Circumventing The Single Point of Failure – Goals in Authentication

Shimrit Tzur-David | May 24, 2018

Securing our online communications has always been an ongoing task, one that has to stay in-synch with our ever-expanding communication technology.

For years, the basis of this security has been Secure Sockets Layer (SSL) cryptography, now in its more updated version of Transport Layer Security (TLS).

These protocols work by generating keys for every connection made between parties (say, your internet browser and email account) communicating on the Web. A negotiation at the start of any session called a digital “handshake” allows the two parties to create a unique cipher that only the parties themselves can understand. This prevents any of the communications zooming through cyberspace to be intelligible if intercepted by a third actor.

 

It’s All about Trust

What allows this initial exchange between destination and client to occur is the presenting of a digital certificate by the server hosting to the requested site. Providing this certificate is essential, as it verifies the identity of the server to the client approaching it. Trusted third party certificate authorities, or CAs, are used to “sign” these digital documents. Once the client is provided with this authentication, the encrypted data sharing can commence.

For a long time this system worked fairly well.

SSL/TSL provided extremely robust encryption for users to communicate, while big industry names in certificate authentication such as GeoTrust, Thawte, and Digicert, established the element of trust by allowing parties to reliably identify each other before exchanging data.

 

The Vulnerabilities Emerge

Over the past few years, the industry has had to contend with the growing threats to certificate-based authentication.

Number one on this list was the vulnerability of certificate authorities themselves.

CAs have long been suspected of being a potential weak point in conventional authentication. This suspicion was given even more credibility in 2013 following the famous intelligence leaks of US intelligence contractor Edward Snowden. Some of the most important revelations of the leaks were the methods allegedly developed by several Western intelligence agencies to breach communications companies that provide digital certificates. These findings demonstrated the compromising of CAs to be a real and tangible risk. Recently, this risk has been further highlighted by researchers who’ve accessed the danger of criminal and state actors targeting CAs in hacking campaigns. Gaining illicit access to these companies and manipulating their keys and certificates would give hackers the means to execute Man in the Middle (MITM) attacks on the parties that use them, essentially allowing attackers to eavesdrop on all their shared communications.

Fraudulent certificates have also proven to be a concern. Industry leaders have increasingly been warning about malicious actors being granted certificates from trusted CAs, typically made possible by weak security practices on the part of those companies.

And of course there’s the human factor.

The huge vulnerability posed by certificate compromise was brought to the fore two months ago when it became known that tens of thousands of private keys were transmitted via unencrypted channels. In February, the CEO of Trustico, a UK-based reseller of TLS certificates, sent an email to an executive of the CA company DigiCert, . The report produced a collective gasp within the cybersecurity industry, as it demonstrated a shockingly cavalier treatment of digital certificates that form one of the foundations of the very integrity of the internet.

Ultimately, the incident only reinforced the main point relating to the risks of the digital certificate. Relying on a means of authenticating parties that can be forged, intercepted, and–with increasing ease–potentially stolen, opens up a slew of vulnerabilities the industry cannot fully control. These dangers, in turn, demonstrate the single point of failure systemic of certificate-based authentication, a weakness to which the world of IT is becoming painfully aware.

 

Circumventing the Threat

To bypass the inherent threat of digital certificates for authentication purposes which forms the current transport layer security (TLS), a paradigm shift must occur, verification could rely on algorithms that do not rely on certificates but are mathematically unbreakable using randomization of shares and multiple routes to ensure it can not be reconstructed obtaining any of the shares by a man-in-the-middle attack (MITM).

A good example of such authentication cryptography is Secret Sharing originally used to prevent the accidental or malicious launch of nuclear weapons; the algorithm takes authentication data and through randomization, computes different numbers, or shares, that only together define the secret/data. Keystroke theft, enrollment eavesdropping, and other MITM attacks yield insufficient information for any successful attack.

“Shamir Secret Sharing is indeed one of the most powerful and tested mathematical models used in cryptography today. Its power lies in its ability to secure a secret in a distributed way while requiring a threshold to unlock the secret” Raluca Ada Popa
Founder And Chief Technology Officer

Secret Sharing Scheme - Secret Double Octopus