The Latin for 'trust no one!'
Ceci n'est pas une clef....(Or: when is a key not a key?)
As a mathematician and cryptographer, I was always considerably better at numbers than languages.
Where words are required, plain English tends to serve my purposes just fine, but a single phrase in Latin has stuck with me ever since I first heard it ‘Quis custodet ipsos custodies?' or ‘Who will guard the guards?'
It's a concept that strikes right at the heart of the received wisdom about how internet security does and should work, namely that the whole danger thing has to be based on the notion of a security certificate that somehow ‘guards' the security of everything that is signed by it. The question, from the Latin, is thus an obvious and immediate one: who ‘guards' the integrity of the certificate itself?
I'm sure you can see where I'm going with this. The idea of the ‘Trusted Authority' (TA), which is exactly what security certificates are meant to represent, has been repeatedly shot full of holes. The most notorious example in recent memory was the fake signing of DigiNotar certificates by Iranian hackers – a chilling incident that left us all that little bit more paranoid.
The problem is coming home to roost elsewhere too - as I write, Adobe has announced that it has been subject to a significant security breach, including a compromised build server resulting in at least one valid Adobe code signing certificate being used to sign malware.
As a result, the software company will be revoking the impacted certificate for all code signed after the hack occurred and issuing updated versions of the software. It's a mess, and an antiquated mess at that.
Think of it in terms of an airport (I spend a lot of time in airports, it goes with the job.) If you want to get on a plane, you have to show your identity and boarding pass several times at several different stages to several different ‘gatekeepers', often combined with a check against the passenger list.
No airport – at least, not one that takes security seriously – lets you flash your Dieu et mon Droit (or, in my case, my E Pluribus Unum – wow, Latin again!) just once at the check-in desk and then gives you the run of the gate.
Yet incredibly, the security model that most of the internet still relies on works just this way. Allegorically, the lady at the check-in desk is the TA and if you're okay by her, you're okay by everyone else.
She's assured them you won't get up to any nonsense on your way from the check-in desk to the De Havilland crate that is waiting on the tarmac, with its complimentary cigarette-dispensing hostess smiling at the foot of the boarding steps. Oh yes, people, this approach to security is that tame and that outdated.
The underlying vulnerability is this: PKI and certificates rely on the vendor having the root key to their own signing system. Well, pardon me already, but this isn't sounding good, is it? Let's use a film analogy: remember that scene in Trainspotting where Renton barricades himself into a room to come off heroin by nailing planks across the door? And then, when he wants a fix, he uses the same hammer to claw the planks off the door and get out of the room? Exactly.
In more net-savvy (and slightly more lewd) terms, it's the equivalent of someone setting their own password to stop themselves from looking at risqué web pages – self-defeating and completely ineffective. To make matters worse, root private keys in the PKI system exist in one place only, so once you've got it, well, you've got all of it.
Tolkien (literature analogy, this time) knew the inherent danger of this approach – ‘One ring to rule them all', and so forth.
It is to film, once again, that I will turn for my last analogy, and a solution to the shortcomings of PKI and certificates. Remember those classic Cold War or science fiction-type movies, where three guys all have to insert their keys simultaneously in order to fire the weapon? Well, this is less theatrical and more realistic than you might imagine.
Indeed, if you can split the master secret into three physically separate parts, distributed across different nodes or servers, then you can address the inherent vulnerability of the root key being kept, in its entirety, in one place. No complete root key, no ability to subvert the certificate, no possibility of establishing a phoney Trusted Authority.
Brian Spector is CEO of CertiVox