Certificate Transparency Part 2 — The bright side

This post is the second in a series of 3 technical posts about Certificate Transparency(CT). In the first post we introduced the concept of CT, please read it if you need an overview of CT, the post is available here.

We will be mentioning a bunch of technical words in this article, so if you are not familiar with terms such as PKI, SSL/TLS, Digital Certificates etc. we recommend that you start by reading the SANS/GIAC The Idiot’s Guide to Public Key Infrastructure

In this post, we will look at the bright side of Certificate Transparency and the problems it is trying to solve.

The problem Certificate Transparency is trying to solve

A Public Key Infrastructure (PKI) is a framework to enable secure communication among parties who may have not met before. PKI model relies on trusting third parties called Certificate Authorities(CAs). CAs are responsible for issuing digital certificates. SSL/TLS PKI relies on a hierarchical CA trust model, called the certification hierarchy.

http://www.win.tue.nl/hashclash/rogue-ca/

• Root CA sits at the top of the certificate hierarchy, root CAs are “self signed” . Most applications/devices come with a set of root certificates preloaded into their root store, which is essentially a database of approved CAs
• Intermediate CA is the first link in the chain of trust. Intermediate certificates are usually signed by the root certificate. If an intermediate CA gets compromised, certificates from other intermediate CAs would still be valid
• Users are anyone who wish to provide a service securely over the internet and need an SSL/TLS certificate

A key problem with the SSL/TLS PKI is the CA trust model itself. Internet users directly or indirectly trust hundreds of CAs and millions of certificates they issue. A few years ago, EFF SSL Observatory project did an Internet wide study on CAs and determined that the browsers trust roughly 1500 different CAs from roughly 650 different organisations.

Most modern web browsers trust thousands of CAs. If one of those trusted CAs gets compromised or make a mistake and issue a rogue certificate, it will undermine the security provided by the ecosystem of SSL/TLS PKI.

The security of SSL/TLS PKI ecosystem is only as strong as the practices of the least trustworthy/competent CA.

Another issue with the SSL/TLS ecosystem is that by default any CA can issue certificate for any domain without the domain owners knowledge. With hundreds of CAs issuing millions of certificates, it is extremely hard to keep track of any rogue certificates that gets issued.

Rogue certificates are valid certificates that are issued for a domain without domain owner’s knowledge. A rogue certificates is valid in the sense that their certificate hierarchy can be validated and they are accepted by clients as genuine. This makes it very hard to identify rogue certificates in the wild. An attacker can use rogue certificate issued for a domain to create illegitimate websites that are indistinguishable from real websites.

There have been multiple serious incidents where CAs have issued rogue certificates. CAs have been compromised, tricked into issuing rogue certificates and some CAs mistakenly did so.

Can Certificate Transparency deal with the rogue certificates?

Under CT, a CA has to publish, every SSL/TLS certificate they issue, to a public log. Details of the currently known CT Logs are available on CT project page. Anyone can look through these logs to find the SSL/TLS certificates issued for any given domain.

Domain owners can simply monitor the public CT Logs for certificates issued against the domains they manage and identify rogue certificates.

By providing a way to lookup all the SSL/TLS certificates issued, CT helps us in identifying rogue certificates in the wild and finding out which CA issued the rogue certificate. This allows Browser makers such as Google, Mozilla, etc. to take action against erring CAs.

How do I lookup certificates issued for my domain?

The easiest way to lookup certificates issued for your domain is to use search engines that collect the CT logs and let’s anyone search through them. Few of the popular ones are listed below -

1. https://crt.sh/
2. https://censys.io/
3. https://developers.facebook.com/tools/ct/
4. https://google.com/transparencyreport/https/ct/

Using crt.sh to search for certificates issued for a domain

The state of Certificate Transparency adoption

So far, CT has been positively received and its adoption is on an upswing.

• CA giants like Let’s encrypt, Digicert, Symantec, Comodo etc are listing the certificates they issue in public CT Logs.
• Major browsers like Mozilla Firefox and Google Chrome implements CT.
• Facebook not only advocates CT but also they released a Certificate Transparency Monitoring tool. Using this tool, you can search certificates issued for a domain and also get notified by email when new certificates are issued for a domain.

Facebook’s Certificate Transparency Monitoring tool subscription.

Chrome will make CT mandatory for all new certificates from April 2018. Chrome’s support for CT requires that CAs log all Extended-Validation(EV) SSL Certificates for the green address bar to appear in Chrome.

Chrome is also working on implementing a new HTTP header, expect-ct, which will allow server operators to test their configurations and certificates before CT is mandated.

Certificate Transparency — notable incidents

Certificate Transparency has helped uncover various incidents in the wild where CAs have violated rules, few notable cases are:

• The case of Symantec where Symantec CA was caught issuing an Extended Validation (EV) pre-certificate for the domains google.com and www.google.com. In response, Google announced that all Symantec certificates issued on or after June 1, 2016 would have to be logged to Certificate Transparency logs.
• In 2016, most major browsers have decided that WoSign and StartCom, have not maintained the high standards expected of CAs and started completely distrusting the certificates issued by these CAs. Google Chrome made a provision, where they trust the certificates by these CAs issued before October 21, 2016, if they comply with the Certificate Transparency in Chrome policy.

Conclusion

CT is a major step towards improving security in the SSL/TLS PKI ecosystem. It is a positive sign that CT is being adopted and implemented across the industry. If more and more CAs get behind CT, the more transparent and secure the whole SSL/TLS ecosystem becomes.

References

• https://www.certificate-transparency.org/
• https://scotthelme.co.uk/certificate-transparency-an-introduction/
• https://alexgaynor.net/2017/apr/17/certificate-transparency-for-server-operators/
• https://scotthelme.co.uk/a-new-security-header-expect-ct/
• https://www.eff.org/observatory

In the next post, we’ll take a look at the dark side of CT i.e. how attackers can leverage Certificate Transparency for gathering information about an organization infrastructure and attacking it.

Thank you for reading this article. If you enjoyed it please let us know by clicking that little heart icon below.

At Appsecco we provide advice, testing, training and insight around software and website security, especially anything that’s online, and its associated hosting infrastructure — Websites, e-commerce sites, online platforms, mobile technology, web-based services etc.

If something is accessible from the internet or a person’s computer we can help make sure it is safe and secure.