2

I heard once from someone I trust, that the French governement is about to buy and certify a software to put on tap an internet line even for HTTPS connection. I don't really care about the legal issues it brings because this product will be use anyway by law enforcment, but I'm quite interested in how it is possible.

In the case of HTTPS for example how a software on the provider level can decrypt your connection between you and a server without breaking some security of the HTTPS protocol like the fact that the certificate used for this connection is not valid? Or having no more HTTPS connection to any website (something I will notice for sure and any cautious person would to).

Did you ever heard of such a software or appliance (I don't know how it works at all)? And if you do so, do you know how it works ?


Edit 1: Well maybe some of you misunderstand my question, I'm not asking if the MITM is possible with SSL or not because I know it is, as long as you manage one of the trust authority, which can be the case in a company for several reasons (I work on that once).
The point here is to put you Internet line on tap and being able to read any information you receive. This is not a problem on http/ftp/and other not encrypted protocol

But my question is more on the encrypted protocol with trust authority like SSL/TLS and the ISP point of view, is it doable or not? ISP do not own trust authority in most case and they can't fake every certificate on the fly.

In my understanding of the SSL protocol that would mean to also hack into the tapped computer to add to it a fake trust authority, but that doesn't sound either legal nor realistic with the multiplication of device.
Again the person who told me that is someone I trust and I'm really curious about the truth of that statement.

One idea for example:
the ISP setting a DNS Poisonning on the internet line to redirect any trust authority request to it's own authority , does it sounds possible to you ?


PS: I'm not working for anything I don't support those kind of solution but I'm really curious about how it's even possible.

Gilles 'SO- stop being evil'
  • 50,912
  • 13
  • 120
  • 179
Kiwy
  • 323
  • 1
  • 13
  • @Xander No: that question does not address the case of a government-level attacker, or more precisely an attacker in control of a trusted CA. – Gilles 'SO- stop being evil' Jan 06 '14 at 21:11
  • You should read this question which you nearly made a carbon copy of: http://security.stackexchange.com/a/8309/9792 – dan Jan 06 '14 at 21:17
  • @danielAzuelos No, the ISP cannot MITM that way. It takes a trusted CA, which most ISPs don't have. – Gilles 'SO- stop being evil' Jan 06 '14 at 21:29
  • 1
    There are many legitimate intermediates which can manage a technical proxy of any `https` trafic. Most notably, one which is often forgotten is your ISP. It can redirect your: `https://www.google.com` onto `192.168.8.8` and there have installed a valid certificate which is automagically signed by one of the legitimate CA embedded within all the Internet Explorer of the world. From there the traffic is clear and crypted again to finish the proxying process. – dan Jan 06 '14 at 21:34
  • Well the question I'm asking is not the same. I know that you can act as a trust authority and proxy, but for this you need to add the trust authority to the computer connecting to it. I already put that in place in my company and I know that it is easy. I am here talking about ISP tapping your internet line without being able to notice it. because in the case of a https man in te middle, all the connection your attempting end in the same trust authority which is not the case in real life – Kiwy Jan 06 '14 at 22:36
  • 1
    In many countries, government agencies have the legal right to ask their country certificates sellers to sign whichever certificate name they request. In much less countries, they don't even need a warant to justify such an investigation on legal https analysis. – dan Jan 07 '14 at 07:49
  • Looking at your comments, I think you're right. Your question isn't a duplicate of that question. It's actually duplicate of this one http://security.stackexchange.com/questions/20803/how-does-ssl-work – Adi Jan 07 '14 at 09:13
  • Are you kiding me I'm not asking how SSL working I know how it works I want to know what are the capabilities of an ISP to read all the internet traffic even crypted of an internet line – Kiwy Jan 07 '14 at 09:16
  • @Adnan This issue is kinda addressed in answers on http://security.stackexchange.com/questions/20803/how-does-ssl-work, but this is like saying every question ever is a duplicate of Wikipedia+rfc-editor.org+owasp.org. This question doesn't have an actual duplicate that I can find. – Gilles 'SO- stop being evil' Jan 07 '14 at 14:57

2 Answers2

8

There are organizations that have "legitimate" reasons to tap your encrypted communications. Your workplace, for example, might record your internet traffic to make sure you aren't using the company computers for illegal activities. Or they may be providing malware filtering services. They can tap https traffic by using a proxy that injects itself as a man-in-the-middle. The workplace computers are first given a trusted root certificate issued by the proxy (on a Windows network, these are often pushed via Group Policy.) When your browser attempts to connect to https://www.google.com, the proxy creates a new certificate that authenticates your connection to the proxy, and sends it back to your browser. Because it's signed by the trusted root, your browser accepts the connection. The proxy then establishes an https connection with google on your behalf, and sends the communications through the proxy, logged and filtered as the company requires.

BlueCoat (now owned by Symantec) makes such a product, if you're interested.

This won't simply work if the client doesn't trust the MITM proxy. The client will get "invalid certificate" warnings about every encrypted site they attempt to connect to. Some people will simply check the box and surf anyway, unaware that they have been attacked.

You can also test this out for yourself using BurpSuite (the free edition can do this.) Configure BurpSuite to proxy https sites, use it to generate your own certificate, and then configure your browser to use Burp as your proxy. When you visit an https site, you'll see the "wrong certificate" warning messages. If you then add your generated certificate to your browser's Trusted Root certificate store, you'll see that the warnings go away, while you still intercept all the traffic in Burp. Here's a tutorial you can follow to do this: https://portswigger.net/burp/help/proxy_using.html

Another way to tap an encrypted connection is used by the NSA. They have a system called QUANTUM that is located at key sites in the backbone, and can respond faster to a request than the legitimate site. They can then redirect the traffic to a FOXACID server, which will attempt to exploit the computer sending the request. If they can inject a root certificate (or if they have already compromised a root certificate that your computer already trusts,) then they can inject a man-in-the-middle proxy just like the BlueCoat system above.

EDIT: Since you're asking about the ISP performing a MITM attack, know that in the past some ISPs have distributed software to their customers on "installation setup disks" that were included with the rental modem. If you install their disk, you run the risk of installing their certificate in your machine. I don't know if any Western country's ISPs have (legally) done that, but I wouldn't be surprised if certain countries with tightly monitored communications already do this.

John Deters
  • 33,650
  • 3
  • 57
  • 110
  • Clear! But I would slightly change your 3rd sentence. In legitimate cases I wouldn't say that they are executing a **MITM attack** but simply **providing a pxoxy service** like many Akamai servers around the world are doing for basic performance purpose. – dan Jan 06 '14 at 21:29
  • There is another plain legitimate case where a company may set in place an **https proxy service**. This one might be to avoid users to get malware through **https**. If you want to **clean up** such a traffic, because you will have to, the only way is through a **proxy** and a diversion through an anti-virus or anti-malware server. – dan Jan 06 '14 at 21:32
  • @daniel-azuelos, thank you for the helpful observations. I have incorporated your suggestions into my answer. – John Deters Jan 06 '14 at 22:26
  • Well in the case you describe if I'm not mistaken it means that they need to emit a certificat that you trust and your ISP is not going to hack your computer to add a trust authority which is what a company does to inspect traffic. – Kiwy Jan 06 '14 at 22:33
  • @Kiwy, you are correct. However, in the past ISPs have been known to distribute software packages to their users in the form of a "Quick startup disk". Such a package certainly has the access required to install a new trusted root certificate on an unsuspecting user's computer. – John Deters Jan 06 '14 at 22:53
  • @JohnDeters Well in that case the process is really messed up if you consider tablets smartphones, smartfridges and any connected devices like TVs or even coffee machine ( but maybe coffe machine not relevent ) but still a smart tv can allow Skype today. – Kiwy Jan 06 '14 at 22:55
  • Sorry, I'm not saying "we know they do", only "they can if ...", which is what you originally asked. – John Deters Jan 06 '14 at 23:20
  • @catpnosis, please see http://www.theguardian.com/world/2013/oct/06/russia-monitor-communications-sochi-winter-olympics – John Deters Jan 07 '14 at 03:00
  • @JohnDeters thanks. But your reference doesn't support your initial claim. Let's be factual. It doesn't say govt will install *monitoring software on all cell phones, computers, and other* gadgets brought to Olympics. This is not just ridiculously crazy, but even impossible task to do. Just think about it. So please remove that crazy statement from your answer. About Sorm, by no means I want to defend it, but this is not even comparable to Prysm (illegal *secret* system, that can do active attack), [Sorm](http://en.wikipedia.org/wiki/SORM) is non-secret (public and legal), and passive only. – catpnosis Jan 07 '14 at 08:09
  • Well so far your post is most complete about the question but concerning the active attack part, I think the French government will not be able to put that kind of solution in place, forst because I don't think there's a French certificate authority second because it would be very much illegal in France. And the solution I'm looking for should be legal. – Kiwy Jan 07 '14 at 08:42
  • 1
    @Kiwy, funny about CA is that we *pay* them (sometimes a lot) for *trust*, but they are not *merit* any of our trust at all. (It's business oriented, not privacy oriented). If CA would share their private keys with secret agency we would never detect it (that's how it implemented in our browsers, unlike for example *ssh*). And they don't even need to share it, since agency need just to have their cert in the browser root CA repository, and *then* can just re-sign any faked certificate fully decrypt session traffic. That problem is not even attempted to be solved. – catpnosis Jan 07 '14 at 10:47
3

Your browser doesn't know what the certificate for the server should look like, so when you connect, it simply looks at the certificate provided and checks to see if it is signed by a trusted root authority. If the tap software has a certificate that is allowed to sign certificates and is signed by a trusted root, then it could produce certificates on the fly that would validly claim to be the sites you connect to. The proxy would then open another connection to the actual server and would then be in-between.

One countermeasure to this is to check if the certificate has changed since the last time you visited a site, but most browsers don't check this and even if they did, occasional legitimate changes in certificate on the server would make it hard to detect. It still requires that the software running the tapping proxy have a trusted root certificate though and it must be able to make its own certificates to correspond to the URLs you are going to or else it wouldn't be possible to pull off.

AJ Henderson
  • 41,816
  • 5
  • 63
  • 110