July 8, 2014

Maintaining digital certificate security

Posted by Adam Langley, Security Engineer

On Wednesday, July 2, we became aware of unauthorized digital certificates for several Google domains. The certificates were issued by the National Informatics Centre (NIC) of India, which holds several intermediate CA certificates trusted by the Indian Controller of Certifying Authorities (India CCA).

The India CCA certificates are included in the Microsoft Root Store and thus are trusted by the vast majority of programs running on Windows, including Internet Explorer and Chrome. Firefox is not affected because it uses its own root store that doesn’t include these certificates.

We are not aware of any other root stores that include the India CCA certificates, thus Chrome on other operating systems, Chrome OS, Android, iOS and OS X are not affected. Additionally, Chrome on Windows would not have accepted the certificates for Google sites because of public-key pinning, although misissued certificates for other sites may exist.

We promptly alerted NIC, India CCA and Microsoft about the incident, and we blocked the misissued certificates in Chrome with a CRLSet push.

On July 3, India CCA informed us that they revoked all the NIC intermediate certificates, and another CRLSet push was performed to include that revocation.

Chrome users do not need to take any action to be protected by the CRLSet updates. We have no indication of widespread abuse and we are not suggesting that people change passwords.

At this time, India CCA is still investigating this incident. This event also highlights, again, that our Certificate Transparency project is critical for protecting the security of certificates in the future.

Update Jul 9: India CCA informed us of the results of their investigation on July 8. They reported that NIC’s issuance process was compromised and that only four certificates were misissued; the first on June 25. The four certificates provided included three for Google domains (one of which we were previously aware of) and one for Yahoo domains. However, we are also aware of misissued certificates not included in that set of four and can only conclude that the scope of the breach is unknown.

The intermediate CA certificates held by NIC were revoked on July 3, as noted above. But a root CA is responsible for all certificates issued under its authority. In light of this, in a future Chrome release, we will limit the India CCA root certificate to the following domains and subdomains thereof in order to protect users:
  1. gov.in
  2. nic.in
  3. ac.in
  4. rbi.org.in
  5. bankofindia.co.in
  6. ncode.in
  7. tcs.co.in

11 comments:

  1. I don't think 'Certificate Transparency' is all it is made out to be.

    Why Google has abandoned enforcing certificate revocation via OCSP and CRL, is beyond me. You are the only ones with the position to get the CA's to return revocation information in a timely and meaningful manner - why not do that instead?

    Once CT is running, it will just be THAT much easier for all CA's and CA resellers to just tie to that system and market to all the users of those certs (thusly annoying everyone more than they do already with their scanning to get the same data). At least with scanning there is some barrier to entry and time required to do the task...

    Why not Hash the domains in CT and only allow 3rd parties to request the presence of the domain via hash (or something similar)? The way it is now, you are just providing SSL Selling Parties a direct marketing list. Google seems smarter than that...

    Anyway, glad that this India NIC event seems reasonably well contained, in Chrome, at least. What actions has MSFT taken to limit impact on IE users?

    ReplyDelete
  2. Could you please clarify what do you mean by Google Domains?

    ReplyDelete
  3. I would like to know whether other rogue certificates found under CCA. Also, whether the others were also issued by NICCA or some other authority under CCA, and if so, which one.

    ReplyDelete
  4. Um. So is Google still formally opposed to cert revocation checks?

    ReplyDelete
  5. If we could migrate over to DANE, we could do away with this entire CA structure. There would be no need to "trust" these hundreds of (possibly corrupt, possibly hacked) CA:s spread over the entire world.

    A good first step would be to get DANE support (back) in Chrome ;)

    ReplyDelete
  6. Do you know SSLCop ? http://www.security-projects.com/?SSLCop

    ReplyDelete
  7. Google, when will you start using DNSSEC (http://en.wikipedia.org/wiki/Domain_Name_System_Security_Extensions) and DNS-based Authentication of Named Entities (DANE, RFC6698) to combat such "attacks"?

    ReplyDelete
  8. Hello,

    I was wondering how you detected the rogue certificates?

    Thanks.

    ReplyDelete
  9. Could you do this for most CAs where they have an obvious scope, especially those operated by country governments?

    ReplyDelete
  10. CCA India confirms that suspension and revocation of NIC CA has been reverted from there end but still on Chrome SSL issued by NIC and other DSCs are not working on chrome and IE. My question to Google is that why Chrome is still not allowing it...

    Thanks
    Kaushlesh Kumar

    ReplyDelete
  11. don't think 'Certificate Transparency' is all it is made out to be.
    digital certificate

    ReplyDelete

You are welcome to contribute comments, but they should be relevant to the conversation. We reserve the right to remove off-topic remarks in the interest of keeping the conversation focused and engaging. Shameless self-promotion is well, shameless, and will get canned.

Note: Only a member of this blog may post a comment.