Wednesday, October 15, 2014

SHA-1 is considered insecure while the EU pretends to legislate "advanced" e-signatures

Google announced that it is updating its Chrome browser to display warnings on web sites that use HTTPS (SSL/TLS) backed by a digital certificate signed with SHA-1.  In Why Google is Hurring the Web to Kill SHA-1, Eric Mill gives many reasons why Google is pushing ahead of schedule to rid the web of SSL certs that are considered less secure because they are signed by a Certificate Authority (CA) using SHA-1.

While it's true that SHA-1 is approaching the end of its useful life, it's stubbornly present in many systems and applications.  Getting rid of it isn't easy.  But we have to start sometime!

Of course, creating useful collisions in SHA-1 is still mostly an uncertain game.  We have not heard of any actual SHA-1 collisions that are useful.  "Useful" is a key consideration in that creating a second set of data the hashes to the same SHA-1 hash as some "real" document is hard enough, but doing so in which that second data is a meaningful replacement for the first is even harder.  If a collision could change "$100" to "$200," you'd have a real problem (of course this is just a short text example to illustrate the point, not a real scenario).  But if "x4z]" ended up hashing to the same as "$100", it would be less interesting because the replacement is not meaningful and thus would not be a realistic spoof.

While the Google announcement surrounds SSL certificates, digital signatures for e-signatures are likely a bigger problem.  SSL certificates tend to be renewed every 1 to 3 years, so they do not last very long, and most new certificates issued will use SHA-2 instead of SHA-1.

Digital signatures on documents tend to be "forever."  They do not expire.  While the user's signing keys may change from time to time, once a digital signature is applied to a document, it remains that way going forward.  Since most e-sign vendors use SHA-1 in their digital signatures (aside from the few odd players that don't appear to use any digital signatures at all like Sertifi and AssureSign), all documents being signed may be forged in the future.  Fortunately, most documents become somewhat obsolete after years go by (that is, few want to forge a 5-year sales agreement for example).

In the EU, they promote word play like "advanced" and "qualified" for electronic signatures based on digital signatures created using a typical PKI in which the signer has been issued a digital certificate (no doubt signed with SHA-1!) for a private key the user keeps secure.  This sounds good, but of course has serious flaws:
  1. Users cannot deny an electronic signature created using their "advanced/qualified" signature. The EU law says these are guaranteed to be valid.  No wet signature ever had such an absurd notion attached to it; that's why we have courts to decide based on evidence.
  2. Users may in fact not keep their private keys secure. Users are famous for being unable to keep such stuff secure because they really have no idea what their encryption keys are or how exploits can take place.  Every virus and hack attack is a potential theft of a user's encryption keys.
  3. All encryption requires software and hardware, and all software and hardware is vulnerable to attack. Thus, your keystore can be hacked. The device the key is stored on can be hacked. The device (like a PC, phone or tablet) the key is used on can be hacked.  Any network connections involved can be hacked. As the various credit card hacks have shown, devices can be hacked, replaced or have another device put in the middle of the communications cable (or wireless).
  4. The user may forget the password related to securing their private key. While this would prevent future signing, it could also mean that all data encrypted for storage would no longer be accessible.  There will be millions of users who will lose a lot of their data because it's encrypted using a key they no longer have access to.
  5. Users can be tricked into using their keys insecurely, including phishing attacks and social engineering attacks.
  6. What happens to all digitally signed documents done between the loss of control of a user's keys and detection that the keys were lost?  A user can revoke his keys, but only once he knows something has gone wrong.  But that user will not know what, if anything, was ever forged.
  7. How can a user know where his forged credentials are being used?  Cannot!
  8. Once a digital signature is applied by a user, that document will remain secure only for as long as the digital signature is valid. If the digital signature uses SHA-1, that may only be a few years away.
With services like Yozons Open eSignForms, many of these issues do not exist. When a credit card number and information is stolen, a user eventually finds out because invalid charges appear on his or her statement.  The credit card company can go back and find all fraudulent charges and reverse them.  Something similar happens when using an e-signature service -- the only signed documents you have can be found in the service.  Any fraudulently signed documents can be discovered and invalidated.  There is recourse to such a loss that is guaranteed to happen frequently across a large pool of users.

Documents digitally signed using Yozons Open eSignForms employ a 4096-bit RSA keypair with SHA-512.  This is not the norm among esign vendors who generally use much less secure technologies (including those absolutely worthless vendors/products that don't digitally sign at all).  While the greater security provided by Yozons is powerful today, eventually it will no longer be considered secure just like SHA-1's fate today and MD5 before.

Unlike "advanced" e-signatures created by users for themselves, a service can ensure documents are secure going into the distant future.  For example, if a digitally signed document in Yozons previously used 1024-bit RSA with SHA-1 (a very typical scenario still in practice today), our technology could easily retrieve that document, ensure the older digital signature is still valid, and if so, then re-digitally sign the document using 4096-bit RSA with SHA-512.  Such a document can remain secure for as long as necessary.

It is time for SHA-1 to be retired.  Yozons has updated all of its server SSL certificates to ensure they are protected with SHA-2.  But what about all those web sites and users who do this for themselves?  They most likely will not be on top of security issues like this, and that's the very problem we solve for our customers and their users.

Wednesday, October 8, 2014

Shared web services can cost your business

One of the great things about the Internet and the advent of web services (shared software as a service or SaaS) is the ability for businesses to jump into new technologies with relatively low barriers for entry.

For many large enterprises, deploying and managing hardware servers inside a data center for new services desired by a particular department is a death sentence for the project.  The teams are understaffed and overwhelmed supporting the myriad systems already deployed.  There is no operational expertise in-house for the new services.  For small companies, such deployments are often cost prohibitive because they lack the technical skills and resources to make it a success.

Purchasing web services has solved these problems very well.  Departments in enterprises and small businesses can essentially rent time on a large shared service, often paying for resources consumed (transactional) or users per month (subscription).  The cost of entry is low, and deployment tends to be quick.  It's a real benefit.

However, when the service offered is a core competency, using third party services is often undesirable and more costly than the price tag may suggest.  Web contracting and electronic signature services fit this bill for many companies.  Most companies realize that it is a trap to store key documents and contracts and allow customer interactions to be performed by a third-party vendor.  Of course, those service providers that offer "free tiers" tend to be the worst.  Instead of monetizing their purported service, you, their customer, is the actual product and they monetize you and your interactions with your customers instead.

With Yozons Open eSignForms, you have ultimate flexibility and complete brand control.  Each customer deployment is always an independent system: independent database and independent web application.  Even our lowest cost "shared hosting" only shares the physical server, but each customer running on that hardware has its own independent web application and database, keeping its users away from those of all other customers we service. 

Most SaaS vendors put millions of unrelated customers into a single huge system.  This makes migration away much harder, and of course creates a huge target for hackers who boast about big exploits and cause millions of user records to be stolen and sold on the black market.

Over time, the cost of paying a vendor to handle your contracting, your documents and the interactions with your customers, employees and business partners grows substantially.  Losing touch with your customers by using a third-party service is a cost few estimate correctly. 

Many companies initially jump on the SaaS bandwagon, giving them a leg up on the competition and providing services quickly at a low cost of entry.  But these companies ultimately ditch those early efforts and deploy their own services, which turns out to be more profitable for them and allows them to control their customer relationships and control their important business documents.

With Yozons Open eSignForms, you can easily migrate from shared hosting, but with fully independent customer systems, to private hosting, to bringing it all in-house.  You maintain full control over your independent system no matter how it's deployed, and that flexibility is what motivates companies to eventually abandon their forays into shared SaaS and instead take care of their own business themselves.