That warning was first sounded May 19 by a cross-national team of computer scientists, who have dubbed the related vulnerability `Logjam.` After two months of behind-the-scenes effort, they have prepped related fixes for the vulnerability, which involves implementations of the Diffie-Hellman algorithm. But their fix, The Wall Street Journal reports, could soon make more than 20,000 websites unreachable.
`Diffie-Hellman key exchange is a popular cryptographic algorithm that allows Internet protocols to agree on a shared key and negotiate a secure connection. It is fundamental to many protocols including HTTPS, SSH, IPsec, SMTPS, and protocols that rely on TLS,` the researchers say via a dedicated Logjam attack website that they have created. `We have uncovered several weaknesses in how Diffie-Hellman key exchange has been deployed.`
The flaws were discovered by a team of computer scientists at Inria Nancy-Grand Est and Inria Paris-Rocquencourt in France, Microsoft Research, Johns Hopkins University, University of Michigan, and the University of Pennsylvania. They have released extensive technical details in a research paper titled Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice.
The researchers warn that based on their scans of the Internet, 8 percent of the world`s 1 million most popular websites that use HTTPS - represented by a green padlock in browsers - are vulnerable to Logjam, as are 9 percent of POP-using email servers, and 8 percent of IMAP-using mail servers.
Resembles `Freak` Flaw
The Logjam researchers say that the flaw resembles the SSL vulnerability known as Freak, which could be used by an attacker to force crypto suites to downgrade from using a `strong` RSA cipher to a weaker, `export-grade` RSA cipher. The Freak flaw was present in Apple, Android and Microsoft browsers, and resulted from the way they implemented TLS (see `Freak` Flaw Also Affects Windows).
Unlike Freak, however, Logjam involves a `flaw in the TLS protocol rather than an implementation vulnerability, and attacks a Diffie-Hellman key exchange rather than an RSA key exchange,` the researchers note.
`Like Freak, the Logjam vulnerability takes advantage of legacy encryption standards imposed in the 90`s by the U.S. government and tricks servers into using weaker 512-bit keys which can be decrypted easily,` Ken Westin, a senior security analyst at security firm Tripwire, says in a blog post. `The vulnerability affects any server supporting DHE_EXPORT ciphers and all modern browsers.`
How Nation States Eavesdrop?
The Logjam researchers warn that this flaw can be - and likely has been - exploited by `state-level adversaries,` such as the U.S. National Security Agency, and that more than just 512-bit keys are at risk. `Millions of HTTPS, SSH and VPN servers all use the same prime numbers for Diffie-Hellman key exchange,` they say. `Practitioners believed this was safe as long as new key exchange messages were generated for every connection. However, the first step in the number field sieve - the most efficient algorithm for breaking a Diffie-Hellman connection - is dependent only on this prime. After this first step, an attacker can quickly break individual connections.`
Based on the researchers` tests, 80 percent of sites that now use the most common 512-bit prime for TLS can have their connections downgraded and intercepted. The researchers also believe that an `academic team` could break a 768-bit prime, and that a nation state could break a 1024-bit prime. They add that 18 percent of the world`s most popular 1 million websites use the same 1024-bit prime, and thus would be most susceptible to `passive eavesdropping` attacks. Meanwhile, cracking the second most popular 1024-bit prime would allow for eavesdropping on 66 percent of the world`s VPN servers and 26 percent of all SSH servers.
Read original article
No comments:
Post a Comment