Opinion: Kevin Bocek, VP Security Strategy at Venafi, on how internet-enabled life as we know it could soon be coming to a crashing halt.
There’s an old adage which began its life back in the 1990s – and was perfectly illustrated in a New Yorker cartoon – which says: "on the internet no-one knows you’re a dog." It neatly summarises a core cyber security problem that we still face to this day: how do we know who to trust online? For the last twenty years we have taken the same approach to this problem by using cryptographic keys and digital certificates to establish trust.
By and large the system worked: ecommerce boomed and the economy and society as we know it was transformed, all thanks to a little website padlock here and there. Worryingly though, over the past five years, we are seeing cracks in the very foundation of the internet begin to emerge.
As we hurtle towards a future powered by the Internet of Things (IoT), with automated machines playing an ever-greater role in our day-to-day lives, these cracks will split into chasms that threaten our modern world. Could internet-enabled life as we know it soon be coming to a crashing halt? How can we stop the sinkholes from emerging?
The problem with trust
Cryptographic keys and digital certificates tell us whether an entity is what it says it is. We use them to authenticate web servers, code on devices, apps, and even for enterprise VPN access. It all comes back to that binary decision that machines have to make – is this thing part of "self", trusted and safe; or not trusted, and therefore dangerous – which certificates and keys provide. It’s the foundation of cyber security and the whole global economy and it’s built on sand.
Over the past five years, hackers have caught on to the potentially lucrative opportunity that keys and certificates offer. We have all seen the scene in a movie where the bad guy dresses up as a painter to gain access to a building, or steals someone’s swipe card; this is what is happening in the cyberworld too. Bad guys are trading keys and certificates on the dark web and using them to crack into company systems – just look at Sony, Careto, the Snowden revelations and Flame or Stuxnet. They all involved stolen or misused keys and certificates.
When we consider that each virtual machine needs its own key and certificate, the numbers become mind-boggling. One of our customers alone has over a million TLS certificates and keys. It is no surprise that most organisations don’t even know how many certificates and keys they’ve got, or where they’re being used. As our reliance on encryption increases, and more and more devices enter our cyber world, the problem will only become more complex and the opportunity for hackers more lucrative and feasible.
IoT, robotics and artificial intelligence: the coming storm
The problem is that these challenges become even more pronounced when we consider the breakneck speed at which the world of IoT is being created. How do these machines know what code to run? Or who to take commands from? Through this same, imperfect, system of keys and certificates. So as smart ‘things’ become enmeshed deeper and deeper into the fabric of our society – flying our planes, running our nuclear power stations, powering our hospital equipment and driving our cars – so the risks multiply.
As machines not only start to communicate with one another, but in the world of robotics and automation, even start to think for themselves, we need to be very careful that these communications can be trusted and are secure. The emergence of IoT and Artificial Intelligence really highlights how effective digital certificates can be as a cyber weapon.
By taking a code-signing certificate and changing the entity it obeys, a hacker can change the firmware on a smart device to take control of it. Now when that sensor or smart device calls back to the ‘mothership’ who does it trust? The bad guy. From a single point of compromise – the digital certificate – hackers and cybercriminals can take over a whole network of hundreds, thousands or even millions of smart ‘things’.
This creates a fertile environment for cyber extortion: "give me a million pounds or I’ll brick your nationwide network of ATMs." Nation states have also shown themselves to be ready and willing to abuse the digital certificate system to their own ends. The US-led Stuxnet hack succeeded by being signed by a pair of stolen certificates. As the IoT grows and matures, it will offer up more opportunities for state-backed attackers, not to mention the threat from cyber terrorists. Just change that certificate to trust ISIS rather than the originally intended entity, and you could have a big problem.
Creating an Immune system for the web
So what can we do? In actual fact, human evolution gives us a good footprint for addressing this issue. Each cell in our bodies can be identified by tags, unique to each individual; our immune system tracks and manages these tags, identifying which of these cells are "self" and can be trusted, and what aren’t and must be destroyed.
Keys and certificates offer the same tagging system, yet the internet is running without an immune system to understand whether they are to be trusted or not. Without automation, we have no way to see how many keys and certificates we have, whether they have been corrupted, whether they are acting in the way they are supposed to, and in the event they are not, we have no way to mount a response or change them out.
If the internet is to survive, and the online and connected economy is to thrive, we need to reboot our approach to keys and certificates.
This will involve building in agile security, with the ability to change who that machine trusts quickly. In short, we need an "immune system for the internet"; technology which learns and adapts as it goes along, identifying which keys and certificates are trusted and which need replacing. With that extra layer of security in place, we might yet avoid the robot apocalypse!