The discovery of a site that was using a fraudulent certificate, announced in a Google blog post last week, has subsequently resulted in the revocation of trust in Turkish certificate authority TurkTrust by most major browsers (Apple's Safari is the outlier at this time). Questions remain about whether the events surrounding improperly issued certifications were entirely accidental, or whether one Turkish government agency used a rogue "*.google.com" certification as part of an attempt to monitor employee Internet use.
But perhaps more important where future abuse of SSL certificates is concerned, the incident also suggests the Chrome browser is arguably more adept than the rest of the browser field in detecting inappropriately issued certificates.
Currently, security for most typical uses of the Internet rests squarely on the site certificate and certificate authority (CA) system. The existence of a properly signed (but fraudulently issued) "*.google.com" site certificate is cause for alarm because it enables fraudulent versions of Google's widely used search and Gmail services to create secure connections with unknowing users. The victimized user will not receive any indication that the supposedly secure connection isn't secure. The potential for damage, at least in theory, is broad.
The existence of a rogue intermediate certificate allows any malicious user with that certificate to create certificates that lend legitimacy to any forged site or, more commonly, enable man-in-the-middle attacks that intercept encrypted communications between the victim and the legitimate site they sought to use.
As Robert David Graham, CEO and founder of Atlanta-based Errata Security explained, "What matters is that if any CA screws up, everyone's SSL can be eavesdropped on. It doesn't matter that they are a Turkish CA."
An initial report by Google suggested that the Turkish CA breakdown was most likely a series of unintentional missteps by TurkTrust, but subsequent reporting by Reuters suggested something more deceptive might have been in play.
Reuters reported this past Thursday that "an agency of the Turkish government deployed a deceptive version of some Google webpages, possibly to monitor activity by its employees."
The agency that carried out the alleged eavesdropping was EGO, an Ankara public transit agency. According to a Google Online Security Blog post, "Late on December 24, Chrome detected and blocked an unauthorized digital certificate for the '*.google.com' domain. We investigated immediately and found the certificate was issued by an intermediate certificate authority linking back to TurkTrust … " EGO was presumably that intermediate certificate authority, though the blog post continued to say that TurkTrust claimed they had mistakenly issued two intermediate CA certificates to organizations that should have received regular SSL certificates. The second organization for which a certificate was issued was not named.
In an ongoing Google Groups discussion, a spokesperson from TurkTrust maintained that the issuance of the rogue certification deployed at EGO was the result of solving an internal monitoring glitch with a certificate that they didn't understand was a CA certification. EGO, TurkTrust said, "had first tried to use the internal CA on the firewall. The internal clients (obviously) had given [a]trust warning, so they had decided to export the trusted cert on the webmail server. They should, of course, have chosen to install trust for the internal CA into their clients in the domain."
Google became aware of the rogue certificate at EGO because someone within the organization's network used the Chrome browser to access a Google site. Chrome now employs a mechanism that notes which certificate was previously used to access the site in question. Chrome reports back to its parent company when a certificate not sanctioned by Google is used for the google.com domain.
As of Chromium 13, Gmail connections automatically use HTTPS (even if the user uses only HTTP) and "only a very small subset of CAs have the authority to vouch for Gmail (and the Google Accounts login page). This can protect against recent incidents where a CA has its authority abused, and generally protects against the proliferation of signing authority," a Google security document explained.
At present, no other major browser offers these protections. Robert David Graham said the TurkTrust incident suggested that more changes like these are needed. "The biggest [change] is for systems to remember the previous certificate used for a site, then notify users when it changes. That's essentially how Chrome detected the problem."