Tuesday, May 29, 2012

TACK

(source/cc)
Those who read this blog know that I have a particular fascination with our CA system and how screwed up it is. The good news is that I'm not the only person who feels this way, and even better, there are a few people out there doing more than just talking about it.

Two of the 'doers' are Moxie Marlinkspike and Trevor Perrin, who recently dropped TACK, a new proposal for 'pinning' TLS public keys. I would have written about TACK last week when it was fresh, but I was experimenting with a new approach to international travel where one doesn't adjust oneself to the local timezone (nb: if you saw me and I was acting funny last week... sorry.)

TACK stands for Trust Assertions for Certificate Keys, but really, does it matter? TACK is one of those acronyms that's much more descriptive in short form than long: it's a way to 'pin' TLS servers to the correct public key even when a Certificate Authority is telling you differently, e.g., because the CA is misbehaving or has had its keys stolen.

In the rest of this post I'm going to give a quick overview of the problem that TACK tries to solve, and what TACK brings to the party.

Why do I need TACK?

For a long answer to this question you can see this previous post. But here's the short version:
Because 'secure communication' on the Internet requires us to trust way too many people, many of of whom haven't earned our trust, and probably couldn't earn it if they tried.
Slightly less brief: most secure communication on the Internet is handled using the TLS protocol. TLS lets us communicate securely with anyone, even someone we've never met before.

While TLS is wonderful, it does have one limitation: it requires you to know the public key of the server you want to talk to. If an attacker can convince you to use the wrong public key (say, his key), you'll end up talking securely to him instead. This is called a Man-in-the-Middle (MITM) attack and yes, it happens.

In principle we solve this problem using PKI. Any one of several hundred 'trusted' Certificate Authorities can digitally sign the server's public key together with a domain name. The server sends the resulting certificate at the start of the protocol. If we trust all the CAs, life is good. But if any single one of those CAs lets us down, things get complicated.

And this is where the current CA model breaks down. Since every CA has the authority to sign any domain, a random CA in Malaysia can sign your US .com, even if you haven't authorized it to, and even if that CA has never signed a .com before. It's an invitation to abuse, since an attacker only need steal one CA private key anywhere in the world, and he can MITM any website.

The worst part of the 'standard' certificate model is how dumb it is. You've been connecting to your bank for a year, and each time it presented a particular public key certified by Verisign. Then one day that same site shows up with a brand new public key, signed by a CA from Guatemala. Should this raise flags? Probably. Will your browser warn you? Probably not. And this is where TACK comes in.

So what is TACK and how does it differ from other pinning schemes?

TACK is an extension to TLS that allows servers to 'pin' their public keys, essentially making the following statement to your TLS client:
This is a valid public key for this server. If you see anything else in this space, and I haven't explicitly told you I'm changing keys, there's something wrong.
Now, public-key pinning is not a new idea. A similar technique has been used by protocols like SSH for years, Google Chrome has a few static pins built in, and Google even has a draft HTTP extension that adds dynamic pinning capabilities to that protocol.

The problem with earlier pinning schemes is that they're relatively inflexible. Big sites like Google and Facebook don't run just one server, nor do they deploy a single public key. They run dozens or hundreds of servers, TLS terminators, etc., all configured with a mess of different keys and certificates. Moreover, configurations change frequently for business reasons. Pinning a particular public key to 'facebook.com' seems like a great idea, but probably isn't as simple as you'd think it is. Moreover, a mistaken 'pin' is an invitation to a network disaster of epic proportions.

TACK takes an end-run around these problems, or rather, a couple of them:
  1. It adds a layer of indirection. Instead of pinning a particular TLS public key (either the server's key, or some higher-level certificate public key), TACK pins sites to a totally separate 'TACK key' that's not part of the certificates at all. You then use this key to make assertions about any of the keys on your system, even if each server uses a different one.
     
  2. It's only temporary. A site pin lasts only a few days, no more than a month -- unless you visit the site again to renew it. This puts pretty strict limits on the amount of damage you can do, e.g., by misconfiguring your pins, or by losing the TACK key.
So what exactly happens when I visit a TACK site?

So you've securely connected via TLS to https://facebook.com, which sports a valid certificate chain. Your browser also supports TACK. In addition to all the usual TLS negotiation junk, the server sends down a TACK public key in a new TLS extension field. It uses the corresponding TACK signing key to sign the server's TLS public key. Next:
  1. Your browser makes note of the TACK key, but does nothing at all.
You see, it takes two separate connections to a website before any of the TACK machinery gets started. This is designed to insulate clients against the possibility that one connection might be an MITM.

The next time you connect, the server sends the same TACK public key/signature pair again, which activates the 'pin' -- creating an association between 'facebook.com' and the TACK key, and telling your browser that this server public key is legitimate. If you last connected five days ago, then the 'pin' will be valid for five more days.

From here on out -- until the TACK pin expires -- your client will require that every TLS public key associated with facebook.com be signed by the TACK key. It doesn't matter if Facebook has eight thousand different public keys, as long as each of those public keys gets shipped to the client along with a corresponding TACK signature. But if at any point your browser does not see a necessary signature, it will reject the connection as a possible MITM.

And that's basically it.

The beauty of this approach is that the TACK key is entirely separate from the certificate keys. You can sign dozens of different server public keys with a single TACK key, and you can install new TLS certificates whenever you want. Clients' browsers don't care about this -- the only data they need to store is that one TACK key and the association with facebook.com.

But what if I lose my TACK key or it gets stolen?
 
The nice thing about TACK is that it augments the existing CA infrastructure. Without a valid certificate chain (and a legitimate TLS connection), a TACK key is useless. Even if you lose the thing, it's not a disaster, since pins expire relatively quickly. (Earlier proposals devote a lot of time to solving these problems, and even require you to back up your pinning keys.)

The best part is that the TACK signing key can remain offline. Unlike TLS private keys, the only thing the TACK key is used for is creating static signatures, which get stored on the various servers. This dramatically reduces the probability that the key will be stolen.

So is TACK the solution to everything?

TACK addresses a real problem with our existing TLS infrastructure, by allowing sites to (cleanly) set pins between server public keys and domain names. If widely deployed, this should help to protect us against the very real threat of MITM.

It's also potentially a great solution for those edge cases like MTA-to-MTA mailserver connections, where the PKI model actually doesn't work very well, and pinning may be the most viable route to security.

But of course, TACK isn't the answer to everything. The pins it sets are only temporary, and so a dedicated attacker with long-term access to a connection could probably manage to set incorrect pins. At the end of the day this seems pretty unlikely, but it's certainly something to keep in mind.

3 comments:

  1. I'm really confused by the TACK threat model.

    It prevents MITM attacks only for repeat visits within a TACK key window. For first time visitors or for those repeat visitors whose TACK keys have expired is an MITM still possible?

    Also, what types of errors does TACK provide when it detects a possible MITM attack. Is it any different then the types of errors a browsers throws up when an invalid cert is presented? I'm not sure what's going to keep users from clicking through the warning, much like they do with existing warnings.

    ReplyDelete
  2. The simple answer to the first one is: yes. TACK (and most dynamic pinning approaches) really only help you /after/ you've established a first legitimate connection to a website. TACKs expire quickly, so it really only helps with sites you use frequently -- something like your bank or Gmail. If you only connect once a year, probably not so helpful.

    One of the things I like about TACK and more recent pinning approaches is that they /don't/ allow a user-override facility, at least not in the spec. The theory here is that the site operator is more competent than a user to know which keys it should be serving. When a client encounters a different key, this should be treated as an attack and the connection dropped with no opportunity for the user to chime in.

    Obviously this can lead to problems, which is why you shouldn't go deploying TACK if you're not competent to do so.

    ReplyDelete
  3. Wonderful blog post. That is what I was searching for. I really like your blog and I appericiate your efforts. Your article is very helpful for me and many others to work out. I will definitely come back on your site for more stuff. Good Luck for the future posts.
    View harley davidson leather jackets

    ReplyDelete