Rogue CA & TLS Impersonation

TL;DR

Yes, a website secured with TLS can be impersonated using a rogue certificate issued by a rogue Certificate Authority (CA), but it’s increasingly difficult. Modern browsers and operating systems maintain lists of trusted CAs. If a CA is compromised or malicious, they can issue certificates for any domain, allowing an attacker to intercept encrypted traffic. However, mechanisms like Certificate Transparency and HSTS help detect and prevent these attacks.

How TLS Works (Briefly)

TLS (Transport Layer Security) ensures secure communication between a browser and a website server. It relies on:

• Certificates: Digital documents that verify the identity of a website.
• Certificate Authorities (CAs): Trusted entities that issue these certificates.
• Trust Stores: Lists of trusted CAs built into browsers and operating systems.

The Rogue CA Attack

Here’s how a rogue CA can be used to impersonate a website:

1. Compromise or Malicious CA: An attacker either compromises an existing CA (e.g., through hacking) or creates their own, pretending to be legitimate.
2. Certificate Issuance: The rogue CA issues a certificate for the target website’s domain (e.g., www.example.com). This certificate is not authorized by the real owner of the domain.
3. Man-in-the-Middle Attack: The attacker intercepts traffic to the website.
4. Certificate Presentation: When a user connects to the website, the attacker presents the rogue certificate instead of the legitimate one.
5. Traffic Interception: If the browser trusts the rogue CA (because it’s in its trust store or hasn’t been revoked), it will accept the connection and allow the attacker to decrypt and potentially modify the traffic.

Why This Isn’t Easy Anymore

Several security measures make this attack harder than it used to be:

1. Trust Store Management

• Root Certificate Programs: Browsers and OS vendors carefully vet CAs before including them in their trust stores.
• Revocation Lists (CRL & OCSP): CAs maintain lists of revoked certificates, which browsers check to ensure a certificate hasn’t been compromised.

2. Certificate Transparency (CT)

CT is a public log of all TLS certificates issued by CAs.

1. Public Logging: When a CA issues a certificate, it must submit the details to CT logs.
2. Monitoring: Website owners and security researchers can monitor these logs for unauthorized certificates.
3. Browser Enforcement: Modern browsers require certificates to be logged in CT before they are trusted.

You can check a domain’s certificate history using tools like crt.sh.

3. HTTP Strict Transport Security (HSTS)

HSTS forces browsers to only connect to a website over HTTPS, preventing them from accepting insecure connections with rogue certificates.

• Server Configuration: Websites enable HSTS by sending an Strict-Transport-Security header.
• Browser Enforcement: Once a browser sees this header, it will automatically upgrade all HTTP requests to HTTPS and refuse to connect over insecure connections.

Example HSTS Header:

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload

4. Certificate Pinning

Certificate pinning allows an application to specify which certificates it trusts, rather than relying on the system trust store.

• Application Control: The app hardcodes or dynamically fetches expected certificate fingerprints.
• Enhanced Security: Even if a rogue CA issues a valid certificate, the app will reject it because it doesn’t match the pinned fingerprint.

Mitigation Steps

1. Monitor Certificate Transparency Logs: Regularly check CT logs for unauthorized certificates issued for your domains.
2. Implement HSTS: Enable HSTS on your web servers to prevent downgrade attacks.
3. Consider Certificate Pinning (for mobile apps): Implement certificate pinning in your mobile applications for increased security.
4. Stay Updated: Keep your browsers and operating systems updated with the latest root certificates and security patches.
5. Domain Validation: Ensure strong domain validation procedures are in place when requesting certificates from CAs.