Two high-profile PGP project contributors have faced attacks conducted by unknown threat actors which have been able to poison certificates used by the SKS keyserver network.
PGP is a form of encryption software used to secure email communication from eavesdroppers. Last week, OpenPGP project developers, Robert "rjh" Hansen and Daniel Kahn "dkg" Gillmor, became subject to an attack which spammed their public cryptographic identities.
As reported by Vice, Hansen and Gillmor have revealed that someone was poisoning their certificates -- a process which causes a flood of signatures or certifications and prevents a cryptographic identity from being authenticated properly.
In a post detailing the attack, Hansen said the threat actor exploited a "defect" in the OpenPGP protocol to poison their certificates. Anyone who attempted to import these compromised certificates would, most likely, break their software installations and clients.
"Poisoned certificates are already on the SKS keyserver network," the developer added. "There is no reason to believe the attacker will stop at just poisoning two certificates. Further, given the ease of the attack and the highly publicized success of the attack, it is prudent to believe other certificates will soon be poisoned."
The attack, unfortunately, cannot be quickly remedied or mitigated and there is no time frame available for a fix in future releases. The only way at hand to prevent exposure to the attack is to stop retrieving certificates and data from the SKS keyserver network.
The keyserver is a core component of PGP and the authentication of users of the protocol. The design elements of the server -- in which information can be added but not deleted -- worked well enough at its inception in the 1990s, but the developer says that the team has known about design flaws and potential attack vectors for years.
"We've known for a decade this attack is possible," Hansen said. "It's now here and it's devastating."
Due to the keyserver's write-only design, certificate spamming is only one of a variety of attacks the system is vulnerable to.
There are serious technical and social problems which prevent the keyserver from being easily protected against certificate poisoning, and to make matters even more serious, the SKS code was written in an obscure language for a Ph.D. thesis. It is not possible to simply issue a patch -- a complete infrastructure overhaul may be required.
"Changing design goals often requires an overhaul of such magnitude it may be better to just start over with a fresh sheet of paper," Hansen says. "There is literally no one in the keyserver community who feels qualified to do a serious overhaul on the codebase."
Hansen does not believe the global keyserver network is salvageable and the developer recommends that "high-risk" users stop using the network immediately. However, Hansen told Vice that PGP itself is still workable without the SKS network.
In a subsequent post-mortem of the flooding, Gillmor said that there have been past proposals to mitigate the issue, but "none of those proposals have quite come to fruition."
"This is a mess, and it's a mess a long time coming," Gillmor added. "The parts of the OpenPGP ecosystem that rely on the naive assumptions of the SKS keyserver can no longer be relied on because people are deliberately abusing those keyservers. We need significantly more defensive programming and a better set of protocols for thinking about how and when to retrieve OpenPGP certificates."
Previous and related coverage
- Engineer faces 219 years in prison for smuggling US military chips to China
- G20 supports proposal to make cryptocurrency exchanges hand over user data
- Facebook abused to spread Remote Access Trojans since 2014
Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0