Can my school see exactly what I’m doing?

Question

My school requires us to install digicert global root CA and digicert sha2 secure server to access to the secure and guest WiFi onto our personal devices. Does this mean that the school can see the contents of personal emails (not on the given .edu account) as well as our exact history?

Once you click on the certificates, it lists:

algorithm (rsa encryption)
parameters (none)
public key size (2048)
public key data (a lot of numbers and letters), and
fingerprints

@SteffenUllrich The other question is asking about trusting a certificate for EAP/WPA2 Enterprise, necessary for secure WiFi. This is apparently asking about installing a root CA. — user71659, Oct 07 '18 at 18:02
@user71659: at the end in both questions the users are asked to trust the DigiCert SHA2 Secure Server CA. Given that this is an intermediate CA signed by DigiCert Global Root CA the client also needs to trust this root CA in order to create the trust chain. See [this list of DigiCert CA](https://www.digicert.com/digicert-root-certificates.htm) for more information. — Steffen Ullrich, Oct 07 '18 at 18:08
@SteffenUllrich No. There's different levels of trust so the risk is far different. When you trust a EAP certificate, the OS trusts it for the purpose of EAP authentication, often bound only to the specific WiFi SSID. That is, it only allows the login exchange with only those servers connected to that specific SSID. If you're on a Mac, open the cert up in Keychain, you can see the settings. Installing a root CA trusts the certificate for all purposes it claims to be used for, including code signing and TLS. This is far broader. — user71659, Oct 07 '18 at 18:13
@user71659: I don't see any mention of a specific OS in the question and I don't see that the question explicitly says that the CA should be installed to be trusted globally. Instead it says that these certificates should be (somehow - no specifics are given) installed in order to access the guest Wifi. Insofar it looks for me the same as the other one, i.e. install a CA certificate so that one can automatically trust the Wifi. It would probably useful if the OP could provide more detailed information what was exactly requested and which instructions were given. — Steffen Ullrich, Oct 07 '18 at 18:21
@SteffenUllrich Again, no. The issue with EAP/WPA2 is that, unlike public DNS, SSIDs are not unique (and thus there is no mapping between SSIDs and EAP servers). SSID "Corporate" could legitimately belong to server "aaa.example.com" or "eap.maliciousnetwork.com". Therefore a manual trust procedure always has to be used with the TLS variants of WPA2 to bind a server, and its certificates, to a SSID. This trust does not extend to other uses of the certificates, like HTTPS. In normal HTTPS, this binding done by matching DNS hostnames which are unique. I have no doubt they are different questions. — user71659, Oct 07 '18 at 18:28
@Mike: With this information added it looks for me still pretty much like [My school wifi asks to 'trust' a certificate on Iphone's, does it this allow them to view SSL traffic?](https://security.stackexchange.com/questions/178909/my-school-wifi-asks-to-trust-a-certificate-on-iphones-does-it-this-allow-the). Did you have a look at this question and its answers already? — Steffen Ullrich, Oct 07 '18 at 20:46
@SteffenUllrich i have looked at it and am still a bit confused, as I’ve been trying to research this but I honestly don’t understand much of it. In your link, it doesn’t mention installing a root ca, so I am unsure if they are the same. — Mike, Oct 07 '18 at 20:56
Wild suggestion here, you could just ask the school IT department/guy. — Daisetsu, Oct 08 '18 at 03:30

score 6 · Answer 1 · answered Oct 07 '18 at 17:45

You are not giving enough context. If they are just requiring that you have the default digicert global root certificate (that is pre-installed on most operating systems and web browsers), that isn't a problem.

That said, some network environments (typically workplaces with strict network policy) monitor network usage by using a man-in-the-middle attack on all HTTPS connections. You can test this by seeing if the HTTPS certificates fingerprints match well known ones.

E.g., visit https://www.grc.com/fingerprints.htm on your phone and then visit a domain, and check that the SHA1 fingerprints match. (In most browsers you can find the certificate information by clicking on the lock part of the URL and going through the menu to get certificate information).

Please note they can always observe which IP connections you are sending data with, all HTTP (not HTTPS) you are visiting, the server name (www.example.com) of HTTPS sites you visit (the server name identification standard allows this to be sent in plaintext).

For example, typical ubuntu installations come with DigiCert_Global_Root_CA.pem being trusted:

$ cat /etc/ssl/certs/DigiCert_Global_Root_CA.pem 
-----BEGIN CERTIFICATE-----
MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBh
MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
d3cuZGlnaWNlcnQuY29tMSAwHgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBD
QTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAwMDAwMDBaMGExCzAJBgNVBAYTAlVT
MRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j
b20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkqhkiG
9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsB
CSDMAZOnTjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97
nh6Vfe63SKMI2tavegw5BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt
43C/dxC//AH2hdmoRBBYMql1GNXRor5H4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7P
T19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y7vrTC0LUq7dBMtoM1O/4
gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQABo2MwYTAO
BgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbR
TLtm8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUw
DQYJKoZIhvcNAQEFBQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/Esr
hMAtudXH/vTBH1jLuG2cenTnmCmrEbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg
06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIttep3Sp+dWOIrWcBAI+0tKIJF
PnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886UAb3LujEV0ls
YSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk
CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=
-----END CERTIFICATE-----

which contains the information:

$ openssl x509 -text -in /etc/ssl/certs/DigiCert_Global_Root_CA.pem
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            08:3b:e0:56:90:42:46:b1:a1:75:6a:c9:59:91:c7:4a
    Signature Algorithm: sha1WithRSAEncryption
        Issuer: C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
        Validity
            Not Before: Nov 10 00:00:00 2006 GMT
            Not After : Nov 10 00:00:00 2031 GMT
        Subject: C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert Global Root CA
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (2048 bit)
                Modulus:
                    00:e2:3b:e1:11:72:de:a8:a4:d3:a3:57:aa:50:a2:
                    8f:0b:77:90:c9:a2:a5:ee:12:ce:96:5b:01:09:20:
                    cc:01:93:a7:4e:30:b7:53:f7:43:c4:69:00:57:9d:
                    e2:8d:22:dd:87:06:40:00:81:09:ce:ce:1b:83:bf:
                    df:cd:3b:71:46:e2:d6:66:c7:05:b3:76:27:16:8f:
                    7b:9e:1e:95:7d:ee:b7:48:a3:08:da:d6:af:7a:0c:
                    39:06:65:7f:4a:5d:1f:bc:17:f8:ab:be:ee:28:d7:
                    74:7f:7a:78:99:59:85:68:6e:5c:23:32:4b:bf:4e:
                    c0:e8:5a:6d:e3:70:bf:77:10:bf:fc:01:f6:85:d9:
                    a8:44:10:58:32:a9:75:18:d5:d1:a2:be:47:e2:27:
                    6a:f4:9a:33:f8:49:08:60:8b:d4:5f:b4:3a:84:bf:
                    a1:aa:4a:4c:7d:3e:cf:4f:5f:6c:76:5e:a0:4b:37:
                    91:9e:dc:22:e6:6d:ce:14:1a:8e:6a:cb:fe:cd:b3:
                    14:64:17:c7:5b:29:9e:32:bf:f2:ee:fa:d3:0b:42:
                    d4:ab:b7:41:32:da:0c:d4:ef:f8:81:d5:bb:8d:58:
                    3f:b5:1b:e8:49:28:a2:70:da:31:04:dd:f7:b2:16:
                    f2:4c:0a:4e:07:a8:ed:4a:3d:5e:b5:7f:a3:90:c3:
                    af:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Certificate Sign, CRL Sign
            X509v3 Basic Constraints: critical
                CA:TRUE
            X509v3 Subject Key Identifier: 
                03:DE:50:35:56:D1:4C:BB:66:F0:A3:E2:1B:1B:C3:97:B2:3D:D1:55
            X509v3 Authority Key Identifier: 
                keyid:03:DE:50:35:56:D1:4C:BB:66:F0:A3:E2:1B:1B:C3:97:B2:3D:D1:55

    Signature Algorithm: sha1WithRSAEncryption
         cb:9c:37:aa:48:13:12:0a:fa:dd:44:9c:4f:52:b0:f4:df:ae:
         04:f5:79:79:08:a3:24:18:fc:4b:2b:84:c0:2d:b9:d5:c7:fe:
         f4:c1:1f:58:cb:b8:6d:9c:7a:74:e7:98:29:ab:11:b5:e3:70:
         a0:a1:cd:4c:88:99:93:8c:91:70:e2:ab:0f:1c:be:93:a9:ff:
         63:d5:e4:07:60:d3:a3:bf:9d:5b:09:f1:d5:8e:e3:53:f4:8e:
         63:fa:3f:a7:db:b4:66:df:62:66:d6:d1:6e:41:8d:f2:2d:b5:
         ea:77:4a:9f:9d:58:e2:2b:59:c0:40:23:ed:2d:28:82:45:3e:
         79:54:92:26:98:e0:80:48:a8:37:ef:f0:d6:79:60:16:de:ac:
         e8:0e:cd:6e:ac:44:17:38:2f:49:da:e1:45:3e:2a:b9:36:53:
         cf:3a:50:06:f7:2e:e8:c4:57:49:6c:61:21:18:d5:04:ad:78:
         3c:2c:3a:80:6b:a7:eb:af:15:14:e9:d8:89:c1:b9:38:6c:e2:
         91:6c:8a:ff:64:b9:77:25:57:30:c0:1b:24:a3:e1:dc:e9:df:
         47:7c:b5:b4:24:08:05:30:ec:2d:bd:0b:bf:45:bf:50:b9:a9:
         f3:eb:98:01:12:ad:c8:88:c6:98:34:5f:8d:0a:3c:c6:e9:d5:
         95:95:6d:de

There should be no problem if they require you to have this certificate installed; e.g., Mozilla trusts it by default. It would be a problem if they require you to install and trust a different certificate by the same name. That said I am unfamiliar with the certificate going by the name "digicert sha2 secure server". Is the fingerprint of that certificate listed in the certificates trusted by Mozilla?

*"I am unfamiliar with the certificate going by the name "digicert sha2 secure server"* - this is a intermediate certificate signed by DigiCert Global Root CA. See [this list of DigiCert CA](https://www.digicert.com/digicert-root-certificates.htm) for more information. — Steffen Ullrich, Oct 07 '18 at 18:10
Assuming the certificates content matches the names (check fingerprints), then this is fine. Unless DigiCert is being very sketchy (in easily checkable ways that would put them out of business if found out), these certificates were issued by a trusted certificate authority (that most OSes and browsers trust). Trusting the intermediate certificate is not different from a trust standpoint than directly trusting the root that signed it; except by trusting it directly you avoid trusting a SHA1 algorithm (which is broken against collision attacks so should be avoided in certificates). — dr jimbob, Oct 07 '18 at 18:46
*"...than directly trusting the root that signed it; except by trusting it directly you avoid trusting a SHA1 algorithm ..."* - The SHA1 signature on the root certificate is irrelevant. See [Why is it fine for Certificates above the end-entity certificate to be SHA1 based?](https://security.stackexchange.com/questions/91913/why-is-it-fine-for-certificates-above-the-end-entity-certificate-to-be-sha1-base) — Steffen Ullrich, Oct 07 '18 at 18:54
It seems strange they would require him to install a legitimate intermediate certificate. I can't think of a reason. Any ideas? — Daisetsu, Oct 07 '18 at 18:58
@Daisetsu: my guess is that it is only used for WiFi authentication like with EAP-TLS, see [My school wifi asks to 'trust' a certificate on Iphone's, does it this allow them to view SSL traffic?](https://security.stackexchange.com/questions/178909/my-school-wifi-asks-to-trust-a-certificate-on-iphones-does-it-this-allow-the) — Steffen Ullrich, Oct 07 '18 at 19:06
@dr jimbob I included more information, Let me know if more is needed — Mike, Oct 07 '18 at 20:18
Why must everything Steve Gibson writes on his website be presented in those ridiculously long pages with random colors and other formatting? I felt like I was reading the old Time Cube website. — Kevin, Oct 07 '18 at 21:17
@Mike - your screenshot doesn't give the info of what you are asked to trust. The certificate names (and expiration dates) correspond with common root certificates that most trust. But anyone can create a fake root certificate that copies the name/date from another certificate and ask a device to trust it. You need to check the crypto fingerprint (e.g., SHA1) of the certificates you were asked to trust on your devices and if it matches published values (checked off school's network). I wouldn't expect a school to issue fake DigiCert certificates, but a rogue employee could have. — dr jimbob, Oct 09 '18 at 09:01
@SteffenUllrich - Yeah, that was my mistake. SHA1 should be avoided in certificates signatures (vulnerable to practical collision attacks), but for (root or intermediate) certificates you trust directly, the signature is meaningless. — dr jimbob, Oct 09 '18 at 17:44
@dr jimbob the sha1 fingerprint match up on all the websites I’ve visited. What does this mean? — Mike, Oct 11 '18 at 00:12
@Mike -- Great news! They asked you to trust a root (and intermediate certificate) that most operating systems and web browsers intrinsically trust. They can't intercept your traffic and you have full end-to-end security with HTTPS. — dr jimbob, Oct 11 '18 at 02:15
@dr Jimbob very last question, sorry I’m not very tech savvy. Given that the SHA1 fingerprints match up,could my school see what I downloaded as attachments from an email I sent to myself on a personal device to myself? — Mike, Oct 11 '18 at 15:45
@Mike - Assuming you are not using school email services (e.g., if you use `@school.edu` mail servers managed by the school's IT department, nefarious admins *could* fully read/modify your email) or checking your mail through insecure protocols (e.g., HTTP without HTTPS, SMTP on port 25 / POP3 on port 110 without SSL/TLS, etc.), then the school can't secretly eavesdrop the *content* of your communication. They can record IP addresses you are transferring data with (including server names with SNI on HTTPS), as well as metadata (when you transferred data, how much data was transferred, etc.) — dr jimbob, Oct 12 '18 at 04:47

Daisetsu · Answer 2 · 2018-10-07T19:15:21.053

Edit: Looks like I wasn't right on this one. If the certificate is legit, then it is probably used for RADIUS auth. It's great to learn new stuff, that's why I'm on here. Thanks Steffen

It's likely they are running a TLS interceptor. This means when you try to make a secure connection (https), the school responds with a fake certificate, which is then validated by the root CA they had you install.

This simply means secure connections are between you and the school, and then they make a second secure connection to wherever you were Initially trying to connect to.

The end result of this is they can see anything passed over a https "secure" connection.

You can conform this by going to a https we site, then checking what certificate was presented (look in the URL bar for a lock or shield icon for certificate information). If the certificate presented has a chain of trust which ends with the cert they had you install you're being intercepted.

This does not mean they have access to your files on your computer, it just means they are snooping on your SSL/TLS connections.

Given that these are publicly trusted CA certificates it is very very unlikely that these will be used for TLS interception. If a public CA would provide certificates for such a reason they would be very likely removed or blocked by the browsers - as happened in the past. It is more likely that these certificates are needed for trusting the certificate of the WiFi (Enterprise WPA2 with EAP-TLS or similar). — Steffen Ullrich, Oct 07 '18 at 17:52

score -2 · Answer 3 · edited Oct 07 '18 at 19:51

-2

If they want to then sure, all they have to do is track where incoming and outgoing data is going. Routers have a private and public IP the public IP is what anything outside of your network sees (You can find your public IP by typing "What's my IP" in Google) while the private IP is an address your computer is assigned so your data is sent to you and not the wrong person on the same network.

So in theory all they have to do is use a program that logs all data packets on their network then they just get your MAC address from the computer and match it to the logs.

So in short anything on someones network that's not protected by a VPN can and probably will be viewed at some point.

edited Oct 07 '18 at 19:51

schroeder

123,438
55
284
319

answered Oct 07 '18 at 17:57

EvilBmo

47
8

2

that's not correct. Traffic encrypted via TLS in a normal situation wouldn't be viewable other than the public IP you are communicating with. Even DNS traffic can be encrypted. The issue is this root CA allows them to potentially read the TLS connections. – Daisetsu Oct 07 '18 at 18:53
1

Are you saying that if I use Gmail (which uses TLS), then the school would see the contents of the emails anyway? If this is what you are saying, then this is dead wrong. Yes, they will see that I'm using Gmail, but that's not the question. You also do not address anything to do with the certs. – schroeder Oct 07 '18 at 19:57

Can my school see exactly what I’m doing?

3 Answers3