CVE-2017-15361, a.k.a. ROCA, is a vulnerability that allows an adversary to use a practical mathematical attack to reveal secret keys on certified devices.
Posted in Software Architecture and Design | Comments Off on ROCA: Cryptographic flaws in BitLocker, Secure Boot, and millions of smartcards
SSL and TLS are a family of cryptographic protocols that protect sensitive communications on the Internet. The first standard, SSL 2.0, was released in 1995. The latest standard, TLS 1.2, was released in August 2008. Its 20-year history has been marred by numerous cryptographic breaks (both in the underlying primitives and in the protocol itself) and software flaws in implementations. In this blog post, I offer some explanations for these issues and how the Internet Engineering Task Force (IETF) is trying to address the fundamental problems in its upcoming TLS standard, TLS 1.3.
A bit of background
For nearly 20 years, Secure Sockets Layer (SSL) and its successor Transport Layer Security (TLS) have secured Internet traffic. Both use mathematics that has been well-scrutinized for nearly 40 years, and its most popular implementations are open source and deployed to billions of users. Despite its age and popularity, TLS has a long history of cryptographic breaks and implementation mistakes. SSL 2.0 and SSL 3.0 have catastrophic vulnerabilities and even TLS must be carefully configured before it is able to be used safely. Sadly, many of these vulnerabilities affect the underlying primitives, such as RSA or AES. This raises the question, why are these primitives so vulnerable?
Crypto is fragile
There is significant mathematics behind each of the primitives in TLS, and time and time again we’re shown that the mathematics is the only robust component. Part of the problem is that most of these primitives were designed from a purely mathematical standpoint without consideration of the implementation. This inevitably led to the situation whereby software implementations are brittle, buggy, and have many side-channel attacks unless the developers are extraordinarily careful.
Posted in Open Source Security | Comments Off on TLS 1.3 and the future of cryptographic protocols