How Attackers Intercept Secure Web Connections

How Attackers Intercept Secure Web Connections
Page content

Encryption, an old technique to convert plain text into cipher text such that the text remains secret and only the intended receiver can read it. Today, it has become essential to encrypt every message sent from or to a computer. Therefore, several enterprises intercept the encrypted connections over the web for security purposes. One such purpose could be to track the manipulation of the message over a secure web connection. Unfortunately, intruders or assailants can use a similar technique to intercept a secure web connection.

In this article, we will see what role do digital certificates play and how SSL encrypted web connections are intercepted.

Digital Certificates

Generally, web connections are secured with the help of digital certificates, often used in combination with SSL (Secure Socket Layer) / TLS (Transport later Security) protocol. A digital certificate is a small piece of data that describes the identity of a party. This identity is secured with a digital signature signed on the digital certificate. The digital signature on a digital certificate is not an ordinary signature and is derived from a complex arithmetical function dependent on the encryption key. If during the transit of the digital certificate, the value of the key is altered, the certificate will not match & an error message will be generated. In this manner, the data can be secured.

However, the question now arises is that how will you verify that the owner of the digital certificate is a legitimate owner? Let us try to get our answer.

For example, you visit a website, and there you are presented with a digital certificate, say, Mac’s Certificate. Mac’s certificate has been confirmed by Jacob and carries Jacob’s signature on it. Jacob’s certificate has been confirmed by John Doe and carried John Doe’s signature on it. John Doe is the root CA (certificate authority), i.e. he is authorized to issue certificates. When you find John Doe’s signature on the Mac’s certificate, you trust that the certificate presented by the Mac is legitimate, and he is, who he claims to be. The same thing happens in real life, the web browsers have built in trusted certificates issued by the root certificate authority, for example: VeriSign Inc. Whenever, your web browser is presented a certificate that has been digitally signed by VeriSign, it automatically accepts the certificate. However, intruders or assailants can take advantage of this conviction by generating their own signed digital certificate that is identical to the VeriSign digital certificate, for example.

Digital Certificates - Are they SECURE?

Digital certificates are not very much secure as they seem to be. In 2001, VeriSign misguidedly supplied Code-signed digital certificates to an individual who claimed to be an employee of Microsoft. You can find more info about it here: (MS01-017). and convince them to run an executable content.

It is also easy to forge a digital certificate. Recently, a group of researchers at Chaos Communication Congress, Berlin showed a weakness in MD5 cryptographic algorithm, that allowed creation of a false digital certificate with a valid root Certificate Authority signature, the creation the digital certificate was never signed by the root Certificate Authority. Since, it had a valid signature; all the browsers accept it automatically.

This post is part of the series: How SSL encrypted web connections are intercepted

In this series, we will see what role do digital certificates play, how much secure are they and how SSL encrypted web connections are intercepted with the help tools along with on the fly creation of digital certificates.

  1. How SSL Encrypted Web Connections are Intercepted - Understanding the Concept
  2. How SSL Encrypted Web Connections are Intercepted - Attacking Strategy