Thursday, December 18, 2014

Economic Failures of HTTPS

Bruce Schneier points me to Assessing legal and technical solutions to secure HTTPS, a fascinating, must-read analysis of the (lack of) security on the Web from an economic rather than a technical perspective by Axel Arnbak and co-authors from Amsterdam and Delft universities. Do read the whole paper, but below the fold I provide some choice snippets.

Arnbak et al point out that users are forced to trust all Certificate Authorities (CAs):
A crucial technical property of the HTTPS authentication model is that any CA can sign certificates for any domain name. In other words, literally anyone can request a certificate for a Google domain at any CA anywhere in the world, even when Google itself has contracted one particular CA to sign its certificate.
Many CAs are untrustworthy on their face:
What’s particularly troubling is that a number of the trusted CAs are run by authoritarian governments, among other less trustworthy institutions. Their CAs can issue a certificate for any Web site in the world, which will be accepted as trustworthy by browsers of all Internet users.
The security practices of even leading CAs have proven to be inadequate:
three of the four market leaders got hacked in recent years and that some of the “security” features of these services do not really provide actual security.
Customers can't actually buy security, only the appearance of security:
Information asymmetry prevents buyers from knowing what CAs are really doing. Buyers are paying for the perception of security, a liability shield, and trust signals to third parties. None of these correlates verifiably with actual security. Given that CA security is largely unobservable, buyers’ demands for security do not necessarily translate into strong security incentives for CAs.
There's little incentive for CAs to invest in better security:
Negative externalities of the weakest-link security of the system exacerbate these incentive problems. The failure of a single CA impacts the whole ecosystem, not just that CA’s customers. All other things being equal, these interdependencies undermine the incentives of CAs to invest, as the security of their customers depends on the efforts of all other CAs.
They conclude:
Regardless of major cybersecurity incidents such as CA breaches, and even the Snowden revelations, a sense of urgency to secure HTTPS seems nonexistent. As it stands, major CAs continue business as usual. For the foreseeable future, a fundamentally flawed authentication model underlies an absolutely critical technology used every second of every day by every Internet user. On both sides of the Atlantic, one wonders what cybersecurity governance really is about.


David. said...

Ars Technica has two stories showing how Microsoft's failure to take even minimal precautions allowed outsiders to obtain HTTPS certificates for Microsoft Live domains. In one documented case it took Microsoft 4 years to respond. Security, its just not a priority.

David. said...

Here we go again. The China Internet Network Information Center (CNNIC), a certificate authority trusted by essentially all browsers, delegated authority to MCS, an intermediate authority based in Egypt, who went ahead and issued certificates for, among other domains, Google properties.

Browser vendors are rushing to revoke the certificates, except that so far there appears to be no comment to this effect from Microsoft.

This completely broken system is aptly described by Bruce Schneier's term "security theater".

David. said...

Google has decided to remove CNNIC as a root CA pending improvements to their process.

David. said...

Over this weekend, the certificate chain for Google's Gmail service broke because Google forgot to renew one of the intermediate certificates. The system is too complex and fragile for even the experts to maintain properly.

David. said...

I should have remembered and linked to this relevant post from 2013 discussing the possible application of LOCKSS-style sampled voting to certificate verification.