Preparing For Possible Future Crypto AttacksSecurity experts warn that current advances in solving a complex problem could make a broad class of public-key crypto systems less secure
Security researchers and hackers have always been good at borrowing ideas, refining them, and applying them to create practical attacks out of theoretical results.
That pattern should concern security professionals because a number of academic breakthroughs in solving a complex mathematics problem could have a real impact on the security of the crypto systems that underpin much of today's Internet's security, three security consultants will argue at the Black Hat Security USA Briefings later this month. Just as successful attacks on MD5 hashes were presaged by the academic discovery of weaknesses in the hashing algorithm, a number of academic papers on advances in solving what is known as the discrete logarithm problem may be a predictor of rough times ahead for many public-key crypto systems, says Alex Stamos, a presenter and chief technology officer for secure-domain administrator Artemis Internet.
"We keep on having these big breakthroughs in practical crypto attacks that, if you were paying attention to the academic side, would not be much of a surprise," he says.
The complexity of the discrete algorithm problem, or DLP, is the basis for many popular crypto systems, such as ElGamal -- the default encryption used in GNU Privacy Guard -- and Diffie-Hellman key exchange. In addition, advances in solving the discrete logarithm problem can lead to advances in factoring, the basis of the popular RSA asymmetric encryption algorithm.
"We are not predicting that this will happen, but looking at past progressions, it is possible that in the next couple of years there could be a breakthrough in these problems," Stamos says. "If that happens, most asymmetric cryptography would be useless."
The researchers' concerns stem from two papers published earlier this year. In January, cryptographer Antoine Joux of CryptoExperts found a method to improve the efficiency of solving a subset of the discrete logarithm problem and demonstrated it on a fairly complex DLP with a field size of 1,425 bits and then, two months later, of 4,080 bits. A group of four other researchers -- Faruk Gologlu, Robert Granger, Gary McGuire, and Jens Zumbragel -- boosted that to 6,120 bits in April.
[Researchers to release details on how SSL vulnerability gives attackers ability to steal everything from OAuth tokens to PII through an enterprise app in just 30 seconds. See HTTPS Side-Channel Attack A Tool For Encrypted Secret Theft.]
While the advances could lead to practical attacks against modern encryption, such an eventuality is not a given. Instead, security professionals should reconsider whether their designs for crypto systems are strong enough, Laura Hitt, manager of research science at security firm 21CT, wrote in a brief analysis of the breakthroughs.
"I am not aware of a specific scheme in use that is now vulnerable to attack; these developments do not, in general, render pairing-based protocols unusable," Hitt wrote. "Rather, implementers must use more secure parameters than previously believed necessary. I do expect the published standards and crypto guidelines to be revisited and revised to reflect this significant leap forward that renders fundamental security assumptions to be too weak."
Considering that 18 percent of Fortune 500 companies continue to have MD5 hashes on the systems in their networks, organizations should start to get a better grip on their reliance on -- and the current state of -- their crypto systems, says Kevin Bocek, vice president of product marketing for key-management firm Venafi.
"It is a best practice to consider that any estimate regarding the exploitability of a weakness will come sooner than we originally thought," he says.
Companies should design their crypto systems to be easily changed out in the case that an algorithm is broken, Bocek says.
While cracking such a system is always a possibility, companies should worry about the more likely attacks: those designed to steal keys and co-opt the crypto systems itself. More strictly managing keys and the machines that create and store the keys is a must, says Tatu Ylonen, founder of SSH Communications Security, who estimates that only a small fraction of the Fortune 500 has some sort of key access management in place.
"Even then they don't really have full visibility into the use of the keys," he says. "I am not aware of any organization that has everything under control."
Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.
Robert Lemos is a veteran technology journalist of more than 16 years and a former research engineer, writing articles that have appeared in Business Week, CIO Magazine, CNET News.com, Computing Japan, CSO Magazine, Dark Reading, eWEEK, InfoWorld, MIT's Technology Review, ... View Full Bio