Installing Fake Root Keys in a PC

1
Installing Fake Root Keys in a PC

• Adil Alsaid and Chris J. Mitchell
• Information Security Group
• Royal Holloway,
• University of London

2
Contents

• Introduction
• Installing Root Certificates
• A Practical Method for Silently Installing a Root
  Certificate
• Countermeasures

3
Introduction

• The attack
• Motivation

4
Installing Root Certificates

• Creating a Root Certificate
• Installing Root Certificates under user control

5
Creating a Root Certificate

• makecert -r -n "CNMyRootCA, OUMyOrganization,
• OCompanyName,EEmailaddress" -sv root.pvk
  root.cer

6
User Controlled Installation
7
User Controlled Installation
8
User Controlled Installation
9
General Approach to Silent Root Certificate
Installation

• Using standard tools
• Writing directly to the root certificate store

10
A Practical Method for Silently Installing a
Root Certificate

• C and CryptoAPI
• MS Windows message system

11
The Attack

• The user executes a malicious applet
• The malicious applet does the following
• Creates another running thread (Monitoring)
• Makes a CryptoAPI function call to add the fake
  root certificates
• Hides the security warning message box by
  providing a positive answer
• Now, the fake root certificate will be listed in
  the browsers trusted root CAs list

12
Countermeasures

• Proactive or preventative measures
• Users re-authentication
• Root public key store access restriction
• Reactive measures
• Scanning tool
• OCSP
• Verified and user added root keys

13
Questions?