10

I have read about SSL and TLS; I know how RSA works and why digital certificates are necessary (more or less), but I am curious about how we prevent a fake digital certificate.

The operating system comes with some certificates pre-installed, but how can we be certain that the certificates have not been changed in our computer by a virus? If a virus changed the local certificates, and I access a website that sends me a fake digital certificate that matches the fake one on my computer, what will happen?

I may be confused about how this works. I would appreciate a detailed explanation.

TRiG
  • 609
  • 5
  • 14
Johnny Willer
  • 409
  • 1
  • 4
  • 13
  • possible duplicate of [SSL Certificate framework 101: How does the browser actually verify the validity of a given server certificate?](http://security.stackexchange.com/questions/56389/ssl-certificate-framework-101-how-does-the-browser-actually-verify-the-validity) – D.W. May 12 '15 at 07:56

2 Answers2

24

Certificates are signed and the cryptographic signature is verified; if the signature matches then the certificate contents are exactly as they were when the certificate was signed. This, of course, does not solve the problem, it merely moves it around. The complete structure is called a PKI. The certificates which are preinstalled in your computer (came with the OS or the browser) are the root CA certificates, i.e. the public keys that you know "a priori" and from which you begin all the signature verification process.

To make the story short, if some hostile entity could insert a rogue root CA in your computer, then you lose. Of course, under the same conditions, the same hostile attacker (e.g. a virus) could alter the code of the browser and hijack your data from that, or log all your key strokes, or more generally completely bamboozle you in a zillion ways. When a virus executes on your computer, you are already beyond redemption.

Inserting a fake root CA is, in fact, a rather poor way to attack people, because they may notice it. Injecting a data snooper right inside the entrails of the browser does not require much additional effort, can be done within the same conditions, and results in a much more complete and discreet destruction of your security.

Tom Leek
  • 168,808
  • 28
  • 337
  • 475
  • Thank you Tom, I'm understanding the dangerous now! but about browser security, a virus that can create a root CA, can access my password inside java applet security, used in internet bankings? – Johnny Willer May 11 '15 at 18:39
  • 3
    If the virus injects an attacker-controlled CA inside the set of root CA that the Java VM uses to decide whether an applet is trustworthy, then the attacker may feed you with a fake, corrupted applet that your computer will execute blissfully. My point, though, is that a virus that can do that is also able to simply alter the Java VM or browser code right away, to get a copy of your password as you type it, and send it to its master. The latter method does not even need the attacker to send you a fake Java VM, so it is even simpler for the attacker. – Tom Leek May 11 '15 at 19:07
  • 1
    Fun fact: Lenovo installed a new root CA for that spyware advertising plugin of theirs, it confirmed ANYTHING as legit, which is .... *the* most stupid think I can imagine someone doing – Alec Teal May 13 '15 at 16:15
7

If a virus installs a new root certificate on your computer, and a spoofed website presents you with a certificate with a valid signature chain from that root certificate, then your computer will accept it as a valid certificate. But this shouldn't be seen as a problem with SSL/TLS -- if you have a virus with that level of access, then there are lots of ways it can get your information, and spoofing a root certificate is actually one of the less likely ones.

Mike Scott
  • 10,118
  • 1
  • 27
  • 35
  • But, how hard is to a virus to do that? This should not seen as a big problem? – Johnny Willer May 11 '15 at 18:29
  • 3
    Getting a virus is a big problem, and completely compromises everything you do on your computer. The possibility that a virus could install a fake root certificate isn't a big problem, because everything you do is already compromised, and so the fake root certificate doesn't add to your problems. – Mike Scott May 11 '15 at 18:33
  • 3
    If someone has the level of access on your computer necessary to overwrite your TLS certificate chain, *you have already lost*. They can almost certainly record your keystrokes, view and edit the entire contents of your hard drive, etc. – Stephen Touset May 11 '15 at 18:33
  • Yeah, it's true, I'm understanding the danger now haha.. but internet bankings does not use security java applets that does not allow to a virus see my password? A virus with that level of access can 'destroy' my browser security? – Johnny Willer May 11 '15 at 18:37
  • 4
    If a virus has control of your computer, there's no such thing as a secure Java applet. It can install its own Java VM if it wants to. Once again, the only way to be secure is _not to catch a virus_. – Mike Scott May 11 '15 at 18:50
  • @StephenTouset The level of access necessary to overwrite the TLS certificate chain is typically granted to the OS vendor and their software update procedure – Hagen von Eitzen May 12 '15 at 09:01
  • Fun fact: Lenovo installed a new root CA for that spyware advertising plugin of theirs, it confirmed ANYTHING as legit, which is .... *the* most stupid think I can imagine someone doing – Alec Teal May 13 '15 at 16:15