What is the Digital Certificate "Chain Of Trust" and How Can it Be Exploited?

What is the digital certificate "Chain of Trust" and how can it be exploited?

The Chain of Trust established by Certificate Authorities (CAs) plays a crucial role in ensuring the security of online communications. However, this system is not without vulnerabilities, and attackers continually seek to exploit these weaknesses for malicious purposes. By understanding the structure of the Chain of Trust and the potential attack vectors, organizations can take proactive measures to protect against weaknesses in the Chain of Trust and maintain the integrity of their digital communications.

Let's dive into a review of how Chain of Trust works (and how organizations can protect themselves against certificate-based attacks that seek to circumvent the confidentiality and integrity of network communication security):

Firstly, What is a Certificate Authority (CA)?

A Certificate Authorities (CAs) are fundamental organizations that support the secure operation of global Internet communication and application security.

CAs serve as a trusted third party, tasked with issuing digital certificates such as SSL/TLS certificates and digital code signing certificates. SSL/TLS certificates are used to establish authenticated and encrypted connections between a website and a visitor, while digital code signing certificates ensure that the software you install is the original version published by the vendor. 

Root CAs vs. Intermediate CAs

Root CAs provide the certificates that act as the foundation for a certificate chain that eventually results in an authenticated HTTPS connection to a website. At the top of the Chain of Trust are Root Certificate Authorities (Root CAs). These are highly trusted global companies whose public certificates are pre-installed in operating systems and web browsers. 

Because of their critical role in internet security, root CAs are expected to maintain extremely high security standards to prevent compromise, however, there have been several notable compromises of root CAs in the past such as when the Dutch certificate authority DigiNotar was hacked and multiple breaches against COMODO in 2011 and 2019.

Intermediate Certificate Authorities (Intermediate CAs) act as a bridge between root CAs and those receiving certificates (such as website owners). Intermediate CAs are certified by root CAs, allowing them to issue certificates on behalf of the root CA. Intermediate CAs make the Chain of Trust more manageable and secure by isolating the root CA from direct exposure to the internet and distributing the risk.  This also allows certificates signed by intermediate CAs to be revoked (marked as untrusted) in the case of a breach of the intermediate CA without negatively impacting trust of the all certificates issued by a root CA.

Global vs. Internal Certificate Authorities (CAs)

Global CAs are entrusted entities recognized by browsers and operating systems. Their issued public certificates are embedded in web browsers, OSs,  and other software, allowing users to automatically trust websites and services that present certificates signed by these authorities. 

Beyond the global CAs, some organizations operate their own internal Certificate Authorities. This practice is particularly prevalent within larger organizations or those with stringent security requirements. An internal CA allows an organization to issue its own digital certificates for encrypting communication and authenticating devices within its local network and cloud resources. This self-managed approach offers several benefits, including cost savings on certificate issuance, tighter control over the security policies and procedures.

What Is The Chain Of Trust?

The "Chain of Trust" refers to the hierarchical relationship between Certificate Authorities (CAs), including root CAs, intermediate CAs, and website owners, and how this hierarchy is used to verify the authenticity of digital certificates. Understanding the Chain of Trust requires understanding this hierarchy of digital certificate signing.

Which Certificate Authorities Does A System Trust By Default?

Although each OS and mobile device trusts a slightly different number of root CAs, the total number is somewhere between one and two hundred.  For example, Apple publishes the list of trusted root CA certificates for iOS. 

Although this number is rather high, a recent study showed that there are only 6 CAs that have more than 1% market share of SSL/TLS certificates worldwide meaning that most trusted certificates could be removed from a device's trusted CA cache with minimal impact. In the case of marking a CA as untrusted in Firefox or Chrome, the browser will simply issue a warning when you attempt to connect allowing you to inspect the certificate authority. 

How Can Attackers Exploit the Chain Of Trust?

Like any security protocol, the Chain of Trust is not immune to attacks. Cyber attackers continuously seek vulnerabilities to circumvent security measures and exploit secure connections such as HTTPS. The most fundamental thing to know about breaking the Chain of Trust is that if an attacker can obtain a legitimate CA or website's domain certificate, they can intercept communications to steal sensitive data or directly launch cyber attacks against the client's device such as their web browser or other software accessing internet resources such as mobile apps. 

Here are some of the ways the Chain of Trust can be broken:

• Compromising Certificate Authorities: If an attacker can compromise a CA, either via cyberattack or a malicious insider, they can issue fraudulent certificates for any website's domain, effectively allowing them to impersonate any website. This could enable them to intercept, read, and modify encrypted data without detection. This could allow an attacker to directly steal sensitive data or launch attacks against the user's browser to compromise the device itself. 

• Hacking into Web Servers and Stealing Certificates: If attackers directly target web servers to steal SSL/TLS certificates along with their private keys, they can impersonate the compromised website, setting up identical, malicious sites that browsers will trust. This enables a range of attacks, including creating convincing phishing sites to steal sensitive data, and conducting Man-in-the-Middle (MitM) attacks without raising alarms.

• Adding Rouge Certificates to a Device or App: By adding the attacker's self-signed certificate to a device or apps trusted CA cache, they are able initiate Adversary in The Middle (AiTM) attacks against the victim and gain the ability to snoop on network communications and modify data in transit to initiate cyber attacks against the compromised device. Adding a rogue certificate could happen via physical access to a device, or by compromising known or zero-day vulnerabilities that give an attacker remote code execution on a device.

• Nation State Spying Programs: Some nation-state actors engage in sophisticated and covert spying programs to gather intelligence, and potentially disrupt operations of other entities. In some cases, nation-state threat actors may have access to certificates from CAs under the control of national security programs and network communications operated by an ISP.

• Exploiting Weak Cryptography: CAs issue certificates using cryptographic algorithms to ensure security. However, if a CA uses weak or outdated cryptographic standards, attackers might exploit these weaknesses to forge certificates or decrypt communications. Although this attack vector targets the technical underpinnings of the Chain of Trust, it is a reminder of the importance of adherence to strong, up-to-date cryptographic standards by all entities in the chain.

• Exploiting Vulnerabilities In SSL/TLS Implementation:  Improper implementation of Chain of Trust certificate verification [CWE-296] and more generally, improper certificate verification [CWE-295] are recognized as a potential software weakness and several CVEs have been issued regarding those weaknesses. For example, in 2021, CVE-2021-24012 was found in Fortinet's FortiGate network firewall that allowed any certificate issued by a trusted CA to be considered valid even if it was issued for another domain. In fact many other CWE-296 and CWE-205 vulnerabilities in common applications have been disclosed.

Protecting Your Organization Against Certificate Replacement

To safeguard attackers seeking to exploit the Chain of Trust, organizations and individuals can adopt several proactive measures. 

Below are some effective strategies to enhance protection against certificate replacement:

• Regularly Update OS and Software: Regular updates to the list of trusted CAs on browsers and devices ensure that only currently reputable CAs are trusted. This includes applying software and browser updates, which often include updates to the built-in list of trusted CAs. Also, regular updates makes it less likely that an attacker can exploit a known vulnerability in a system's software to install rouge certificates. 

• Remove Untrusted CAs: Regularly review the list of trusted CAs and promptly remove any that are found to be untrustworthy or have compromised security. This can involve conducting audits of CAs, evaluating their adherence to industry standards and best practices, and promptly revoking trust for any CA that fails to meet these criteria. Additionally, organizations should stay informed about any security incidents or breaches involving CAs and take appropriate action to remove trust for affected CAs. While Firefox makes this process of removing untrusted certificates very easy, some OS, such as iOS do not allow the user to remove the default trusted CAs.

• Using a Content Proxy to Inspect All Connections: Implementing a secure web gateway or content proxy that inspects and replaces SSL/TLS certificates with a custom organization certificate can significantly enhance security for high risk applications. If the proxy detects a suspicious or invalid certificate, it can block the connection, alert administrators, and prevent potential security breaches.

• Certificate Transparency Monitoring: Engage in Certificate Transparency (CT) monitoring. CT logs provide a publicly accessible record of all certificates issued by participating CAs. Monitoring these logs helps organizations quickly identify fraudulent or mistakenly issued certificates for their domains.

• Using A Content Proxy Custom Organization Certificate into Each Device's Trusted CA Cache:  Organizations can further secure their internal communications by issuing their own SSL/TLS certificates from an internal Certificate Authority. After creating a trusted organization CA, its root certificate should be installed into the trusted CA cache of each device within the organization. This approach ensures that only connections certified by the organization's CA are trusted, significantly reducing the risk of certificate replacement attacks within the internal network.

• Have Strong Physical Access Controls: Have Strong Physical Access Controls: Implement robust physical access controls to prevent unauthorized individuals from gaining physical access to servers, networking equipment, and other critical infrastructure where SSL/TLS certificates are stored or managed. Secure physical access controls may include surveillance systems, biometric authentication, on-premises physical security guards, and locked server rooms. By limiting physical access to sensitive equipment and facilities, organizations can reduce the risk of malicious actors tampering with SSL/TLS certificates or compromising security mechanisms.

Conclusion

The Chain of Trust relies on a hierarchical relationship between Root CAs, Intermediate CAs, and website owners to provide secure digital certificates. While Root CAs are highly trusted entities, their compromise poses significant risks to internet security. Intermediate CAs act as a bridge, enhancing security by isolating the root CA and distributing risk.

Attackers can exploit the Chain of Trust through various means, including compromising CAs, hacking into web servers to steal certificates, exploiting weak cryptography, and exploiting vulnerabilities in SSL/TLS implementations. These attacks can result in intercepted communications, data theft, and unauthorized access to sensitive information.

To mitigate these risks, organizations should implement proactive security measures, such as regularly updating CA lists, promptly removing untrusted CAs, using content proxies to inspect connections, monitoring Certificate Transparency logs, and issuing custom organization certificates for internal communications.