Who Is In Control Of TLS?

IT security is not very hard at all. Provided, you only consider one security issue to the exclusion of all other concerns. What makes security so difficult is the need to address more than one security issue at once and to balance security concerns with the need to get the job done.

For two decades, the nuclear launch code for Minuteman nuclear missiles was 00000000. Concerned by the threat of an accidental or unauthorized launch, President Kennedy had signed an order requiring every missile to be fitted with a Permissive Action Link requiring the code be provided before launch. Strategic Air Command dragged its feet on implementation, and after being forced to fit the devices by Defense Secretary Robert McNamara, set the launch code to all zeros the minute he left office. SAC understood McNamara’s concern about an unauthorized launch, but their first, last and only priority was to make sure that the missiles were launched if the order was given.

Transport Layer Security (TLS), the cryptographic infrastructure that secures web commerce is caught in a similar tug of war. TLS was originally developed by Netscape Communications Corporation to ‘make online commerce as safe as using a credit card in a bricks and mortar store.’ The name was changed from SSL to TLS when specification was passed to the IETF where SSL 3.0 was adopted as TLS 1.0.

The confidentiality provided by TLS encryption is, of course, a very good and useful feature, but confidentiality isn’t the main security benefit TLS is designed to deliver. Imagine for a moment that instead of buying your food in the supermarket as you would usually do, you could drive off to a shed in the middle of the wilderness where you pay the masked shopkeeper in cash, and he places your groceries in the trunk of your car without anyone seeing. You have perfect secrecy: nobody knows what you have bought or from whom, but this isn’t a secure transaction because neither do you.

Making communications secure is not the same as making transactions secure. Entering a bricks and mortar store in person tells you a lot about the business. If the store is large, the owners will need a large sales volume to make it profitable. If the fixtures and fittings are new, the owners had capital available when they refurbished. Each of these observations provides you with evidence of the value the shopkeeper places on their reputation. A shopkeeper who has invested in establishing a reputation is most likely to want to keep it by being honest and accepting return of defective or even unwanted goods. A shopkeeper that doesn’t seem to care about their reputation is more likely to sell defective or counterfeit goods.

While confidentiality is useful, the design goal of TLS was to make online transactions at least as safe for the customer as traditional bricks and mortar purchases by establishing accountability. This was the primary function of what is now known as the ‘WebPKI,’ the system of digital certificates that allow online merchants to establish their identity and thus be held accountable to their reputation.

If use of the web had been limited to online shopping, the difference between the actual and the perceived design goals of TLS would be interesting but inconsequential. The system as designed works well for its intended purpose. But use of the web is not limited to online shopping, and use of TLS is not limited to the web. 25 years after the release of PGP, the only cryptographic applications that are widely and ubiquitously used on the internet are TLS and its close relative, SSH.

When all you have is a hammer, everything looks like a nail. TLS is actually a screwdriver, but it serves well enough as a hammer that everything still looks like a nail.

Why is this a problem? Well, consider what happened when internet criminals started to use online ads as a means of distributing malware. You have probably seen the ads telling you that your computer is running slow because of some problem. If you click on the link and download the ‘free cure’ you are almost certain to find your machine running slower afterwards because you just infected it with something nasty.

Today, there is absolutely no dispute in the ‘anti-virus’ world that malware-advertising is just another distribution vector. But that wasn’t the case when the problem first appeared. Users were told that malware they agreed to install wasn’t a virus and thus not a problem that anti-virus scanners could or even should address. It was agreed that this was a problem, but it wasn’t a problem the AV vendors knew how to address, and that meant it wasn’t a problem they were willing to accept as their problem.

Information security is easy if you only recognize one problem to the exclusion of all others. And one consequence of the current push for ‘encryption everywhere’ is that computer users are increasingly secure in the knowledge that their web traffic is increasingly opaque to their ISP and even other applications running on the same machine.

Including the programs that AV providers use to detect and block malware-advertising attacks.

Confidentiality is an important security concern, mass-surveillance represents a serious threat to democracy and civil society. But if we pursue those goals to the exclusion of all others, then pretty soon the users are going to be finding that they have lost all the pictures they took of their children when they were five, unless they pay $1,000 in Bitcoin to a Russian hacker mob.

Ransomware is unique in being the only internet crime that isn’t easily avoided, and nobody is required to make the user whole. The only effective protection against malware advertising is to block the advertising networks that accept adverts from the criminal gangs.

About Phillip Hallam Baker
Hallam BakerHallam-Baker is a Computer Scientist, Renowned for his Contributions to Internet Security, since the design of HTTP at CERN in 1992. He is currently VP and Principal Scientist at Comodo.