Improper Use of PKI

Introduction

Public-key cryptography is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic algorithms based on mathematical problems termed one-way functions. The security of public-key cryptography depends on keeping the private key secret; the public key can be openly distributed without compromising security. In a public-key encryption system, anyone with a public key can encrypt a message, yielding a ciphertext, but only those who know the corresponding private key can decrypt the ciphertext to obtain the original message.

PKI is a set of roles, policies, hardware, software and procedures needed to create, manage, distribute, use, store and revoke digital certificates and manage public-key encryption. PKI is mainly used to facilitate the secure electronic transfer of information for network activities.

SSL & PKI are inseparable

SSL, the Secure Sockets Layer, is the most popular means to create secure network connections. It’s widely used in Web browsers to secure potentially sensitive operations such as HTTP-based banking. Sins start to creep into SSL-based applications when they incorrectly choose security services offered by SSL. Many security algorithms, SSL included, provide three distinct and optional security services:

• Authentication (Server and/or client)
• Channel encryption
• Channel integrity checking

However, the big problem with SSL is that it uses PKI, and PKIs take a lot of work to get right.

Common Attack Vectors

Compromised private keys: If they are not adequately protected, they can be stolen or compromised by attackers. This can allow attackers to impersonate legitimate users or intercept and modify encrypted communications.

Weak encryption algorithms: If outdated or weak encryption algorithms are used, attackers can exploit known vulnerabilities in these algorithms to decrypt or modify encrypted communications.

Fake digital certificates: If attackers can create or obtain fake digital certificates, they can use them to impersonate legitimate users or organisations. This can allow attackers to intercept or modify communications without being detected.

Expired or revoked certificates: If digital certificates are not adequately managed, expired or revoked certificates may still be accepted by the system. Attackers can exploit this to gain unauthorised access or intercept communications.

Man-in-the-middle attacks: If attackers are able to intercept communications between two parties, they can potentially modify or inject their own messages into the conversation. This can be particularly effective if the communication is not properly authenticated or encrypted using PKI.

Phishing attacks: Attackers can use phishing attacks to trick users into giving up their private keys or other sensitive information. This can allow attackers to access the system or impersonate legitimate users.

Mitigation or Redemption

Ensure the guidelines below are followed about the certificate status and lifetime to avoid attacks.

• The certificate chains to a valid root CA.
• The certificate is within its validity period.
• The hostname is compared against the proper subfield in at least one of the DN fields or the X.509 v3 subjectAltName extension.
• The certificate key usage is correct: server authentication or client authentication.
• The certificate is not revoked.