Print this article

Comment

January 2009

Working toward a more secure Internet

Want to send your credit card information over the secure Internet to purchase a favored bauble? Think about that one for a moment because there is a weakness in the Internet digital certificate infrastructure that allows attackers to forge certificates fully trusted by all commonly used web browsers, according to independent security researchers in California and researchers at the Centrum Wiskunde & Informatica (CWI) in the Netherlands, EPFL in Switzerland, and Eindhoven University of Technology (TU/e) in the Netherlands.

As a result, it is possible to impersonate secure web sites and e-mail servers and to perform virtually undetectable phishing attacks. After presenting their results at the 25C3 security congress in Berlin in late December, the experts hope to increase the adoption of more secure cryptographic standards on the Internet and increase the safety of the Internet.

When you visit a web site whose URL starts with “https,” a small padlock symbol appears in the browser window. This indicates a secure web site using a digital certificate issued by one of a few trusted Certification Authorities (CAs). To ensure the digital certificate is legit, the browser verifies its signature. Researchers found one of these algorithms, known as MD5, has a weakness.

“The major browsers and Internet players—such as Mozilla and Microsoft—have been contacted to inform them of our discovery and some have already taken action to better protect their users,” said Arjen Lenstra, head of EPFL’s Laboratory for Cryptologic Algorithms. “The only objective of our research was to stimulate better Internet security with adequate protocols that provide the necessary security.”

The researchers said their discovery shows no one can consider MD5 a secure cryptographic algorithm for use in digital signatures and certificates. Currently, certain certificate authorities still use MD5 to issue digital certificates for a large number of secure web sites. “Theoretically it has been possible to create a rogue CA since the publication of our stronger collision attack in 2007,” said Cryptanalyst Marc Stevens of CWI. “It’s imperative that browsers and CAs stop using MD5, and migrate to more robust alternatives such as SHA-2 and the upcoming SHA-3 standard,” Lenstra said.