Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Researchers Devise New Attack Techniques Against SSL

samzenpus posted about a year and a half ago | from the protect-ya-neck dept.

Security 33

alphadogg writes "The developers of many SSL libraries are releasing patches for a vulnerability that could potentially be exploited to recover plaintext information, such as browser authentication cookies, from encrypted communications.The patching effort follows the discovery of new ways to attack SSL, TLS and DTLS implementations that use cipher-block-chaining (CBC) mode encryption. The new attack methods were developed by researchers at the University of London's Royal Holloway College. The men published a research paper and a website on Monday with detailed information about their new attacks, which they have dubbed the Lucky Thirteen. They've worked with several TLS library vendors, as well as the TLS Working Group of the IETF, to fix the issue."

Sorry! There are no comments related to the filter you selected.

On the internet, nothing is private (-1, Troll)

For a Free Internet (1594621) | about a year and a half ago | (#42816227)

Deal with it like I do: never use the internet. Have your assistant or secretary do all internet-related tasks for you. THat way, you will never be on the internet or the Facebook, and you will be safe from virusing and spywars. Also, remember to eat healthy and love your neighbor like youself, even if your neighbor is a creepy weirdo who smells funny and doesn't seem to have a regular job and who leaves weird junk in his front yard, even if your neighbor is like that, love him or her at least as much as you can because Obama loves you.

Re:On the internet, nothing is private (0)

Anonymous Coward | about a year and a half ago | (#42817323)

So your secretary just took diction and posted this for you?
Lazy fuck.

#2 !! (-1)

Anonymous Coward | about a year and a half ago | (#42816407)

Never mind that it's 44 minutes after the story posted !!

Could this be the NSA's secret crack? (2, Insightful)

GameboyRMH (1153867) | about a year and a half ago | (#42816415)

Rumors have been going around for a while that the NSA is able to crack certain forms of SSL or lower-level AES, and their new data center is for a "store now, decrypt later" operation. Could this be what they have?

Re:Could this be the NSA's secret crack? (3, Informative)

Anonymous Coward | about a year and a half ago | (#42816549)

No.

Paranoid though I am, this is a timing attack needing multiple packets. Not something you can do 'offline'

Re:Could this be the NSA's secret crack? (5, Insightful)

Anonymous Coward | about a year and a half ago | (#42816561)

Yes, the NSA has broken AES, which is why all of the encryption standards they use for their secrets are based on it. Beccause, if they can break it, there's no way someone like, I don't know, China could.

I consider myself on the paranoid side of tech, but even I treat rumors about the NSA seccretly breaking low level schemes the same way I treat rumors about UFOs.

Re:Could this be the NSA's secret crack? (-1)

Anonymous Coward | about a year and a half ago | (#42817151)

Nice try, NSA stooge, but we have better things to do than analyze disinformation protected with a childish cipher. We know how you really encrypt data, and have so many infiltration points into your systems that your only hope is to destroy your data centers.

Re:Could this be the NSA's secret crack? (-1)

Anonymous Coward | about a year and a half ago | (#42817827)

Does anyone else suspect this AC post is 100% totally legit? DoD has been getting pwned by children and teenagers for the past 2 decades. Chinese cyber-capabilities are agile enough that it implies a very flat organizational structure. I can totally picture a mid-level manager in such a structure wearing jeans to work and casually trolling slashdot as an AC while he is there.

I think China is in for a rude awakening when they realize what is crawling out of Pandora's box. Its impossible to understand the entire scope of what you do not know that you do not know. DARPA and the DoD are slowly and quietly developing their own capabilities and this shit is going to get ugly for civilians when they roll out their "Gangster Squad".

Re:Could this be the NSA's secret crack? (1)

PartyBoy!911 (611650) | about a year and a half ago | (#42818277)

Well it's not so far fetched as you think. They talk about it themselves:

http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all/ [wired.com]

Meanwhile, over in Building 5300, the NSA succeeded in building an even faster supercomputer. “They made a big breakthrough,” says another former senior intelligence official, who helped oversee the program. The NSA’s machine was likely similar to the unclassified Jaguar, but it was much faster out of the gate, modified specifically for cryptanalysis and targeted against one or more specific algorithms, like the AES. In other words, they were moving from the research and development phase to actually attacking extremely difficult encryption systems. The code-breaking effort was up and running.

The breakthrough was enormous, says the former official, and soon afterward the agency pulled the shade down tight on the project, even within the intelligence community and Congress. “Only the chairman and vice chairman and the two staff directors of each intelligence committee were told about it,” he says. The reason? “They were thinking that this computing breakthrough was going to give them the ability to crack current public encryption.”

Start buying more tinfoil!

Re:Could this be the NSA's secret crack? (0)

Anonymous Coward | about a year and a half ago | (#42838819)

“They were thinking that this computing breakthrough was going to give them the ability to crack current public encryption."
Presumably he means public-KEY encryption, most likely RSA. In other words, the NSA found a faster way to factor prime numbers, which is quite likely. Definitely more likely than "they broke AES."

Re:Could this be the NSA's secret crack? (0)

Anonymous Coward | about a year and a half ago | (#42820741)

Yes, the NSA has broken AES

You convinced me. I'm now preparing to foil my network ports with aluminum foil I found my mothers kitchen closet. The machine will be air-tight, although not the DP+oral kind of way

RIP Internet (0)

Anonymous Coward | about a year and a half ago | (#42816483)

At what point will the Internet cease being a useful tool, because it is insecure?
The criminal won't relent and the software meant to protect is never completely secure.

Re:RIP Internet (2)

YodasEvilTwin (2014446) | about a year and a half ago | (#42816779)

What, because cash and paper documents are oh-so-secure?

Re:RIP Internet (1)

sycodon (149926) | about a year and a half ago | (#42820067)

Don't worry, we have "Researchers" on it. Top "Researchers".

I'm safe (5, Funny)

GloomE (695185) | about a year and a half ago | (#42816503)

The attack relies on the slight difference in processing time of certain packets.
My ISP is so over-subscribed that latency here varies from packet to packet by 1 second.
They are obviously doing this on purpose to protect their clients.

Break the internet (0)

puddingebola (2036796) | about a year and a half ago | (#42816547)

Maybe they can break the internet (tee-hee hee). Maybe they can split it open, and make all the information inside it come tumbling, gushing out.

Re:Break the internet (0)

Anonymous Coward | about a year and a half ago | (#42817297)

Maybe they can break the internet (tee-hee hee). Maybe they can split it open, and make all the information inside it come tumbling, gushing out.

It could cause all those series of tubes to burst.

Workaround for the Cheap, Lazy, and/or Incompetent (1)

cffrost (885375) | about a year and a half ago | (#42816701)

Slashdot has long had a solution for avoiding many potential SSL/TLS security-breach incidents: Deny users the privilege of utilizing SSL/TLS and that precious certificate unless there's a damn good reason, e.g., logging in. After that single use, dump 'em back to unauthenticated plaintext.

This same tease & denial [wikipedia.org] technique is employed on all of the rest of Dice Holdings holdings—including SourceForge (albeit in a slightly more lenient manner)—logged-in users enjoy all-you-can-eat HTTPS (and the nightmarish specter of its subsequent compromise); unknown, cookie-free scum can rot... We can't have casual passersby getting fingerprints all over that precious certificate, now can we?

FFS Dice Holdings, how about a little Dice Improving? [wikipedia.org]

Re:Workaround for the Cheap, Lazy, and/or Incompet (1)

ewanm89 (1052822) | about a year and a half ago | (#42818663)

Maybe you should look up SSL stripping attacks, and then there is just sniffing the session cookies out of the air, please see firesheep for a tool designed to do this.

ASLR for HTTP headers? (1)

manu0601 (2221348) | about a year and a half ago | (#42816835)

One of the attack requirements is to find the target data at a fixed offset in the SSL packets. This is the case for session cookies, which aresend back and forth in HTTP headers Set-Cookie and Cookie.

Why don't we just randomize HTTP headers order? Such a defense, inspired by ASLR for native programs, seems cheap to implement, and would make the attacker life more difficult. There could even be padding HTTP headers inserted at random places. Something like X-Padding: foobarbuz

Re:ASLR for HTTP headers? (0)

Anonymous Coward | about a year and a half ago | (#42816961)

That's just not practical, but I've also been thinking about this issue for a while (repeating text in SSL). I was thinking about adding a bit of random junk at the beginning of the transfer and encrypting the data with a very dumb (read: fast) method that contained the key in the transfer header (after the junk). So each transaction - after the handshake - would look like this:

Here are a few bits of random data. Here's an (say) XOR key. Here's the data encrypted with the XOR key.

And ALL that encrypted with the standard encryption methods. That would avoid repeating text.

Re:ASLR for HTTP headers? (0)

Anonymous Coward | about a year and a half ago | (#42817525)

That's more or less what modern on-disk crypto looks like already. You split the encryption key into two halves: The first half is used to encrypt the block index number. That gets xor'd with the data and the result is encrypted with the second half of the key. So if two blocks of data happen to be identical, they will look different on the disk.

I always assumed that something similar were done for SSL streams, like you suggest. Guess I should study more.

New Timing Attack (5, Informative)

cryptizard (2629853) | about a year and a half ago | (#42816883)

For lazy people a quick overview of this attack is that it uses very small differences between the amount of time it takes to decrypt a correctly padded TLS record and the time it takes to reject an incorrectly padded record (think of the padding as kind of a checksum). An attacker can modify encrypted records, send them to the server and discover whether the decryption is correctly padded or not based on the amount of time it takes to respond. With this knowledge, an attacker can interactively decrypt a record bit by bit, testing the padding over and over.

It only works in datagram TLS (DTLS) because regular TLS terminates a session after one incorrectly padded message. It also only works over LAN where you can get really precise timing.

Re:New Timing Attack (0)

Anonymous Coward | about a year and a half ago | (#42817211)

The summary says it also applies to TLS?

Re:New Timing Attack (2)

cryptizard (2629853) | about a year and a half ago | (#42819065)

Well its a theoretical attack against TLS because you can restart the connection and currently browsers will use the same parameters if you have a certain cookie set, giving you a chance to try again. It takes millions of tries though and each TLS handshake is rather slow so it isn't currently possible to use this attack on TLS even under the best conditions.

Re:New Timing Attack (0)

Anonymous Coward | about a year and a half ago | (#42817805)

a nice one!!! way to go and congratulations to Nadhem J. AlFardan and Kenneth G. Paterson (:

So... (1)

fahrbot-bot (874524) | about a year and a half ago | (#42817183)

...Firefox 18.0.3 in 3...2...1... (sigh)

Sexist language is dead? (0)

musth (901919) | about a year and a half ago | (#42818027)

The men published a research paper and a website on Monday with detailed information about their new attacks, which they have dubbed the Lucky Thirteen.

Good to know that we're dealing with men here.

Re:Sexist language is dead? (0)

Anonymous Coward | about a year and a half ago | (#42821329)

The women, who had no vagina's and instead had penises, published a research paper...

Happy now?

Since CBC is discouraged after the BEAST attack (1)

Chrisq (894406) | about a year and a half ago | (#42818191)

Since the use of CBC-based cipher suites in TLS is discouraged [phonefactor.com] since BEAST attacks this is just adding more weight to the argument.

Re:Since CBC is discouraged after the BEAST attack (0)

Anonymous Coward | about a year and a half ago | (#42818435)

Unless you're trying to get PCI compliance, in which case expect to be told that mitigating BEAST attacks isn't good enough, you need to not be vulnerable to them at all!

Re:Since CBC is discouraged after the BEAST attack (1)

WaffleMonster (969671) | about a year and a half ago | (#42824857)

Unless you're trying to get PCI compliance, in which case expect to be told that mitigating BEAST attacks isn't good enough, you need to not be vulnerable to them at all!

Is this the same PCI that asserts "secure" hash algorithms can be used to tokenize credit card numbers?

Why are idiots even allowed to write security specifications and why do the rest of us tolerate it?

The world has gone insane (1)

stilnesv (1000141) | about a year and a half ago | (#42820749)

Once upon a time, these tax leaching researchers with Asperger's syndrome were tucked away in their dungeons. Unfortunately, someone let them out and they are now screaming loud. Don't be fooled by their screaming.
Check for New Comments
Slashdot Login

Need an Account?

Forgot your password?