 8.0% of the apps examined automatically contain SSL/TLS code that is potentially vulnerable to MITM attacks.
  • 41% of apps selected for manual audit exhibited various forms of SSL/TLS misuse that allowed us to successfully launch MITM attacks...
  • Half of users questioned were not able to correctly judge whether their browser session was protected by SSL/TLS or not.
  • 73.6% of apps could have used HTTPS instead of HTTP with minimal effort by adding a single character to the target URLs.
  • 17.28% accepted any hostname or any certificate!
  • 56% of banks "protected" by one generic banking app were breached by MITM attack.
  • One browser accepts any certificates...
  • One anti-virus product relied on SSL and not its own signature system, and was therefore vulnerable to being tricked into deleting itself :P

With numbers like these, we can pretty much conclude that SSL is unreliable in that domain - no real user can even come close to relying on its presence.

The essential cause of this is that the secure browsing architecture is too complicated to work. It relies on too many "and that guy has to do all this" exceptions. Worse, the Internet browsing paradigm requires that the system work flawlessly or not at all, which conundrum this paper perhaps reveals as: flawlessly hidden and probably not working either.

This is especially the case in mobile work, where fast time cycles and compact development contexts conspire to make security less of a leading requirement; Critics will complain that the app developers should fix their code, and SSL works fine when it is properly deployed. Sure, that's true but it consistently doesn't happen, the SSL architecture is at fault for its low rates of reliable deployment. If a security architecture cannot be reliably deployed in adverse circumstances such as mobile, why would you bother?

So where do we rate SSL? Mostly harmless, a tax on the Internet world, or a barrier to a better system?

Posted by iang at October 21, 2012 04:18 AM | TrackBack
Comments

I had recently pontificated on subject ... in my own post
http://www.garlic.com/~lynn/2012n.html#71

Because many of the security requirements were almost immediately violated in the way it was deployed and used ... we started referring to the associated SSL digital certificates as "*comfort certificates*" ... instead of providing security, they provided a feeling of comfort.

I would come down on the side that the vested business interests in the current status quo have helped act as barrier to introduction of more secure alternatives.

Posted by: Lynn Wheeler at October 21, 2012 10:08 AM

There are many, many vested interests in the status quo of SSL x.509 PKI:

1.) The companies that make money selling these certificates don't really want a more secure alternative to exist unless they can charge more for it .... the whole extended validation / green bar thing.
2.) Companies that make money selling commercial firewalls don't really want a more secure alternative to exist in mainstream use ....
http://www.computerworld.com/s/article/9224082/Trustwave_admits_issuing_man_in_the_middle_digital_certificate_Mozilla_debates_punishment
3.) Big business intelligence interests ....
4.) Big government intelligence interests .... this one's obvious.
5.) Organized criminal interests ....
http://www.computerworld.com/s/article/9232117/Cybercriminals_plot_massive_banking_Trojan_attack
6.) Businessmen/CIO types who already did their "due diligence," and just want to go on with their day without questioning it ....

... just to name a few.

Posted by: JustinL at October 28, 2012 05:57 PM
Post a comment









Remember personal info?






Hit preview to see your comment as it would be displayed.