Yeah, you know you need to upgrade from SHA-1 to SHA-256. Given the number of legacy and third party products in your environment, it’s not going to be easy, fast or cheap, but you’ve cataloged what needs to be done and you have a plan. Now you have to sell the business on that plan in order to get/maintain the necessary funding. How can you do that? Business leaders are not likely to respond to deep technical arguments; they need (and want) a clear explanation of the risk. How do you explain to your business the risk of continuing to use SHA-1 certificates?
With public trust SSL certificates, the impact is apparent and very visible. Visitors to your website (including customers and prospects) will get a message that your website certificate cannot be trusted and will be asked whether they want to proceed. Some will opt not to, thus reducing traffic to your site. Those that do continue to your site may feel a lower level of trust in your site and organization.
The same issue holds in many private trust scenarios; perhaps you have set up an internal PKI to manage partner and customer portals. Again, those partners and customers will see warnings about your certificates whenever they visit the portal. The risk is to your company’s reputation – can you be trusted?
Now let’s think beyond perception and look at other risks.
How could a SHA-1 certificate be used to compromise your organization?
Let’s go back to basics and remind ourselves how hashes are used in certificates. Whenever a certificate owner signs a piece of data, it first hashes that data and then signs it using the certificate’s private key. When another entity received the signed data, it validates the data by:
- Applying the certificate’s public key to the signed hash in order to produce the original hash of the data
- Hashing the data itself and comparing that hash to the original hash produced in Step 1 – if they match, we know that the data has not been tampered with and is valid
Remember that the value of a hash function is that creates a unique hash – no two pieces of data will hash to the same result. So when you verify a hashed piece of data, you are certain that the data is exactly what was presented, nothing else.
The weakening of the SHA-1 hash function (and the announcement of a way to generate a collision) means that this is no longer the case – someone can create the same hash (and therefore the same signature) out of two different pieces of data. That means that an attacker could potentially take a valid signature from one piece of data, create another piece of data that hashes to the same value, and apply that signature to the second piece of data, creating spoofed signed data that looks valid and is very difficult to repudiate.
Warning: this is not how I suggest you explain it to your business leadership. If you do, you risk getting caught in the weeds and never really explaining why your SHA-1 migration project is important to fund.
Keeping the technical details in your mind, let’s break down the business risks of a SHA-1 certificate.
The nature of the risk hinges on what the certificate is used for: e-mail signatures, document signing, code signing, or even certificate request signing. Depending on your use case, these are the risks you can explain to your business leaders:
- Fraud: an attacker creates a spoofed message or document that appears to have been signed by your organization. Perhaps it is an order to wire money, a message with (false) damaging information about the company, or a contract with unfavorable terms.
- Malware: an attacker creates and distributes a piece of malicious software that looks like it was signed by your organization. Your customers download and install the malware and are furious when their systems are compromised as a result.
- Unauthorized access to company systems: an attacker creates a false certificate request that looks like it was signed by your CA. The attacker receives the certificate and is able to access company systems. This could lead to a more targeted, damaging attack in the future.
Now you have a story for your business leaders:
By upgrading their certificates from SHA-1 to SHA-256, they are reducing the risks of fraud (high financial impact), malware (high reputational damage and potential lawsuits), reputational damage (lost or slowed business) and unauthorized access to sensitive corporate data (a range of impacts depending upon the systems and your business). By pitching the story in terms of risk, you’ve given the leadership team the business context so that they approve your (very well thought out!) plan and you can start/continue the SHA-1 to SHA-256 migration.