Cryptography

You are currently browsing the archive for the Cryptography category.

Putting the TLS Vulnerability Into Perspective

November 9, 2009 in Cryptography, Vulnerabilities, Web | 2 comments

Introduction

Late last week it was disclosed by security researchers Marsh Ray and Steve Dispensa that a design flaw in TLS (the IETF implementation of SSL) could allow an attacker to successfully inject data in an encrypted session using a man-in-the-middle (MITM) attack.   The primary problem occurs during the renegotiation of the TLS channel when client certificates are employed.  Their documents the vulnerabilities in the TLS protocol as well as how the vulnerabilities could be exploited to violate the integrity of the data stream between a web client and server.  Even though the encrypted data cannot be read by the attacker, it is possible to inject arbitrary data into an authenticated session and it will be treated by the server as if it came from the client.  I will discuss the risks associated with this important discovery and outline some potential attack scenarios.

Putting the Risk Into Perspective

  • As mentioned previously, this vulnerability primarily affects sessions in which client certs are in use.  The vast majority of secured TLS sessions today do not involve client certs which limits the impact of this vulnerability.  For example, if you are shopping online or connecting to your bank over the Internet, it is almost certainly the case that a client cert is not in use.  Where client certs are sometimes used is in enterprise applications such as external access to corporate email.  Some companies require the use of client certs in this scenario.  Also, TLS sessions between systems used as part of a web application (e.g. SOAP calls) sometimes utilize client certs for greater security.  However, for most users client side certs are a non-issue which limits the scope of this vulnerability.
  • Another limiting factor of this vulnerability is the fact that it can only be exploited via a MITM attack.  MITM attacks are fairly difficult to successfully execute as it requires the interception of the network traffic between the client and the server.  While this is not impossible, it certainly would require some additional work.  In many cases, the hacking that would be necessary just to pull of the MITM attack would lead to greater potential rewards than the hacking of the TLS connection.  Some examples of MITM techniques include:
  1. Compromising the network of either the client or the server (e.g. ARP poisoning)
  2. Manipulating the DNS server of the client
  3. Taking advantage of an unsecured WIFI network connected to either the client or the server
  4. Using social engineering to compromise either the client or the server
  5. Compromising a proxy server used by either the client or the server
  • The results of an attack against this vulnerability do not allow the attacker to see any encrypted data sent by the client or the server.  It could allow an attacker to inject commands into the session which the server would believe came from the client and would execute.  However, the attacker would not be able to see the results which limits the impact of this vulnerability.  This situation clearly violates the integrity of the session, but the amount of damage that can be done is limited.
  • This vulnerability does affect more than just HTTP.  This is the most common protocol to use TLS, but others do as well (e.g. IMAP).  The shear scope of applications and protocols that rely on it warrants a fix to ensure that developers and end users can be confident in the behavior and security of their applications.

Summary

The vulnerability in the TLS protocol disclosed on November 4, 2009 is not likely to lead to a great deal of exploitation.  The primary reasons are the difficulty required to successfully launch an attack and the limited nature of the vulnerability and the how it can be exploited.  Most attacks today are financially motivated and are conducted by groups that understand how to perform a cost benefit analysis.  I suspect that they will look at this vulnerability and decide that there are easier ways to exploit systems for monetary gain and it will not be worth their time to devote resources to develop exploits for this one.  The pay off is simply not high enough.  In sum, I believe the risk to most individuals and organizations is fairly low.  Fixes are already being rolled out, but given the extent to which TLS is used today, it will likely be many years before all applications and devices have been remediated.  Even still, I will be surprised if we read about any significant compromises in the future that are attributable to this vulnerability.

Sources for Additional Reading

New Attacks on Wireless Encryption

November 12, 2008 in Cryptography, Wireless

Two graduate students in Germany have successfully against the WPA wireless encryption protocol. WPA was developed as a stop-gap measure when it was discovered that WEP, the original wireless encryption protocol, was deeply flawed and offered virtually no protection from eavesdropping on wireless traffic. Tools have been available for many years that can crack a WEP encrypted wireless network in seconds. If you are still using WEP, stop.

WPA offered many improvements over WEP even though it used the same cypher (RC4). The primary improvement was frequent rekeying that made the WEP hack useless against WPA. However, with this new attack published this week, WPA encrypted networks may now be vulnerable. Many enterprises and home users adopted WPA because it did not require a hardware upgrade; it could be implemented with fairly simple software updates. But the days of WPA providing adequate security are quickly coming to and end. Even though the attack published this week is limited in its scope, the writing is on the wall. Once a significant attack is developed against a protocol or cypher, it doesn’t usually take long before better ones are developed or the same one is made better through faster processing power (think DES and WEP).

The solution is to implement WPA2 which uses AES as its cypher. AES is the gold standard of encryption cyphers and as a result, WPA2 is not vulnerable to this or any other known attack. It comes in two flavors: WPA2-Personal (sometimes called WPA2-PSK) and WPA_Enterprise. The primary difference is that the personal implementation uses a preshared key, or password, and is designed for home use. The enterprise version requires a RADIUS authentication server and is designed for larger, corporate environments. Most newer wireless clients support WPA2, although some older ones do not. In fact one of my home laptops (about 4 years old) doesn’t which is preventing me from upgrading my wireless network to pure WPA2. It looks like that laptop will be getting replaced soon, thanks for two graduate students from Germany :) .

Hiding in Pictures

October 16, 2008 in Cryptography

Take a look at the two images below. Can you tell which one has a message hidden within it?

Even though it is impossible to notice, the image on the left has a hidden text file in it. The hidden message says:

“This is a test file used in my steganographic encryption fun.

https://infosecstuff.com”

I created the text file using Notepad, and then used a tool called to embed the text file within the image. This is an example of steganography, one of the most fascinating fields of cryptography.

Steganography is not anything new. In fact, it dates back thousands of years. The ancient Greeks and Romans would often hide messages that they did not want to be intercepted using various means. In more recent times, steganographic techniques were used during World War II. And it is believed that terrorists use this method today to communicate messages securely. Basically, steganography is the hiding of messages such that the presence and contents of the message cannot be detected or revealed. In the digital age, it has come to mean the hiding of messages usually within image, sound or video files.

So how does this work? Steganographic tools take advantage of the fact that the least significant bit (LSB) of a binary file can be changed without altering or destroying the file significantly. In fact, many other security techniques such as hash functions and checksums also manipulate the LSB for their purposes. The file you are hiding must be smaller than the one you are using to hide the message and it works best for small messages. Larger hidden messages can result in the distortion of the original file which will make it easier for others to detect the hidden message.

Steganography has many applications including digital watermarks and the protection of private information.  But it can also be used for fun and cool home projects.  is a clever example of using steganography as a party sign or even a home decoration by my colleague Bob.  How cool is that!

Copyright © 2011 InfoSecStuff.com — All Rights Reserved