SSL protocol: Who should we trust?

As the security attack on a trusted third-party Comodo earlier this year showed, the third-party is also unreliable. Now, researchers are developing new trust models that are hard to crack for SSL.

A team at Carnegie Mellon University proposed a "Perspectives ). Moxie Marlinspike, a laboratory researcher dedicated to privacy, anonymity, and computer security, proposed "Convergence ).

Their proposed scheme is similar to transferring SSL-protected web service identity recognition from the browser and credential authentication center to a new entity called notaries.

In the past, when a browser wanted to establish an SSL process with a server, it required the server to have an SSL certificate. The browser verifies the identity of the certificate by checking whether the server has the certificate signed by the top Certificate Management Center trusted by the browser. In fact, the browser may directly rely on other certificate authentication centers guaranteed by the top Certificate Management Center.

This leads to a chain of trust from the top Certificate Management Center to their trust authentication center.

If any part of the trust chain is damaged, attackers can obtain fake certificates for the website. These illegal certificates are used to trick browsers into trusting them and establish communications between browsers and servers for man-in-the-middle attacks.

The above is the case where Comodo was cracked. In that attack, one of its trusted partners issued nine telephone certificates.

The "Perspectives" and "Convergence" schemes are adopted, instead of relying on the certificate authentication center and the highest Certificate Management Center released together with the browser, to trust a notaries, notaries periodically check and record what certificate the Web server displays on the server.

When a browser receives a certificate from a server, it does not need to confirm that the certificate is associated with a top Certificate Management Center. Instead, it asks a notaries whether the certificate matches the certificate regularly published on this server over the past period. If it matches, it indicates that it is the legal certificate of the website.

David Anderson, associate professor of computer science at Carnegie Mellon University and project leader of "Perspectives", said the trust model does not depend on a small credential verification center. He said, don't put all the eggs in a basket. We manage all "Perspectives" notaries. Therefore, you will eventually trust us.

Anderson hopes that in the fully deployed architecture, large companies such as Google, Microsoft, Yahoo, Verizon, and small companies and individuals will create notaries. Notaries can share the data they collect. As long as they agree, that website is good. You can trust the accumulated results. You can obtain statistics and probabilistic verification of a certificate identity.

Marlinspike said that this architecture provides end users with the flexibility to trust, that is, to broadcast their initial trust in a website to others at any time. Based on the current system, this pre-determined trust is locked in the browser and credential authentication center and cannot be revoked.

Marlinspike's "Convergence" Architecture creates a notaries for broadcasting, so that no notaries will know who is asking to verify the identity of a specified certificate and what website the certificate will be sent.

This broadcast function provides a good level of privacy. Notaries B can only see notaries A, so it cannot see any customers asking what websites. Similarly, notaries A can only see the customer's request, but not the website on which he is asking.

Anderson said that "Perspectives" currently only provides services for 30 thousand users. Most users perform SSL Certificate checks on the Internet. To replace the current SSL authentication system, a global network with hundreds of notaries is required to connect to the DNS server network. However, they can only execute simple tasks, and the number of servers is not enough.

Taher Elgamal, Axway CTO and one of the SSL creators, acknowledges that identity recognition is a weakness in SSL applications. When creating SSL, identity recognition is not the main focus. However, the notaries system is an improved way to exclusively represent trusted third-party creden Certification centers.

'Trust needs to be done well and some things need to be changed, 'guemore said. I need to build a community to say whether this is trustworthy. Because the notaries model requires global infrastructure deployment, actual implementation is a major project. This project is very large and can only be completed in 16 years.