0

Imagine that there is a PC you have physical access to, and a router you have no physical access to. Also no digital access to router. The router is for sure compromised and intercepting all packets from the PC, also is hijacking DNS requests and probably includes fake root cert to decrypt HTTPS. In such a conrfiguration and considering there's no way to change it's firmware, so only from the PC connected to this router it is possible to do something, is there any possibility to:

  1. Avoid DNS hijack, considering popular DNS servers like Cloudflare, Google etc. are hijacked in router too, so they reply with wrong DNS, that's checked.
  2. Determine whether root cert is in place or not.
  3. If it is, then avoid the usage of certificates, signed by it (or if I understand mechanics of connection wrong, then anyway how to encrypt my traffic in such a case).
  4. Become sure I entered true internet, considering router's DNS hijack is dynamic, so there's no website I can say for very sure, that it's just as it designed by it's owners, instead of deface.

May VPN help at least with hijack? May be TOR or I2P useful in such a case? Any another solutions? Are there at all the way to connect to internet without being intercepted in such a case?

schroeder
  • 125,553
  • 55
  • 289
  • 326
July
  • 1

2 Answers2

1

A router cannot intercept TLS traffic without the computer being complicit. Someone would have had to accept the router's CA certificate as valid. If this hasn't happened, anything signed by the router would throw alarm bells in the computer's browser or any application using TLS.

Moving forward from this point of understanding: The owner of the computer should enable secure DNS protocols, DNS-over-TLS or DNSSec. Properly configured, no router (not owned by the chosen DNS operator) can sign these DNS requests so they appear as valid.

TLS + Secure DNS is enough to ensure one is connected to the "true" internet.

After this, one could VPN out of the network for extra security (if allowed by the router). These connections generally are asymmetrically verified using the VPN's key. There is no way for a router to fake this.

foreverska
  • 1,712
  • 11
0

From what I can understand from your question, there seems to be some confusion as to which is the role of a CA certificate in the public key infrastructure.

Since others have already addressed most of your questions, I'll try to quickly clarify some things for you. My explanation will be based on HTTPS (HTTP + TLS), but the concepts remain the same for similar setups.

Every certificate that is used in HTTPS is supposed to be signed by someone, so that it is considered valid. The signer is called a certificate authority ("CA"). Usually, there's a chain of CAs that sign a certificate, but let's keep things simple. So, how do you trust the CA's signature? You have the CA's public key (certificate) pre-installed in your browser, so that you can verify its signatures.

The key concept here is pre-installed. You cannot trust a CA's signature if you don't have its certificate. So, your browser comes bundled with a list of CA certificates that you should trust.

There are two things to note here:

  1. A CA's certificate is used for vouching (signing) that someone's certificate is valid
  2. A CA's certificate is not used to en-/decrypt traffic. This is the job of symmetric ciphers, whose key is derived by a form of the Diffie-Hellman (Merkle) protocol

So, to conclude: if someone breaks into your router and install her own CA certificate somewhere, it does not mean that she can decrypt the traffic flowing through the router. Even man-in-the-middle attacks are made impossible when the sites that are involved use valid certificates (i.e. signed by a trusted CA)

In the case of DNS hijacking there's one caveat (for the attacker): let's say that you ask for https://www.stackexchange.com. The router returns a fake IP where you connect. There, a malicious site sends you a fake certificate (posing as stackexchange).

Can they fool you? No, because the certificate they use is signed by a CA (their fake) that you don't trust.

Can they send the valid stackexchange certificate and use that to encrypt traffic and fool you? No, because in the initial handshake of the TLS protocol, the parameters exchanged between the two peers need to be signed, i.e. each side signs the parameters with the private key they have. Then the other peer verifies the signature with the public key of their counterpart. They trust the public key of their counterpart because that public key is signed by a CA that the peer trusts. This means that even if an attacker sends you the valid certificate from stackexchange, they cannot create a valid signature because they don't have the private key, which means that the protocol handshake breaks.

As such, if an attacker hijacks the DNS traffic to send their own DNS replies, and you only use encrypted communications, the best they can do is deny access to any site.

All in all, if you know that your browser is not compromised to include malicious CA certificates, you can be sure that your encrypted traffic cannot be decrypted by an attacker.

Spyros
  • 1,451
  • 1
  • 14