Man-in-the middle attack

MitM attacks are a class of security attacks that involve the compromise of the authentication of a secure connection. In essence, an attacker builds a transparent tunnel between the client and the server, but makes sure that the client negotiates the secure connection with the attacker, instead of the intended server. Thus the client instead of having a secure connection to the server, has a secure connection to the attacker, which in turn has set up its own secure connection to the server, so that it can relay messages from the server to the client without raising suspicion while eavesdropping the traffic flow.

The reader may ask, how do clients know if they are talking with the intended server then? In fact, as cryptographically secure as the established channel might be, no matter how difficult to crack the encryption, if not established correctly, the channel isn't secure at all.

The trust model used on the Web currently involves the generation of certificates, which are signed by audited companies called Certification Authorities (CAs) and are trusted by your browser as soon as you install it. If you were to sign your own certificate, most browsers would complain that the certificate isn't trusted, in the sense that, while it might be possible to establish a secure connection, no audited entity has vouched the server you've reached.

undefined
Illustration of man-in-the-middle attack
By Miraceti (Own work) [CC BY-SA 3.0 (http://creativecommons.org/licenses/by-sa/3.0) or GFDL (http://www.gnu.org/copyleft/fdl.html)], via Wikimedia Commons

Cloudflare's Universal SSL

The easy to configure Universal SSL can work in several ways:

  • Flexible SSL: The word "flexible" here is in the sense that it "bends" the idea of SSL. Only the connection between the user and Cloudflare is secure, thus websites set up in this way will always have their traffic sent in cleartext in the last mile (ie, between Cloudflare and your server). The advantage of having your traffic encrypted isn't clear to me, since it is only encrypted half of the way. The channel is only as secure as its weakest link, thus, it's exactly as secure as cleartext (ie, no encryption at all). Waste of computer cycles. This will work though if you intend to deceive your users into a false sense of security.
  • Full SSL: That's regular SSL but with Cloudflare in the middle, with your private key. Is this "full", given they insist in looking at everything that goes between your users and your website?
  • Strict Full SSL: This is exactly the same, but you paid for a trusted certificate signed by a CA. This translates to no actual security improvement compared to Full SSL, because if you own the Cloudflare account, you certainly gave them a SSL certificate you trust to your server, and Cloudflare will automatically refuse any certificates but that one.
  • Keyless SSL: Well, the name isn't what I would consider deceiving this time. They will still read your traffic but without actually having your keys.

Errata: In fact, Full SSL does not even validate your self-signed certificate (no certificate pinning, fingerprint check or anything of that sort). To prevent a MitM attack effectively, you'd need to, ironically, pay for regular CA-issued certificate in Strict Full SSL. So, unfortunately, Strict Full SSL does translate in an improvement compared to Full SSL, since the latter is weaker than I thought.

For comparision, I will leave their image:

 undefined

Source: Cloudflare, https://www.cloudflare.com/ssl

The problem with Flexible SSL

Flexible SSL makes it easy to create a secure connection and have it mean nothing. Do you need a trusted certificate for your latest phishing scheme? Just host it regularly on your insecure server and set it up on Cloudflare: that padlock might just seal the deal to the distracted user. I'm not giving the reader a brilliant criminal idea, I'm sure this is rather obvious to any serious cybercriminal that creates those realistic website copies and the appealing emails that lead people to them - they have been trying to emulate the security features of real websites, but setting up trusted SSL has been a challenge. Now SSL is within their reach, even without the minimum knowledge on how to configure SSL servers.

It subverts the idea of a secure channel, because it is not secure by any reasonable definition, given the data is transmitted in the clear at some point through the public internet; the idea of authentication, given you no longer are interacting with the websites' actual servers; and the idea of trust, since thousands of bogus certificates emitted this way will not ensure users' security, leading me to distrust the trust model of the entire Web. That's pretty severe right there.

Giving everyone access to SSL

I'm all for the proliferation of SSL, and security is indeed too difficult for the average webmaster to figure out. This means, unfortunately, that some websites that ask for your private data send it in the clear. Certainly SSL for everybody is much better?

I'd argue that not really. Not only does it empower anyone to create malicious websites (see above) but it empowers people who don't know security to do it badly. And by making Flexible SSL available, the easiest and default option is just that.

Do you trust Cloudflare entirely?

Enabling Universal SSL gives your users a sense of security: that the data they are sending is protected from the preying eyes of attackers. Remember though, in this setup, Cloudflare has access to the entire datastream in cleartext, thus your transmission is only as secure as Cloudflare's infrastructure: one zero-day exploit is all it takes to read traffic of potentially millions of websites with a single attack (this means it could take more than one attack, but certainly not proportional to the number of websites affected, in the sense that a single Cloudflare endpoint mediates traffic to multiple websites).

Thankfully, in this regard, Cloudflare probably has better odds of tackling zero-day vulnerabilities than you do, given its position in the industry and access to unreleased exploits. On the other hand, the odds your website will be attacked increase when you're using a popular platform like this one, since one attack to the platform is an indirect attack to you.

Though, one thing is for sure, if you're trying to protect yourself from government-mandated spying in light of recent news on mass surveillance, you probably can only trust your own server, and not that much. Adding an intermediary effectively adds yet another point of attack. Worse, Cloudflare is an attractive one at that given the sheer size of traffic flowing through it, especially if, suppose, a government agency could convince the company to cooperate with their alleged spying efforts.

An actual solution

Starting a free Certificate Authority would certainly help the Web become more secure. There have been efforts to do this, but the money hasn't been raised to properly audit these CAs (eg, CACert) and thus they aren't trusted by any wildly distributed browser.

These free CAs could tackle phishing because:

  • they would require traditional SSL setup, which is still the only way of creating a truly secure channel;
  • this setup requires effort and knowledge that your average cybercriminal (or security-oblivious webmaster) isn't willing to spend time with;
  • they could provide automated revocation of certificates given to domains reported as phishing.

Other measures could be created to properly tackle the trust issue, including creating a quasi-free model in which you could be asked to authorize a very small amount on a valid payment method. Only after ensuring that the charge is not refunded in a period of a few days, which is likely in stolen credit cards, can the user create a certificate. Such a measure could discouraging creation of bogus certificates and possibly provide identity records of abusing phishers.

The nail in the coffin

http://news.netcraft.com/archives/2013/10/07/phishers-using-cloudflare-for-ssl.html
https://blog.malwarebytes.org/fraud-scam/2014/12/free-ssl-certificate-from-cloudflare-abused-in-phishing-scam/
... and more to come.

Disclaimer: I use the regular Cloudflare (without their free SSL).