Risk
7/10/2013
02:38 AM
Connect Directly
RSS
E-Mail
50%
50%

Preparing For Possible Future Crypto Attacks

Security experts warn that current advances in solving a complex problem could make a broad class of public-key crypto systems less secure

Security researchers and hackers have always been good at borrowing ideas, refining them, and applying them to create practical attacks out of theoretical results.

Click here for more of Dark Reading's Black Hat articles.

That pattern should concern security professionals because a number of academic breakthroughs in solving a complex mathematics problem could have a real impact on the security of the crypto systems that underpin much of today's Internet's security, three security consultants will argue at the Black Hat Security USA Briefings later this month. Just as successful attacks on MD5 hashes were presaged by the academic discovery of weaknesses in the hashing algorithm, a number of academic papers on advances in solving what is known as the discrete logarithm problem may be a predictor of rough times ahead for many public-key crypto systems, says Alex Stamos, a presenter and chief technology officer for secure-domain administrator Artemis Internet.

"We keep on having these big breakthroughs in practical crypto attacks that, if you were paying attention to the academic side, would not be much of a surprise," he says.

The complexity of the discrete algorithm problem, or DLP, is the basis for many popular crypto systems, such as ElGamal -- the default encryption used in GNU Privacy Guard -- and Diffie-Hellman key exchange. In addition, advances in solving the discrete logarithm problem can lead to advances in factoring, the basis of the popular RSA asymmetric encryption algorithm.

"We are not predicting that this will happen, but looking at past progressions, it is possible that in the next couple of years there could be a breakthrough in these problems," Stamos says. "If that happens, most asymmetric cryptography would be useless."

The researchers' concerns stem from two papers published earlier this year. In January, cryptographer Antoine Joux of CryptoExperts found a method to improve the efficiency of solving a subset of the discrete logarithm problem and demonstrated it on a fairly complex DLP with a field size of 1,425 bits and then, two months later, of 4,080 bits. A group of four other researchers -- Faruk Gologlu, Robert Granger, Gary McGuire, and Jens Zumbragel -- boosted that to 6,120 bits in April.

[Researchers to release details on how SSL vulnerability gives attackers ability to steal everything from OAuth tokens to PII through an enterprise app in just 30 seconds. See HTTPS Side-Channel Attack A Tool For Encrypted Secret Theft.]

While the advances could lead to practical attacks against modern encryption, such an eventuality is not a given. Instead, security professionals should reconsider whether their designs for crypto systems are strong enough, Laura Hitt, manager of research science at security firm 21CT, wrote in a brief analysis of the breakthroughs.

"I am not aware of a specific scheme in use that is now vulnerable to attack; these developments do not, in general, render pairing-based protocols unusable," Hitt wrote. "Rather, implementers must use more secure parameters than previously believed necessary. I do expect the published standards and crypto guidelines to be revisited and revised to reflect this significant leap forward that renders fundamental security assumptions to be too weak."

Considering that 18 percent of Fortune 500 companies continue to have MD5 hashes on the systems in their networks, organizations should start to get a better grip on their reliance on -- and the current state of -- their crypto systems, says Kevin Bocek, vice president of product marketing for key-management firm Venafi.

"It is a best practice to consider that any estimate regarding the exploitability of a weakness will come sooner than we originally thought," he says.

Companies should design their crypto systems to be easily changed out in the case that an algorithm is broken, Bocek says.

While cracking such a system is always a possibility, companies should worry about the more likely attacks: those designed to steal keys and co-opt the crypto systems itself. More strictly managing keys and the machines that create and store the keys is a must, says Tatu Ylonen, founder of SSH Communications Security, who estimates that only a small fraction of the Fortune 500 has some sort of key access management in place.

"Even then they don't really have full visibility into the use of the keys," he says. "I am not aware of any organization that has everything under control."

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Robert Lemos is a veteran technology journalist of more than 16 years and a former research engineer, writing articles that have appeared in Business Week, CIO Magazine, CNET News.com, Computing Japan, CSO Magazine, Dark Reading, eWEEK, InfoWorld, MIT's Technology Review, ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
MROBINSON000
50%
50%
MROBINSON000,
User Rank: Apprentice
7/18/2013 | 6:57:55 AM
re: Preparing For Possible Future Crypto Attacks
Robert, I really enjoyed reading your article - great work. We recently wrote a blog article on this topic also. HereG«÷s the link for anyone interested: http://blog.securityinnovation...
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Cartoon
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2009-5142
Published: 2014-08-21
Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb 1.09 and earlier, as used in Mimbo Pro 2.3.1 and other products, allows remote attackers to inject arbitrary web script or HTML via the src parameter.

CVE-2010-5302
Published: 2014-08-21
Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb before 1.15 as of 20100908 (r88), as used in multiple products, allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING.

CVE-2010-5303
Published: 2014-08-21
Cross-site scripting (XSS) vulnerability in the displayError function in timthumb.php in TimThumb before 1.15 (r85), as used in multiple products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to $errorString.

CVE-2014-0965
Published: 2014-08-21
IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted SOAP response.

CVE-2014-3022
Published: 2014-08-21
IBM WebSphere Application Server (WAS) 7.0.x before 7.0.0.33, 8.0.x before 8.0.0.9, and 8.5.x before 8.5.5.3 allows remote attackers to obtain sensitive information via a crafted URL that triggers an error condition.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Three interviews on critical embedded systems and security, recorded at Black Hat 2014 in Las Vegas.