attack-surface.md

Attack Surface Analysis for smallstep/certificates

Attack Surface: Root CA Key Compromise

• Description: Theft or unauthorized access to the root CA's private key. This is the single most critical vulnerability, as it undermines the entire trust chain.
• How smallstep/certificates Contributes: smallstep/certificates is responsible for generating and managing the root CA key. Its configuration and operational security directly impact the key's safety. The certificate itself is the embodiment of this trust.
• Example: An attacker gains physical access to the server hosting the root CA and extracts the private key file, or a vulnerability in step-ca allows remote key extraction.
• Impact: Complete compromise of the entire PKI. Attacker can issue valid certificates for any domain, enabling widespread impersonation, MITM attacks, and data breaches. Trust is irrevocably broken. All certificates issued by this CA are now suspect.
• Risk Severity: Critical
• Mitigation Strategies:
  • Offline Root CA: Keep the root CA completely offline, stored on air-gapped, physically secured media (e.g., a hardware security module (HSM) in a safe).
  • HSM (FIPS 140-2 Level 3+): Use a certified HSM to generate and store the root CA key. This provides strong protection against both physical and logical attacks.
  • Key Ceremony: Conduct a formal, documented key ceremony with multiple trusted individuals to generate the root key.
  • Multi-Factor Authentication (MFA): Require MFA for any access to the root CA, even when offline (e.g., for HSM access).
  • Strict Access Control: Implement rigorous access control lists (ACLs) and role-based access control (RBAC) for the root CA. Limit access to a very small, trusted group.
  • Auditing: Enable comprehensive auditing of all root CA operations, including key access and certificate issuance.

Attack Surface: Intermediate CA Key Compromise

• Description: Theft or unauthorized access to an intermediate CA's private key.
• How smallstep/certificates Contributes: smallstep/certificates manages the issuance and lifecycle of intermediate CAs, and its configuration determines the security of these keys. The intermediate CA certificate and its associated private key are the targets.
• Example: An attacker exploits a vulnerability in the step-ca server hosting an intermediate CA to gain access to the private key.
• Impact: Attacker can issue certificates within the scope of the compromised intermediate CA. This allows for targeted impersonation and MITM attacks, but the scope is limited compared to root CA compromise. All certificates issued by this intermediate CA are now suspect.
• Risk Severity: High
• Mitigation Strategies:
  • HSM (FIPS 140-2 Level 2+): Store intermediate CA keys in an HSM, providing strong protection.
  • Strong Access Control: Implement strict access control and MFA for intermediate CA servers.
  • Short Lifetimes: Use shorter certificate lifetimes for intermediate CAs than for the root CA.
  • Name Constraints: Use X.509 Name Constraints in the intermediate CA certificate to restrict the domains for which it can issue certificates.
  • Regular Key Rotation: Rotate intermediate CA keys more frequently than the root CA key (e.g., every few months or years).
  • Network Segmentation: Isolate intermediate CA servers on a separate network segment with strict firewall rules.

Attack Surface: Unauthorized Certificate Issuance

• Description: An attacker successfully requests and obtains a certificate for a domain they do not control.
• How smallstep/certificates Contributes: smallstep/certificates handles the certificate request and issuance process. Weaknesses in this process can lead to unauthorized issuance. The core issue is the illegitimate certificate.
• Example: An attacker bypasses domain validation checks (e.g., by exploiting a flaw in the ACME challenge implementation) and obtains a certificate for a legitimate website.
• Impact: Attacker can use the unauthorized certificate to impersonate the legitimate website, perform MITM attacks, and potentially steal user credentials or data.
• Risk Severity: High
• Mitigation Strategies:
  • Strong Authentication: Require strong authentication for all certificate requests (e.g., API keys, client certificates, JWTs).
  • Robust Domain Validation: Use multiple, diverse ACME challenge types (e.g., DNS-01, HTTP-01, TLS-ALPN-01) to verify domain control. Ensure the smallstep/certificates ACME provisioner configuration is secure and up-to-date.
  • Authorization Policies: Implement fine-grained authorization policies to control who can request certificates for specific domains.
  • Rate Limiting: Implement rate limiting on certificate requests to prevent brute-force attacks and denial-of-service.
  • Auditing: Log all certificate requests, including successful and failed attempts, for security monitoring and incident response.
  • Manual Approval (For High-Value Domains): Consider requiring manual approval for certificate requests for particularly sensitive domains.

Attack Surface: Ineffective Certificate Revocation

• Description: Failure to revoke compromised certificates in a timely and reliable manner.
• How smallstep/certificates Contributes: smallstep/certificates is responsible for managing certificate revocation, including generating CRLs and providing OCSP responses. The attack relies on the continued validity of a compromised certificate.
• Example: A client's private key is compromised, but the CA's CRL is not updated promptly, or the OCSP responder is unavailable. The compromised certificate remains usable.
• Impact: Attacker can continue to use a compromised certificate to impersonate a service or decrypt traffic, even after the compromise is known.
• Risk Severity: High
• Mitigation Strategies:
  • Short CRL/OCSP Lifetimes: Configure short lifetimes for CRLs and OCSP responses (e.g., hours or a few days).
  • Highly Available OCSP Responders: Deploy highly available and redundant OCSP responders. Monitor their performance and availability.
  • OCSP Stapling: Enable OCSP stapling on web servers to improve performance and privacy, and reduce reliance on external OCSP responders.
  • Automated Revocation: Implement automated processes for revoking certificates upon detection of compromise (e.g., integration with intrusion detection systems).
  • Regular Testing: Regularly test the certificate revocation process to ensure it is functioning correctly.