Risk
7/10/2013
02:38 AM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Preparing For Possible Future Crypto Attacks

Security experts warn that current advances in solving a complex problem could make a broad class of public-key crypto systems less secure

Security researchers and hackers have always been good at borrowing ideas, refining them, and applying them to create practical attacks out of theoretical results.

Click here for more of Dark Reading's Black Hat articles.

That pattern should concern security professionals because a number of academic breakthroughs in solving a complex mathematics problem could have a real impact on the security of the crypto systems that underpin much of today's Internet's security, three security consultants will argue at the Black Hat Security USA Briefings later this month. Just as successful attacks on MD5 hashes were presaged by the academic discovery of weaknesses in the hashing algorithm, a number of academic papers on advances in solving what is known as the discrete logarithm problem may be a predictor of rough times ahead for many public-key crypto systems, says Alex Stamos, a presenter and chief technology officer for secure-domain administrator Artemis Internet.

"We keep on having these big breakthroughs in practical crypto attacks that, if you were paying attention to the academic side, would not be much of a surprise," he says.

The complexity of the discrete algorithm problem, or DLP, is the basis for many popular crypto systems, such as ElGamal -- the default encryption used in GNU Privacy Guard -- and Diffie-Hellman key exchange. In addition, advances in solving the discrete logarithm problem can lead to advances in factoring, the basis of the popular RSA asymmetric encryption algorithm.

"We are not predicting that this will happen, but looking at past progressions, it is possible that in the next couple of years there could be a breakthrough in these problems," Stamos says. "If that happens, most asymmetric cryptography would be useless."

The researchers' concerns stem from two papers published earlier this year. In January, cryptographer Antoine Joux of CryptoExperts found a method to improve the efficiency of solving a subset of the discrete logarithm problem and demonstrated it on a fairly complex DLP with a field size of 1,425 bits and then, two months later, of 4,080 bits. A group of four other researchers -- Faruk Gologlu, Robert Granger, Gary McGuire, and Jens Zumbragel -- boosted that to 6,120 bits in April.

[Researchers to release details on how SSL vulnerability gives attackers ability to steal everything from OAuth tokens to PII through an enterprise app in just 30 seconds. See HTTPS Side-Channel Attack A Tool For Encrypted Secret Theft.]

While the advances could lead to practical attacks against modern encryption, such an eventuality is not a given. Instead, security professionals should reconsider whether their designs for crypto systems are strong enough, Laura Hitt, manager of research science at security firm 21CT, wrote in a brief analysis of the breakthroughs.

"I am not aware of a specific scheme in use that is now vulnerable to attack; these developments do not, in general, render pairing-based protocols unusable," Hitt wrote. "Rather, implementers must use more secure parameters than previously believed necessary. I do expect the published standards and crypto guidelines to be revisited and revised to reflect this significant leap forward that renders fundamental security assumptions to be too weak."

Considering that 18 percent of Fortune 500 companies continue to have MD5 hashes on the systems in their networks, organizations should start to get a better grip on their reliance on -- and the current state of -- their crypto systems, says Kevin Bocek, vice president of product marketing for key-management firm Venafi.

"It is a best practice to consider that any estimate regarding the exploitability of a weakness will come sooner than we originally thought," he says.

Companies should design their crypto systems to be easily changed out in the case that an algorithm is broken, Bocek says.

While cracking such a system is always a possibility, companies should worry about the more likely attacks: those designed to steal keys and co-opt the crypto systems itself. More strictly managing keys and the machines that create and store the keys is a must, says Tatu Ylonen, founder of SSH Communications Security, who estimates that only a small fraction of the Fortune 500 has some sort of key access management in place.

"Even then they don't really have full visibility into the use of the keys," he says. "I am not aware of any organization that has everything under control."

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Robert Lemos is a veteran technology journalist of more than 16 years and a former research engineer, writing articles that have appeared in Business Week, CIO Magazine, CNET News.com, Computing Japan, CSO Magazine, Dark Reading, eWEEK, InfoWorld, MIT's Technology Review, ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
MROBINSON000
50%
50%
MROBINSON000,
User Rank: Apprentice
7/18/2013 | 6:57:55 AM
re: Preparing For Possible Future Crypto Attacks
Robert, I really enjoyed reading your article - great work. We recently wrote a blog article on this topic also. HereGÇÖs the link for anyone interested: http://blog.securityinnovation...
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2391
Published: 2014-04-24
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string representing a previously used but currently invalid password, which allows remote attackers to obtain potent...

CVE-2014-2392
Published: 2014-04-24
The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attackers to obtain sensitive information by reading (1) web-server access logs, (2) web-server Referer log...

CVE-2014-2393
Published: 2014-04-24
Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite 7.4.1 before 7.4.1-rev11 and 7.4.2 before 7.4.2-rev13 allows remote attackers to inject arbitrary web script or HTML via a Drive filename that is not properly handled during use of the composer to add an e-mail attachment.

CVE-2011-5279
Published: 2014-04-23
CRLF injection vulnerability in the CGI implementation in Microsoft Internet Information Services (IIS) 4.x and 5.x on Windows NT and Windows 2000 allows remote attackers to modify arbitrary uppercase environment variables via a \n (newline) character in an HTTP header.

CVE-2012-0360
Published: 2014-04-23
Memory leak in Cisco IOS before 15.1(1)SY, when IKEv2 debugging is enabled, allows remote attackers to cause a denial of service (memory consumption) via crafted packets, aka Bug ID CSCtn22376.

Best of the Web