In a recent Internet security kerfuffle, Symantec issued the surveillance company Blue Coat Systems, a powerful digital certificate that allows them to masquerade as any secure business or financial institution by impersonating their web server.  See my original post for background, Blue Coat has Intermediate CA signed by Symantec.

In statement by Symantec the company notes, that companies often test with their own Intermediate CA.  While it’s true companies test their PKI processes, it’s very uncommon that Intermediate CA certificates in the test environment anchor to trusted roots in popular web browsers.  Any Intermediate CA certificate anchoring to trusted roots is by definition a – live production certificate.


Symantec goes on to note that certificates used in testing are “discarded” once tests are completed.  Unfortunately, this type of public communication is difficult to understand from a technical standpoint.  The standard practice to assure the public a certificate cannot be used is to revoke the certificate.  In the PKI system, a certificate that has been revoked provides scary warnings when users try to browse these web sites.  The assurance we desire is that the certificate is revoked.  Whether Blue Coat has the private key or not is immaterial.To better understand the communication from Symantec, I checked the Blue Coat CA revocation status.  The result is that the Blue Coat CA certificate has not been revoked.  While there is no evidence of inappropriate use, nothing about this incident in the way it’s explained or handled is considered industry best practice or even normal practice.  This is not the first time Symantec’s processes around certificate management have been called to question by security researchers, The Case of the Symantec’s Mysterious Digital Certificates.

You can test the Blue Coat CA certificate revocation status yourself with the following procedure.

Step 1 – Download Blue Coat CA Certificate
Download the Bluecoat CA Certificate to your computer.
 
Step 2 – Extract CRL host from Bluecoat Certificate
I’m using a work in progress tool I wrote, DeepViolet, to read the certificate but openssl is a well established alternative available on many operating systems.  If your using openssl you can view the certificate with the following, openssl x509 -in bluecoat-cert.crt -text -noout
 
java -jar dvCMD.jar -rc ../Downloads/bluecoat-cert.crt
Starting headless via dvCMD
Trusted State=>>>UNKNOWN<<<
Validity Check=VALID, certificate valid between Wed Sep 23 17:00:00 PDT 2015 and Tue Sep 23 16:59:59 PDT 2025
SubjectDN=CN=Blue Coat Public Services Intermediate CA, OU=Symantec Trust Network, O=”Blue Coat Systems, Inc.”, C=US
IssuerDN=CN=VeriSign Class 3 Public Primary Certification Authority – G5, OU=”(c) 2006 VeriSign, Inc. – For authorized use only”, OU=VeriSign Trust Network, O=”VeriSign, Inc.”, C=US
Serial Number=108181804054094574072020273520983757507
Signature Algorithm=SHA256withRSA
Signature Algorithm OID=1.2.840.113549.1.1.11
Certificate Version =3
SHA256(Fingerprint)=AF:70:11:C3:EF:70:A7:96:26:B1:43:A7:14:99:96:FF:15:2F:75:62:85:1D:08:C3:AA:DC:DE:E8:29:9E:57:2B
Non-critical OIDs
CRLDistributionPoints=[http://s.symcb.com/pca3-g5.crl]
AuthorityInfoAccess=[ocsp=http://s.symcd.com]
CertificatePolicies=[2.23.140.1.2.2=qualifierID=http://www.symauth.com/cpsCPSUserNotice=http://www.symauth.com/rpa1.3.6.1.4.1.14501.4.2.1=CPSUserNotice=In the event that the BlueCoat CPS and Symantec CPS conflict, the Symantec CPS governs.1.3.6.1.4.1.14501.4.2.2=CPSUserNotice=In the event that the BlueCoat CPS and Symantec CPS conflict, the Symantec CPS governs.]
AuthorityKeyIdentifier=[7F:D3:65:A7:C2:DD:EC:BB:F0:30:09:F3:43:39:FA:02:AF:33:31:33]
SubjectKeyIdentifier=[47:95:0A:0B:A7:A1:82:A2:6D:C9:9B:9C:CD:3E:F3:90:42:E4:6F:99]
ExtendedKeyUsages=[serverauth clientauth]
SubjectAlternativeName=[[[2.5.4.3, SymantecPKI-2-214]]]
Critical OIDs
KeyUsage=[nonrepudiation keyencipherment]
BasicConstraints=[TRUE0]
 
Processing complete, execution(ms)=784
Step 4 – Download CRL 
Download the certificate revocation list from the server specified in the certificate.
 
wget -O bluecoat-symcb-crl.der http://s.symcb.com/pca3-g5.crl
Step 3 – Display CRL
Now that we have the certificate revocation list we can view the list of certificates revoked.  Apparently there are no revoked certificates.
 
openssl crl -inform DER -text -in bluecoat-symcb-crl.der
Certificate Revocation List (CRL):
        Version 1 (0x0)
        Signature Algorithm: sha1WithRSAEncryption
        Issuer: /C=US/O=VeriSign, Inc./OU=VeriSign Trust Network/OU=(c) 2006 VeriSign, Inc. – For authorized use only/CN=VeriSign Class 3 Public Primary Certification Authority – G5
        Last Update: Mar 22 00:00:00 2016 GMT
        Next Update: Jun 30 23:59:59 2016 GMT
No Revoked Certificates.
    Signature Algorithm: sha1WithRSAEncryption
        18:32:9f:5a:ed:de:b4:e1:c0:4a:97:de:3b:81:7e:5e:0e:10:
        fa:1b:b4:4e:97:33:d4:88:67:2b:fc:d2:8c:9a:b4:cb:7f:27:
        c5:19:ae:14:73:e0:63:c0:35:ae:e5:ed:3f:8a:32:bf:e3:c1:
        51:84:2f:23:60:e2:86:d2:79:8d:f5:3b:a0:69:1d:bd:ca:c6:
        3f:49:ed:7b:f8:a4:d0:ae:fa:0f:3a:35:c4:b6:ad:1c:bd:7c:
        35:e0:8f:62:83:e1:db:c6:05:92:98:2c:3a:12:48:2b:c9:59:
        a7:c1:de:1f:d0:6e:4e:1f:1d:3b:cb:5e:d1:e2:79:8c:c0:64:
        35:14:b1:04:87:04:4c:8f:3b:6f:10:ac:e8:6c:b4:b0:fb:69:
        15:de:9c:70:1a:1b:e7:be:af:18:a8:29:7e:c5:aa:73:e9:c8:
        3c:79:a3:fc:23:9a:9f:16:55:34:9e:c1:5c:fd:68:51:4a:6f:
        7b:51:53:a7:a3:f4:c7:70:3c:03:58:e6:0a:8f:f1:44:e1:ad:
        c7:b0:a4:dc:e5:be:ba:92:84:93:ac:71:24:ba:70:e4:cf:ed:
        84:6b:c2:b3:a1:49:3f:55:10:1c:b9:90:51:32:ee:6a:3e:85:
        0a:83:a8:80:f2:60:c0:87:3f:7f:b3:fc:b1:49:d2:17:0e:3e:
        c7:74:e5:23
—–BEGIN X509 CRL—–
MIICETCB+jANBgkqhkiG9w0BAQUFADCByjELMAkGA1UEBhMCVVMxFzAVBgNVBAoT
DlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3b3Jr
MTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3Jp
emVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQ
cmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUXDTE2MDMyMjAwMDAw
MFoXDTE2MDYzMDIzNTk1OVowDQYJKoZIhvcNAQEFBQADggEBABgyn1rt3rThwEqX
3juBfl4OEPobtE6XM9SIZyv80oyatMt/J8UZrhRz4GPANa7l7T+KMr/jwVGELyNg
4obSeY31O6BpHb3Kxj9J7Xv4pNCu+g86NcS2rRy9fDXgj2KD4dvGBZKYLDoSSCvJ
WafB3h/Qbk4fHTvLXtHieYzAZDUUsQSHBEyPO28QrOhstLD7aRXenHAaG+e+rxio
KX7FqnPpyDx5o/wjmp8WVTSewVz9aFFKb3tRU6ej9MdwPANY5gqP8UThrcewpNzl
vrqShJOscSS6cOTP7YRrwrOhST9VEBy5kFEy7mo+hQqDqIDyYMCHP3+z/LFJ0hcO
Psd05SM=
—–END X509 CRL—–
 
 

Updated June 12, 2016

A digital certificate was created by Symantec for Blue Coat Systems Inc.  The digital certificate is a special type of certificate that allows Blue Coat to operate as a trusted Certificate Authority(CA).  The certificate allows Blue Coat to create new digital certificates for use on highly trusted web sites like those used in banking and health care.

Most people and businesses operating servers on the Internet make every effort to provide the public with the safest and most secure online experience.  But the Internet is a big place and not everyone plays by the rules.  Providing a trusted Internet environment is essential for commerce and collaboration.  The system that manages Internet trust is Public Key Infrastructure(PKI).  PKI is the the security technology and processes that web browsers and web servers use for all highly trusted activities like online banking and health.  Certificate Authorities(CA) play a special role in PKI as the gatekeepers of secure servers on the Internet.  CA duties include managing applications for secure web servers.  To fulfill this special and important role, CA’s must submit to stringent audits of their business practices and operations.  During normal day-to-day operations CA’s must preserve public trust in online security by denying criminals access to masquerade as legitimate businesses or trusted partners.  Most often everything goes as planned but what about the case when CA’s don’t follow the rules.  Abuses may include issuing certificates without knowledge or consent of rightful domain owners, servicing unlawful or warrantless government requests, and much more.

Why is this incident important to me?
In May 2016 a security researcher, Filippo Valsorda, discovered an Intermediary CA X.509 digital certificate was issued to Blue Coat Systems by Symantec.  This is a concern for two reasons, 1) Blue Coat Systems manufactures hardware designed for surveillance, 2) the Intermediary CA certificate facilitates the issuance of highly trusted certificates in any Internet domain name.  For example, a Blue Coat device armed with their new CA certificate can surveil HTTPS web sites in a way that’s difficult for web browser users to detect.

Why is the Blue Coat Systems CA a problem?
Trust is essential to the continued operation of the Internet.  Without trust, the full potential of the Internet will never be realized.  Few would want to purchase products, view medical laboratory results, exchange ideas with business partners, or email friends and family if our information can be surveilled, intercepted, and manipulated at any point without our full knowledge and consent.  The key displayed in your web browser in a secure HTTPS connection is an icon of trust.  If it’s visible, we must have confidence the site we are communicating to is authentic and our communications confidential.

What does Bluecoat and Symantec have to say? 
Symantec has said that it’s determined the CA certificate issued to Blue Coat was done so appropriately and that Blue Coat never had access to it.  This statement is designed to assuage public concern since it would prevent impropriety on Blue Coast behalf.  Unfortunately there is no easy way for the public to verify this statement.

mb-symantec
Issuing a CA certificate to a surveillance company is by no means normal and concern by the security research community and anyone using a web browser is warranted.  Trust and confidence when issuing CA’s is the single most important duty entrusted to Symantec in responsibility as an issuing authority.What is the appropriate course of action for you?
It depends upon you.  If you trust that Symantec and Blue Coat are operating in your best interest then do nothing.  If on the other hand you consider Blue Coat’s CA a potential vector for abuse then you can untrust the Blue Coat CA certificate.

To mark the BlueCoat CA certificate untrusted
1) Download BC CA Cert
2) Mark untrusted, OSX users | Windows users
* Mobile users: iPhone, I don’t believe Apple exposes any trust management features to the public.  Android, unsure.
bluecoat-untrusted
Original security researcher comments

BlueCoat now has a CA signed by Symantec https://t.co/8OXmtpT6eX

Here’s how to untrust it https://t.co/NDlbqKqqld pic.twitter.com/mBD68nrVsD

More information
The Register, Blue Coat, Skype and QQ named despots’ best friends
Blue Coat Systems, Blue Coat Intermediate CA
Symantec,  Symantec Protocol Keeps Private Keys In Its Control

deepviolet-logoDeepViolet(DV) open source TLS/SSL DAST tool updated to Beta 4.  The major improvement for Beta 4 is the addition of an API so Java designers can implement DV features in their own projects.

Following are a summary of improvements for Beta 4.

  • Added API support for those who want to use DeepViolet features in their own Java projects. See package com.mps.deepviolet.api
  • Added samples package with sample code to demonstrate new API
  • Refactored existing code for the command line support and UI to use the new API.
  • 2 new command line options for debugging added, -d and -d2. d turns on Java SSL/TLS debugging. -d2 assigns DV debug logging priority.
  • Generated JavaDocs for Public APIs, see com.mps.deepviolet.docs
  • javadoc.xml added to generate JavaDocs
  • Support for dock icon on OSX for the UI

To learn more about the DeepViolet refer to the projects GitHub page or click DOWNLOAD to try DeepViolet now.

UPDATE, March 10, 2018: computing technology update, Google’s Bristlecone Quantum Processor.

Throughout the week of April 11th, 2016 Stanford held is annual affiliates Computer Forum on the campus.  Participation in the forum is available to affiliate members.  If your interested to be an affiliate send a note to me, see About page.   Stanford security forum is a great place to unplug from the day-to-day business and consider broader security challenges.  The campus is beautiful and the projects are interesting.  Attending the forum is always uplifting, I usually meet leaders from industry I know, university staff, and I always learn something new from their research.

The forum is a week long but attendees can sign up for individual days depending up interests.  I attended 2 days of the week long forum.  Monday was dedicated to security.  Thursday was dedicated to IoT.  Research projects and themes change from year to year.  This year cryptography and IoT where the broad themes.  Full media from the week long forum trails the post.

A Few Thoughts or Impressions
Following are some of the more important points I learned or points that captured my interests, not in any particular order of importance.

Why are quantum computers fast?
Traditional computers process information in bits.  A bit is either “on” or “off”, a 1 or a 0 respectively but quantum computers also provide an Amplitude property associated with each quantum bit.  Remember Schrödinger’s Cat?  The cat was in a Superposition of States where the cat is both alive and dead.  Amplitude is the measurement of the superposition which is the probability the cat is in one state or the other.  A point of some utility is that amplitude is not a simple percentage but instead is a complex number.  The the value combined with the amplitude of the bit form a quantum computational unit known as the Qubit.  In a traditional computer, increasing the number of bits increases the computers word size and address space which increases the processing power in polynomial time.  Increasing the number of qubits in a quantum computer increases processing power in exponential time.  Unlike a traditional computer, doubling the size of a quantum more than doubles computational power.  The increase in computational power is due to two major factors, 1) unique superposition properties of the qubit, 2) higher dimensional algorithms applicable specific problem spaces.  Quantum computers provide a different operational computing model when compared to a traditional computer.  Rather than serialized approach to computing using logic gates, lasers and radio waves interfere with each other and operate across many qubits simultaneously.  In some qubits, interference is constructive and in others interference is destructive.  The design of the quantum computer and algorithms seek to reinforce constructive interference patterns that produce the desired results.  I realize this answer is not satisfactory for everyone.  Take a look at the presentation materials in the links at the of the post.  Also take a look at, The Limits of Quantum article.

Quantum computers not likely to replace traditional computer
Quantum computers are fast at solving specific problems where an algorithm exists.  Quantum computers are not necessarily fast at solving all problems.  It’s unlikely a quantum computer will replace your desktop; however, if a quantum computer could be made small enough it could make an addition to your desktop for specialized functions (e.g., 3D graphics).

Implications for web browser security
A quantum algorithm exists for finding large prime numbers, Shore’s Algorithm.  Web browser security is predicated on the fact that large prime numbers are difficult to factor.  A quantum computer along with Shore’s Algorithm can factor primes fast.  However, the state of the art in quantum computers today is about 9-qubits.  According to Professor Dan Boneh, we don’t need to be concerned about quantum computers cracking browser security until quantum computers reach around 100-qubits.

Browser security in a post-quantum computing world
Professor Boneh elaborated, post-quantum computing encryption algorithms remain an area of interest.  Algorithms that are useful in a post-quantum world favor smaller primes within higher dimensional number spaces(>1024).  A research paper, Post-Quantum Key Exchange – A New Hope provides details.

TLS-RAR for auditing/monitoring SSL/TLS connections
A new protocol has been developed to monitor SSL/TLS.  TLS-RAR does not require terminating the SSL/TLS connection and establishing a new connection to the end-point.  Instead TLS-RAR works by dividing TLS connections into multiple epochs.  As a new epoch is established, between client and server, a new TLS session key is negotiated.  Meanwhile, the TLS session key for old epochs is provided to the observer which may be an auditor or monitoring tool.  In this way the observer has access to view old TLS epoch information.  The observer cannot view or alter information from the current epoch.  Data integrity and confidentiality between client and server is maintained.  Some of the advantages, no changes to the client are required(no new roots to add), and support for current TLS/SSL libraries.  This means TLS-RAR is compatible with a host of IoT technologies and components already deployed.

Session Media from the Forum
The following links provide access to session materials throughout the form.