2009-02-24

TLS/SSL usability

Security researcher Dan Kaminsky posted this article where he mentioned:
Moxie introduced (to me anyway) the concept of Positive vs. Negative Feedback. Negative Feedback systems occur when the browser detects an out-and-out failure in the cryptography, and posits an error to the user. In response to the New Zealand bank data, in which 199 of 200 users ignored a negative prompt, browsers have been getting crazier and crazier about forcing users to jump through hoops in order to bypass a certificate error. The new negative errors are at the point where it is in fact easier to “balk” — to stop a web transaction, and move onto something else.

So Moxie’s putting his energy on the old positive feedback attacks — simply disabling the security, and seeing if anyone notices. And here he shows up with some pretty astonishing data: Nobody noticed. To be specific, absolutely 0% of users presented with missing encryption on important web sites, being asked to provide sensitive financial data to those websites, refused on the basis of missing security.

Wow. 0%. Seriously.
TLS/SSL has a fundamental problem not in that the encryption doesn't work - the encryption works, even though the "trusted" part of "trusted third party" is problematic. The most serious issue, however, is that people have no clue about distinguishing secure sites from insecure ones, and will go so far as to ignore security warnings unless they are outright intimidating.

Thus, all that a phisher has to do is serve people their bank's login page in plain HTTP, and everyone will merrily provide their login information. This, then, leads to fraud and economic loss.

Users' ignorance and willingness to conduct transactions through unsecured links will continue until:
  1. Browsers begin to require encryption by default, and start providing intimidating negative feedback before they'll let you use a nonencrypted site.
  2. The likes of Google, and all other sites, realize that by saving on not using SSL, they are contributing to the problem by preventing browsers from implementing #1, and by getting users used to non-encryption.
That, of course, poses a tough, possibly unworkable problem of coordinated action:
  • If a single site moves to SSL-only, it's expensive and delivers little benefit until everyone else does so (if ever).
  • On the other hand, changing the default behavior of browsers to discourage unencrypted net access will elicit cries (and possibly lawsuits?) from people who want to continue running unencrypted sites.
Is there anything anyone can do instead?

Putting DNSSEC aside (whenever that will be ready), there could be a secure registry of sites which must be accessed via SSL. This registry would itself have to be accessed securely, and browsers would check sites against this registry automatically. Browsers would then enforce either secure navigation to these sites, or provide strong negative feedback to discourage unsecured access. Sites with public content and those that want to remain insecure could remain that way with no issues, whereas security on sites that require it would be more difficult for attackers to work around.

No comments: