14.6 Hacking PKI

The Windows 2003 Server security architecture supports Public Key Infrastructure (PKI). Although the weaknesses of PKI and smart cards have been well described and are not limited to Windows 2003 Server, Microsoft has touted PKI as key evidence that it is complying with its "Trustworthy Computing" promise. PKI provides a strong framework for authentication, but like any technology it is vulnerable to attackers . It is a mistake to think that PKI is a panacea. As always, it is important to combine PKI with other layers of defense in your security policy. In this section, we review some of the ways PKI can be defeated.

An example of a vulnerability in one implementation of PKI occurred in mid-March, 2001. VeriSign informed Microsoft that two VeriSign digital certificates had been compromised by social engineering and that they posed a spoofing vulnerability. In this case, VeriSign had issued code-signing digital certificates to an individual who fraudulently claimed to be a Microsoft employee. Because the certificates were issued with the name "Microsoft Corporation," an attacker would be able to sign executable content using keys that prove it to be from a trusted Microsoft source. For example, the patch you thought was signed by Microsoft could really be a virus signed with the hacker's fraudulent certificate.

Such certificates could also be used to sign ActiveX controls, Office macros, and other executable content. ActiveX controls and Office macros are particularly dangerous, since they can be delivered either though HTML-enabled email or directly through a web page. The scripts could cause harm without any intervention from the user , since a script can automatically open Word documents and ActiveX controls unless the user has implemented safeguards.

In situations like this, the bogus certificates should be have been placed immediately on a Certificate Revocation List (CRL). However, VeriSign's code-signing certificates did not specify a CRL Distribution Point (CDP), so a client would not be able to find and use the VeriSign CRL. As a result, Microsoft issued a patch that included a CRL containing the two certificates. In addition, the Microsoft patch allowed clients to use a CRL on the local machine, instead of a CDP. Note that the above exploit was VeriSign's fault, not Microsoft's.

Observers have pointed out other potential weaknesses in PKI. For example, Richard Forno has shown how incomplete PKI implementations can give online shoppers a false sense of security. According to Forno, while PKI ensures that the customer's initial transmission of information along the Internet is encrypted, the data may subsequently be decrypted and stored in clear text on the vendor's server. Thus, a hacker can bypass the strength of PKI if he can access the clear-text database. In fact, rogue employees could easily sniff the data as it travels on the wire from within the corporate network.

When implementing PKI, consider network security from a holistic perspective. Fred Cohen sketched a list of potential vulnerabilities in his seminal paper "50 Ways to Defeat PKI" (see Section 14.10). Most of these attacks involve basic social engineering, denial-of-service, or cryptographic weakness exploitation.