What happened and what can we learn?
There’s been some very big news in the cryptographic world this week. So far, several technology news sites have highlighted the impact of a new vulnerability on Estonian and Slovakian smartcards, but the reach of this vulnerability is far wider than that. Five security researchers have just announced their discovery of a cryptographic flaw in a widely used cryptographic library. The vulnerability, formally assigned CVE-2017-15361 and called the Return of Coppersmith’s Attack, or ROCA for short, is a practical mathematical attack that allows an adversary to reveal secret keys on certified devices using this library. The key can be revealed offline, and no physical access to the affected device is required. Once the attack is complete, the attacker can then use the secret key to overcome any authentication or encryption systems that are in place on the affected device.
Posted in Uncategorized | Comments Off on ROCA: Cryptographic flaws in BitLocker, Secure Boot, and millions of smartcards
SSL and TLS are a family of cryptographic protocols that protect sensitive communications on the Internet. The first standard, SSL 2.0, was released in 1995. The latest standard, TLS 1.2, was released in August 2008. Its 20-year history has been marred by numerous cryptographic breaks (both in the underlying primitives and in the protocol itself) and software flaws in implementations. In this blog post, I offer some explanations for these issues and how the Internet Engineering Task Force (IETF) is trying to address the fundamental problems in its upcoming TLS standard, TLS 1.3.
A bit of background
For nearly 20 years, Secure Sockets Layer (SSL) and its successor Transport Layer Security (TLS) have secured Internet traffic. Both use mathematics that has been well-scrutinized for nearly 40 years, and its most popular implementations are open source and deployed to billions of users. Despite its age and popularity, TLS has a long history of cryptographic breaks and implementation mistakes. SSL 2.0 and SSL 3.0 have catastrophic vulnerabilities and even TLS must be carefully configured before it is able to be used safely. Sadly, many of these vulnerabilities affect the underlying primitives, such as RSA or AES. This raises the question, why are these primitives so vulnerable?
Crypto is fragile
There is significant mathematics behind each of the primitives in TLS, and time and time again we’re shown that the mathematics is the only robust component. Part of the problem is that most of these primitives were designed from a purely mathematical standpoint without consideration of the implementation. This inevitably led to the situation whereby software implementations are brittle, buggy, and have many side-channel attacks unless the developers are extraordinarily careful.
Posted in Open Source Security | Comments Off on TLS 1.3 and the future of cryptographic protocols