- Google I/O 2013's Coolest Products and Services
- 10 Star Trek Technologies That are Almost Here
- 19 Generations of Computer Programmers
- 25 Must-Have Technologies for SMBs
Network World - Are you prepared to deal with a security incident involving digital-certificate fraud? You should be, because if it happens, it might well involve the need to replace thousands of digital certificates used for security by your organization in applications or for other purposes. Here's how to prepare for bad news and be ready to respond when criminals undermine the complex public-key infrastructure (PKI) ecosystem.
Digital certificates play an important part in security for most companies where they're used in myriad ways to establish proof of identity, whether that's for an individual, an organization, a server, software, or in e-commerce transactions. But whether issued by an external certificate authority (CA) or an internal CA operated by a corporation for its own benefit, digital certificates can be undermined by fraud due to compromised systems that could require replacing user and device certificates quickly.
IN THE NEWS: NASA's hot radiation mission
Fraud of all kinds in this regard has already occurred several times in the past few years. And in light of that, the National Institute of Standards and Technology (NIST) has put out a security bulletin with advice about "Preparing and Responding to Certification Authority Compromise and Fraudulent Certificate Issuance."
Here's how bad things happen to good certificates.
- Impersonation. The attacker impersonates someone else at a registration authority (RA), which acts as an intermediary between users and CAs, reviewing and approving certificate requests. The RA issues a certificate with someone else's name on it to the fraudster, who might forge a digital signature, for example.
- RA Compromise. The attacker infiltrates the RA and authorizes and issues fraudulent certificates by the CA.
- CA System Compromise. The CA system is attacked and the attacker can issue fraudulent certificates, also altering logs to try and cover up his tracks.
- CA Signing Key Compromise. Attacker gets hold of a CA signing key, perhaps by simply getting a copy of it, to sign fraudulent certificates and certificate revocation lists (CRLs) at will.
The point NIST makes in its bulletin is that CAs, whether external or an internal corporate CA issuing its own certificates for its own purposes, have to follow well-defined security practices to try and prevent compromise. But they also have to know how to respond to successful attacks.
Fraud prevention measures involve regular third-party audits and reviews, and they need to apply tracking and detection mechanisms to CA systems to detect any compromise as fast as possible. Importantly, they need to be organized to quickly communicate about possible certificate fraud in an appropriate way to all "relying parties."
A "relying party" could be an individual, or electronic systems that interact with the "subject," defined as the "person, organization, system, application, or device to which a certificate is issued and whose identifier is found in the certificate."