In-App Testing

Since the HSTS and HPKP protocols allow for genuine interception of SSL by trusted certificates, nothing can be done to warn end users that their communications are being intercepted. For those that need to inform their users of interception, in-app testing could be considered. By performing an additional SSL/TLS handshake, using Javascript within the webpage, it is possible to compare the certificate fingerprint being sent to the client with the one that is configured on the web server. These should always match, but with SSL/TLS interception, even when the certificate name matches, the fingerprints will be different.

Researchers at Carnegie Mellon University used a similar technique to spot SSL/TLS interception in the wild. By implementing additional TLS handshakes within hidden Flash applets, researchers were able to detect and capture forged certificates for visitors of Facebook.

The level of effort to implement this kind of detection may not be worthwhile, however, since a site being intercepted can no longer be trusted.

End User Testing of SSL/TLS Interception

For citizens concerned with SSL/TLS interception, various tools exist to test for its use, including OpenSSL and SSLyze. These are complex command line tools, however. A simple website worth considering is found on GRC’s website: https://www.grc.com/fingerprints.htm.

Risks of Nationwide Interception

Installing this root certificate is not law in Kazakhstan and, in fact, a government official has said that users do not have to install the certificate at all. This is certainly true and it’s actually very unlikely that most citizens will have the technical competency to complete this task across all devices they own. Those that do understand will also very likely understand what it will mean.

But what happens when users visit a website being intercepted and they don’t have the nation’s digital certificate installed? The first thing users will see is a security warning presented by their browsers. They will be forced to make one of two choices:

1. Heed the warning and proceed no further
2. Ignore the warning (accepting this untrusted certificate) and proceed to the website

It’s reasonable to assume that most non-tech savvy users will simply ignore the warning and continue on with their web browsing. At this point, however, all of their web traffic is still being intercepted and monitored.

This poses two other significant issues. First, users being “trained” into accepting untrusted certificates plays a significant role in desensitising users to the security warnings that are presented to them. If users are accustomed to ignoring security warnings, then we cannot expect them to take any of them seriously.

Secondly, once this root certificate is installed, it will almost certainly never be removed. Since the Qaznet certificate has such as long lifespan (it expires in 2046) there are almost three decades over which threat actors could compromise the private key and begin using it to attack Kazakh citizens.

Finally, and perhaps the biggest problem, is that strong cryptography is not something that can be controlled. While the mass majority may not understand how to “roll their own” crypto, those that have a specific reason to do so—the organised cybercriminal and the terrorist—certainly do. Whether it be a messaging app such as Threema that lets users control their own encryption keys, or a bespoke piece of software, tools exist to make cryptographically secure messaging that is impossible to intercept (at least during transit, because interception of communications on the device itself is certainly possible and far more likely).

It will be interesting to follow the developments in Kazakhstan. It would come as no surprise if the country’s leaders were to introduce a law that required the installation of their root certificate on to any new devices sold, thereby solving the challenge of how to load the certificate on devices of non-technical users.

IOCs

It would be disingenuous to talk about indicators of “compromise” when citizens must manually install the root certificate. For academic purposes, however, details of the root and intermediate certificates are shown below: