On the uselessness of self-signed SSL certificates

I have observed some hosts using "self-signed" certificates when using SSL to protect their communications with banking terminals. This is tantamount to asking a guest to tell you a password and then verifying that the guest knows this password.

The SSL security protocol is widely used to protect TCP/IP communications between banking terminals and hosts. Part of the initial SSL handshake involves the server (host) sending its certificate to the client (ATM or EFT-POS terminal). Some hosts choose to use self-signed certificates, as opposed to certificates signed by certificate authorities. But when the client receives a server's self-signed cert, the server expects the terminal to use the public key contained within this newly received cert to verify the signature of this newly received cert.

A notoriously thorny challenge for SSL on the web is authenticating the server. The conventional solution is for the server's cert to contain the server's domain name. The client cross-checks that the domain name within the received cert is the same as the domain name with which the client is communicating. Since the cert has been signed by a trusted certificate authority, the client may be confident of the authenticity and integrity of the domain name within the cert. This system is deeply flawed, but it is a leaky ship that manages to stay afloat.

But anyone can generate their own self-signed cert, containing any arbitrary data. It takes jut a few seconds using OpenSSL. If a terminal accepts self-signed certs, then a man-in-the-middle attacker may create a self-signed cert containing the legitimate host's domain name, and the terminal would be unable to detect that the attacker's cert is bogus.

Dear hosts, please invest $70 on a signed cert issued by a real cert authority, as is done by even the most rudimentary web sites. You could try VeriSign or GoDaddy.

SSL offers various "cipher suites", such as TLS_RSA_WITH_3DES_EDE_CBC_SHA. One of the cipher suites is a dummy placeholder and performs no actual encryption nor authentication and is not intended for use, namely TLS_NULL_WITH_NULL_NULL. I tell you this as background so I may now geek-taunt those hosts using self-signed certs: you may as well be using the TLS_NULL_WITH_NULL_NULL cipher suite! Ha!

Footnote: When my ATMs communicate with lax irresponsible hosts which use self-signed certs, my work-around to achieve adequate security is to pre-load the negligent derelict host's cert into a "white-list" on the ATM. The ATM only accepts a received cert if the cert is in the white-list, bypassing the entire signature scheme.