Call it “RSA on the Rhine.” Government officials in The Netherlands were left scrambling Tuesday to reassure nervous citizens that the country’s digital ID system, dubbed DigID, was safe after it was revealed that DigiNotar, the certificate authority that backs the DigID system, had been compromised by hackers and used to issue fraudulent certificates.
In a statement on Tuesday, the Netherlands Ministry of the Interior and Kingdom Relations, sought to reassure millions of residents that the public key infrastructure (PKI) system used by the government, PKIoverheid was still secure.
“The reliability of PKIoverheid certificates are not at issue,” the Ministry of the Interior said in an e-mail sent to registered DigID users on Tuesday. “Logius has no indication that PKIoverheid false certifications under the State of the Netherlands root certificate were issued, including those of DigiD,” the government said.
DigID is used by more than seven million Dutch citizens and brokers online access to hundreds of local, regional and national government services. In a statement on Tuesday, VASCO, which acquired Diginotar in January, admitted that one of the Diginotar root servers issued fraudulent certificates for Google’s domains in recent months following an attack on its CA infrastructure. VASCO officials said that the company became aware of the attack on July 19, nine days after the Google certificate was issued. DigiNotar has stopped issuing certificates for the time being while it tries to figure out what happened.
In the meantime, the discovery of the fraudulent Google certificate prompted swift responses from the major browser vendors. Mozilla and Microsoft removed DigiNotar from the list of trusted root CAs for their browsers, and Google said that it was disabling DigiNotar as a trusted root in Chrome.
That move prompted Diginotar to issue a statement Tuesday asserting that a forensic examination conducted by Fox-IT indicated that only one of its CA root servers had been compromised and that all the fraudulent certificates issued had come from a Sub Root of that server. Other DigiNotar root servers were untouched, inlcuding those that make up the PKIoverheid infrastructure that are used to generate the DigID certificates, Diginotar said.
But security experts say that the compromise of even one root server casts a pall over Diginotar’s entire operation, and that – company assurances aside – there’s plenty of reason to worry.
“There could be some very serious implications here,” said Roel Schouwenberg, Senior Anti-Virus Researcher at Kaspersky Lab. “This case needs to be treated as similar to the RSA case, meaning (Diginotar) could have had a serious compromise, just like with SecurID.”
Diginotar’s assurances that their other root servers are secure should be treated with skepticism, he said, because the company is pointing to a July audit of their network as evidence that the breach was limited, while also admitting that the audit missed the forged Google certificate, as well as a Web site defacement that claimed credit for the hack and that was only removed on Monday.
“Everyone is effectively saying that ‘nothing is wrong,'” Schouwenberg said. “They’re saying ‘we had this audit,’ but they overlooked the forged Google certificate. So clearly a new audit needs to happen.”
The limitations of the existing system for issuing digital identity certificates online have been known for a long time. However, recent incidents – such as the hack of Comodo, another certificate authority, in March have focused attention on the vulnerability of loosely managed CAs and root servers. That attack, which resulted in forged certificates being issued for popular online services including Google, Yahoo and Skype. That attack, like the hack of Diginotar in July, was believed to originate in Iran.
At this year’s Black Hat Briefings in Las Vegas, researcher Moxie Marlinspike unveiled a client-side software tools, dubbed Convergence, that is designed to replace the CA infrastructure and allow users to avoid relying on it for matters of trust and authenticity. Built for Firefox, the tool is Marlinspike’s effort to bring some of the intended authenticity back to the SSL and CA system, with minimal effort on the user’s part.