Researchers from Mozilla, Google, and UC Berkley published the results of an in-depth study that found “interception products as a class have a dramatically negative impact on connection security.”
The Cyber Security and Infrastructure Security Agency (CISA) warned of similar risks in an alert titled, HTTPS Interception Weakens TLS Security. It characterized HTTPS inspection products as performing man-in-the-middle attacks on clients:
“Many organizations use HTTPS interception products for several purposes, including detecting malware that uses HTTPS connections to malicious servers. The CERT Coordination Center (CERT/CC) explored the tradeoffs of using HTTPS interception in a blog post called The Risks of SSL Inspection.
Organizations that have performed a risk assessment and determined that HTTPS inspection is a requirement should ensure their HTTPS inspection products are performing correct transport layer security (TLS) certificate validation. Products that do not properly ensure secure TLS communications and do not convey error messages to the user may further weaken the end-to-end protections that HTTPS aims to provide.”
“Because the HTTPS inspection product manages the protocols, ciphers, and certificate chain, the product must perform the necessary HTTPS validations. Failure to perform proper validation or adequately convey the validation status increases the probability that the client will fall victim to MiTM attacks by malicious third parties”
—Cyber Security and Infrastructure Security Agency
State-Of-Art & Risks of TLS Inspection
A NSA paper touches on the risk implicit
on TLS Inspection products, which will downgrade connection security, commonly from AES cypher algorithm to lower security 3DES one as example.
Here are the most common risks caused by network security appliances breaking TLS encryption, according the NSA:
Out-of-Control decrypted traffic
Once traffic is decrypted, if it is sent to another host for inspection (such as an external server), there is a risk the traffic will be mishandled.
“[The proxy or middle server] could misroute the traffic and result in exposing sensitive traffic to unauthorized or weakly protected networks.”
Downgraded TLS cypher algorithms
A proxy that breaks encryption to inspect traffic must create a new HTTPS connection to forward traffic to the recipient. Unfortunately, the second half of this chain isn’t necessarily as strong as the first.
TLS Inspection products often allow weaker encryption, like 3DES, on the second leg. This was thoroughly outlined in the joint research paper mentioned above.
“This could result in passive exploitation of the session, or exploitation of vulnerabilities associated with weaker TLS versions or cipher suites,” according to the NSA paper.
Certificate Authority Compromise/Abuse
To make all these HTTPS connections, TLSI products have an embedded certificate authority (CA) that creates and signs new certificates.
“The primary risk involved with TLS Inspection Device’s embedded CA is the potential abuse of the CA to issue unauthorized certificates trusted by the TLS clients…This can allow an adversary to sign malicious code to bypass host IDS/IPSs or to deploy malicious services that impersonate legitimate [ones],” according to the NSA report.
Single Point of Failure
The mere presence of decrypted traffic makes TLS inspection products a prime target for cyber-attackers.
“An adversary can focus their exploitation efforts on a single device where potential traffic of interest is decrypted, rather than try to exploit each location where the data is stored,” according to the NSA report.
Malicious Insider Access to Decrypted Traffic
Malicious outsiders might not be the only ones attracted to a decryption bottleneck.
Malcontent employees and contractors who are authorized to manage the service may also be tempted to snoop on such data.
“These authorized individuals could abuse their access to capture passwords and other sensitive data visible in the decrypted traffic,” according to the report.
The Aeon CyberDefense Solution:
Our CyberDefense Appliances doesn’t need to decrypt SSL data nor reduce the security of your encrypted connections. We instead employ sophisticated analysis of encrypted connections while guaranteeing the Privacy and Integrity of your data, so we can stop malicious TLS-encrypted connections without negative consequences for your Personal or Corporate Information.