Risk
7/10/2013
02:38 AM
Connect Directly
RSS
E-Mail
50%
50%

Preparing For Possible Future Crypto Attacks

Security experts warn that current advances in solving a complex problem could make a broad class of public-key crypto systems less secure

Security researchers and hackers have always been good at borrowing ideas, refining them, and applying them to create practical attacks out of theoretical results.

Click here for more of Dark Reading's Black Hat articles.

That pattern should concern security professionals because a number of academic breakthroughs in solving a complex mathematics problem could have a real impact on the security of the crypto systems that underpin much of today's Internet's security, three security consultants will argue at the Black Hat Security USA Briefings later this month. Just as successful attacks on MD5 hashes were presaged by the academic discovery of weaknesses in the hashing algorithm, a number of academic papers on advances in solving what is known as the discrete logarithm problem may be a predictor of rough times ahead for many public-key crypto systems, says Alex Stamos, a presenter and chief technology officer for secure-domain administrator Artemis Internet.

"We keep on having these big breakthroughs in practical crypto attacks that, if you were paying attention to the academic side, would not be much of a surprise," he says.

The complexity of the discrete algorithm problem, or DLP, is the basis for many popular crypto systems, such as ElGamal -- the default encryption used in GNU Privacy Guard -- and Diffie-Hellman key exchange. In addition, advances in solving the discrete logarithm problem can lead to advances in factoring, the basis of the popular RSA asymmetric encryption algorithm.

"We are not predicting that this will happen, but looking at past progressions, it is possible that in the next couple of years there could be a breakthrough in these problems," Stamos says. "If that happens, most asymmetric cryptography would be useless."

The researchers' concerns stem from two papers published earlier this year. In January, cryptographer Antoine Joux of CryptoExperts found a method to improve the efficiency of solving a subset of the discrete logarithm problem and demonstrated it on a fairly complex DLP with a field size of 1,425 bits and then, two months later, of 4,080 bits. A group of four other researchers -- Faruk Gologlu, Robert Granger, Gary McGuire, and Jens Zumbragel -- boosted that to 6,120 bits in April.

[Researchers to release details on how SSL vulnerability gives attackers ability to steal everything from OAuth tokens to PII through an enterprise app in just 30 seconds. See HTTPS Side-Channel Attack A Tool For Encrypted Secret Theft.]

While the advances could lead to practical attacks against modern encryption, such an eventuality is not a given. Instead, security professionals should reconsider whether their designs for crypto systems are strong enough, Laura Hitt, manager of research science at security firm 21CT, wrote in a brief analysis of the breakthroughs.

"I am not aware of a specific scheme in use that is now vulnerable to attack; these developments do not, in general, render pairing-based protocols unusable," Hitt wrote. "Rather, implementers must use more secure parameters than previously believed necessary. I do expect the published standards and crypto guidelines to be revisited and revised to reflect this significant leap forward that renders fundamental security assumptions to be too weak."

Considering that 18 percent of Fortune 500 companies continue to have MD5 hashes on the systems in their networks, organizations should start to get a better grip on their reliance on -- and the current state of -- their crypto systems, says Kevin Bocek, vice president of product marketing for key-management firm Venafi.

"It is a best practice to consider that any estimate regarding the exploitability of a weakness will come sooner than we originally thought," he says.

Companies should design their crypto systems to be easily changed out in the case that an algorithm is broken, Bocek says.

While cracking such a system is always a possibility, companies should worry about the more likely attacks: those designed to steal keys and co-opt the crypto systems itself. More strictly managing keys and the machines that create and store the keys is a must, says Tatu Ylonen, founder of SSH Communications Security, who estimates that only a small fraction of the Fortune 500 has some sort of key access management in place.

"Even then they don't really have full visibility into the use of the keys," he says. "I am not aware of any organization that has everything under control."

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Robert Lemos is a veteran technology journalist of more than 16 years and a former research engineer, writing articles that have appeared in Business Week, CIO Magazine, CNET News.com, Computing Japan, CSO Magazine, Dark Reading, eWEEK, InfoWorld, MIT's Technology Review, ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
MROBINSON000
50%
50%
MROBINSON000,
User Rank: Apprentice
7/18/2013 | 6:57:55 AM
re: Preparing For Possible Future Crypto Attacks
Robert, I really enjoyed reading your article - great work. We recently wrote a blog article on this topic also. HereG«÷s the link for anyone interested: http://blog.securityinnovation...
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7392
Published: 2014-07-22
Gitlist allows remote attackers to execute arbitrary commands via shell metacharacters in a file name to Source/.

CVE-2014-2385
Published: 2014-07-22
Multiple cross-site scripting (XSS) vulnerabilities in the web UI in Sophos Anti-Virus for Linux before 9.6.1 allow local users to inject arbitrary web script or HTML via the (1) newListList:ExcludeFileOnExpression, (2) newListList:ExcludeFilesystems, or (3) newListList:ExcludeMountPaths parameter t...

CVE-2014-3518
Published: 2014-07-22
jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterprise Application Platform (JEAP) 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA Platform 5.3.1, does not properly implement the JSR 160 specification, which allows remote attackers to exec...

CVE-2014-3530
Published: 2014-07-22
The org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method in PicketLink, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 5.2.0 and 6.2.4, expands entity references, which allows remote attackers to read arbitrary code and possibly have other unspecified impact via...

CVE-2014-4326
Published: 2014-07-22
Elasticsearch Logstash 1.0.14 through 1.4.x before 1.4.2 allows remote attackers to execute arbitrary commands via a crafted event in (1) zabbix.rb or (2) nagios_nsca.rb in outputs/.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Where do information security startups come from? More important, how can I tell a good one from a flash in the pan? Learn how to separate ITSec wheat from chaff in this episode.