How can my employer be a man-in-the-middle when I connect to Gmail?
I'm trying to understand SSL/TLS. What follows are a description of a scenario and a few assumptions which I hope you can confirm or refute.
How can my employer be a man-in-the-middle when I connect to Gmail? Can he at all?
That is: is it possible for the employer to unencrypt the connection between the browser on my work computer and the employer's web proxy server, read the data in plain text for instance for virus scans, re-encrypt the data and to send it to Google without me noticing it?
Browser on employee's computer <--> employer's web proxy server <--> Gmail server
The employer can install any self-signed certificate on the company computers. It's his infrastructure after all.
Scenario: what I am doing
- With a browser, open http://www.gmail.com (notice http, not https)
- I get redirected to the Google login page: https://accounts.google.com/ServiceLogin?service=mail&passive=true&rm=false&continue=https://mail.google.com/mail/&ss=1&scc=1<mpl=default<mplcache=2&emr=1
- I enter my username and password
- I get redirected to Gmail: https://mail.google.com/mail/u/0/?pli=1#inbox
- I click on the SSL lock-icon in the browser...
...and see the following:
- Issued to: mail.google.com
- Issued by: "employer company name"
- Valid from: 01.01.2014 - 31.12.2014
- Certification path: "employer company name" --> "employer web proxy server name" --> mail.google.com
I'm now assuming that the SSL lock-icon in the browser turns green, but in fact I don't have a secure connection from the browser to the Gmail server.
Is that correct?
I've read these sources but still don't quite understand it:
- Is there a method to detect an active man-in-the-middle?
- Preventing a spoofing man in the middle attack?
- How does SSL/TLS work?
- Is it possible for someone to be a man-in-the-middle if that someone controls the IT infrastructure? If so, how exactly?
- Is my login and password read in plain text on the employer's web proxy server?
- What should I check in the browser to verify that I have a secure connection from the browser all the way to the Gmail server?
- Privacy is not a concern. I'm just curious about how TLS works in this particular scenario. What other means the employer has to intercept communication (keylogger etc.) are not relevant in this particular case.
- Legal matters aren't a concern. Employees are allowed to use company IT equipment for private communication within certain limits. On the other hand, the employer reserves the right to do monitoring without violating privacy.
At least your employer is fair enough to use his own name for the certificate, so you can see it. It would be much harder to find out if he copied everything from the original cert an change only the keys and checksums.
It is shocking that sites don't deploy SRP to help keep passwords secure as they assume that HTTPS is good enough http://simbo1905.wordpress.com/2014/05/16/the-secure-remote-password-protocol/
Google implements HSTS to help solve this particular issue. HSTS is HTTP Strict Transport Security which locks down the CA of the certificate Gmail uses. Use a browser with support for HSTS to help prevent man in the middle attacks.
@simbo1905 Could be an effect of Mozilla et al. pushing "Use HTTPS, it makes you secure!" to people who don't fully understand it. (That was still the case when this was posted, right?)
@gottlieb76 - are you sure about that? I think if the employer installed a root CA certificate on the computer that you are connecitng from, HSTS would not protect against them intercepting the data in a MITM way.
@JonnyWizz - Yes and no. If the employer can get inside the very first request, then yes. But google (and others) are starting to preload browsers with a HSTS list, thwarting this type of attack. Note that HSTS prevents the change of root CA as the certificates will be pinned. If you are unsure, just check the issuer of your certificate when visiting a cite.
You are absolutely correct in your assumptions.
If you are using a computer owned and operated by your employer, they effectively have full control over your communications. Based on what you have provided, they have installed a root CA certificate that allows them to sign a certificate for Google themselves.
This isn't that uncommon in the enterprise, as it allows inspection of encrypted traffic for virus or data leaks.
To answer your three questions:
Yes it is very possible, and likely. How active they are at monitoring these things is unknown.
Your password can be read in plain text by your employer. I don't know what you mean about the web server.
You can check the certificate to see who signed it, as you have already done. You can also compare the fingerprint to that of Google (checked from a third party outside of business control)
How exactly is my employer able to unencrypt that? Could you perhaps elaborate on that a bit?
You are using the bad certificate to connect to an intermediary device such as the firewall, that device is then connecting to Google using the correct certificate. The communication is encrypted from your client to the MITM, decrypted, and then re-encrypted on its way to Google.
Thank you very much for confirming my assumptions and answering the three questions! What I still don't get: I thought my browser would take Gmail's public key, encrypt everything in my browser and send it to Gmail. How exactly is my employer able to unencrypt that? Could you perhaps elaborate on that a bit?
@Lernkurve: In the case of a man in the middle, your browser will receive your employer's forged Gmail certificate instead of the real Gmail certificate. Normally, the browser would detect this situation because it's assumed to be impossible to forge a public keys issued by a credible CA, but if your company install their own root CA certificate, the browser would trust any certificates issued by the company CA and doesn't issue any warnings.
It's worth noting that in many jurisdictions this might be considered a violation of a right to privacy (see article 12 of UDHR) depending on what your employer told you about what they were doing.
@Lernkurve your browser is encrypting it with the public key from your employer's certificate. Then your employer's network monitoring device uses the private key from the employer cert to decrypt the message (and presumably make sure you're not smuggling proprietary data out). It then uses Google's public key to re-encrypt your message and sends it to Google. The same process in reverse occurs for Google's response.
One minor subtlety: If you're using Chrome as your browser, it will refuse to connect to Gmail if there's a man-in-the-middle, as Chrome hard-codes rules on who can sign certificates for Google sites (see http://googleonlinesecurity.blogspot.co.uk/2011/08/update-on-attempted-man-in-middle.html). Other combinations of browser and mail provider would have no special protection, however.
@James_pic either that's no longer the case or my employer's doing something to get around it. I just logged into gmail from Chrome at work and it's showing the use of the same bluecoat.myemployer.com cert that their proxy serves up for everything else it mitm's to monitor.
@DanNeely, it doesn't quite change the broader point of this discussion, but that's not how SSL works. Content is encrypted with *symmetric* keys negotiated during the handshake, not the certificate key.
@symcbean In some countries email is considered as normal mail. This means that if the employer reads it, *whether encrypted or not*, and independently of whether you are using their computer or not, *is a criminal offence*. For example in Italy you'd be violating art 616 of the criminal code; in which case the employer could be sent to prison for 1 year (3 if their knowledge of the contents of the email damaged the subject [this would probably include the employer fireing the employee])
We really need laws making signing of a forged certificate a felony, regardless of the purpose for which it's done.
@Bakuriu: The employer isn't doing anything to the e-mail though. The data being inspected are web pages (HTTPS requests), not e-mail (SMTP+TLS or SMTP+SSL or SSMTP). The e-mail is processed by the gmail server, all you get is a web view of it. Trying to apply a strict interpretation would likely implicate gmail (their computers open your e-mail and convert it into an HTML page). If gmail is permitted to handle your e-mail because you've consented, surely your employer has demanded the same consent as a condition of network access.
There's two points for the price of one in Ben's comment. (1) as a matter of Italian law, is "email" defined as "data over SMTP/POP/IMAP" or is it defined as "I know it when I see it"? If the former then the employer is off the hook. (2) what constitutes "reading" it? Mechanical manipulation for a particular purpose (reformatting, virus scanning, adding ads, grepping for terrorist words) is commonly held by the person doing it, if not always by the law, to be "not reading it". No doubt both questions have answers in Italian law, if not necessarily that would satisfy pedantic programmers.
Oh yes, and Italy has quite extensive employment law that regulates contracts between employer and employee. So even if the employer has demanded consent to do something as a condition of employment (or just as a condition of network access) I very much doubt it follows *necessarily* in Italian law that they actually have consent. This might be a value of "something" for which it does follow, then again it might not.
Yeah, I would definitely follow that you probably consented to these sorts of searches in your employment agreement. I would suggest reviewing your employment agreement and your company's employee handbook (available from HR).