Your browser version is outdated. We recommend that you update your browser to the latest version.

DEFSECMEDIA

DEFSEC Media is New Zealand's defence, security and fire B2B/B2G publishing group. Our leading magazines, NZ Security, Fire NZ - and our latest title - Line of Defence, are read by key business, government and military decision makers. This website is the online home of cutting-edge content from each of our titles.


 

How the politics of data encryption keep transactions vulnerable

FEATURE: NZ Security, April 2015

FREAK, or ‘Factoring Attack on RSA- EXPORT Keys’, is the most recently uncovered security flaw threatening millions of Internet users. It affects SSL/ TLS protocols used to encrypt data as it is transmitted over the web, putting at risk private information such as passwords, banking and credit card information.

Although it’s actually existed for many years, FREAK was uncovered just a few weeks ago by French researchers at the INRIA computer science lab in Paris. The researchers notified governments and companies around the world as soon as they found it, but it was only made public in early March.

The flaw allows an attacker to intercept HTTPS connections between clients and servers, forcing them to use weakened ‘export-grade’ encryption, which the attacker can break in order to steal or manipulate data. This type of hacking is called a ‘man-in-the middle attack’ and is used to steal and unencrypt what the victim believes is protected, encrypted communications.

Vulnerable browsers include Internet Explorer, Chrome on Mac OS, Chrome on Android, Safari on Mac OS, Safari on iOS, Stock Android Browser, Blackberry Browser and Opera on Mac OS. According to freakattack.com, a University of Michigan research team that tracks the impact of the attack and helps users test whether they’re vulnerable says patches are now available for most of these browsers but plenty of servers are still at risk.

HTTSP servers that remained vulnerable as of 26th March included 8.5% of those at Alexa Top 1 million domain names (down from 9.6% since 3rd March, and 6.5% of those with browser- trusted certificates (down from 36.7%), among others. Interestingly, 11.8% of all HTTPS servers remained vulnerable (down from 26.3%) at the time of writing.

Chrome for Windows and all modern versions of Firefox are known to be safe. However, even if your browser is safe, some third-party software, such as some anti-virus products and adware programs, can expose you to the attack by intercepting TLS connections from the browser. If you are using a safe browser, it’s best to assume that you’re vulnerable.

In addition to browsers, many mobile apps and other software products use TLS. These are also potentially vulnerable if they offer RSA_EXPORT cipher suites or rely on unpatched libraries.

How to protect against FREAK

Self-diagnosis is a good first step. Freakattack.com offers an SSL FREAK Check tool and Qualys SSL Labs an SSL Server Test, which can identify FREAK and other security issues. 

According to the Michigan University researchers, if you run a server you should immediately disable support for TLS export cipher suites. You should also disable other cipher suites that are known to be insecure and enable forward secrecy. They recommend the Mozilla security configuration guide and SSL configuration generator, and testing your configuration with the Qualys SSL Labs SSL Server Test tool.

If you use a browser, they suggest ensuring that you have the most recent version of your browser installed, and check for updates frequently.

If you’re a systems administrator or developer, they recommend that you ensure that any TLS libraries you use are up to date. Ensure that your software does not offer export cipher suites, even as a last resort, since they can be exploited even if the TLS library is patched.

Google has released an updated version of its Android OS and Chrome browser for OS X to mitigate the vulnerability, and Microsoft has released a Security Advisory that includes a workaround for supported Windows systems.

HTTP Strict Transport Security (HSTS) addresses the threat

Starting with Windows 10, Internet Explorer will allow users to access some websites only over SSL-encrypted connections using the HTTP Strict Transport Security (HSTS) policy. Strangely, it’s the last major browser to get support for HSTS. Google Chrome has had HSTS support since 2009, Firefox since 2010, Opera since 2012 and Safari since 2013.

HTTP Strict Transport Security (or HSTS) is a header that allows web servers to require that web browsers and other user agents only interact with it using secure HTTPS connections, not HTTP. Once a browser sees such a header for a website, it will remember the preference and only accept HTTPS connections for that site in the future.

HTTPS, therefore, provides protection against SSL stripping, downgrading and certificate mismatch attacks against secure HTTPS websites by turning encryption failures into failures that can’t be bypassed. No more FREAK.

Also, some sites that use HTTPS might load content from third-party servers over plain HTTP. This is known as mixed content and while it’s discouraged practice from a security perspective it’s nevertheless accepted by browsers. With HSTS enabled, mixed content is no longer allowed.

Backdoors and national security

Back in the early 1990s when SSL was in its infancy, the US maintained a rigorous regime of export controls over encryption systems. In order to sell software outside of the US, companies were required to weaken the strength of encryption keys. For RSA encryption, the maximum allowed key length was 512 bits.

According to Mathew Green, a cryptographer and research professor at Johns Hopkins University, “the 512-bit export grade encryption was a compromise between dumb and dumber.” In theory it was designed to ensure that the NSA would have backdoor ‘access’ to communications, while allowing encryption that was still adequate for commercial use.

Steve Weismann, writing for USA Today, comments that “the reason for this was that the federal government wanted to make it easier for federal intelligence agencies to spy on overseas software users.” Following years of rumblings from the technological community, the restrictions were ended, but many software developers continued to use the weaker encryption.

Weismann comments that the discovery and discussion of this security flaw is particularly timely “in the light of FBI Director James Comey’s announced desire that software developers should specifically build in backdoors in the security of their products so that intelligence agencies can readily decrypt data for reasons of national security.”

The obvious dilemma, writes Weismann, is the risk that if such backdoors are built into the software that we use, “it will not be merely intelligence agencies exploiting these defects in the furtherance of national security, but also the possibility that criminal hackers or foreign countries will do the same thing to the extreme detriment of everyone.” And, he states, this is “without even getting into the risk of misuse of these backdoors by our own national security agencies.”

According to Keeper Security Senior Network Engineer, Patrick Tiquet, “There is no justification for any secure website to support the RSA export cipher suites, now, or even for the past five years.” The justification for doing so has been to maintain compatibility with old clients or browsers that only supported the 512-bit ciphers.

Supporting these ciphers on a website, explains Tiquet, was previously considered ‘best-practice’ to support the widest number of web browsers possible.

“However, most of those export-cipher- only browsers ceased to exist about 15 years ago,” he observes, “when export restrictions on encryption technology were eased by the US Government.” A web browser from 2000, he quite rightly states, isn’t capable of displaying most content from contemporary websites – so there really is no place for a continued compatibility mentality.

According to Nathaniel Mott of the Pando Daily, FREAK has proven critics of policies of weakening encryption to be right “Misguided laws or restrictions don’t just affect people today,” he points out, “they create problems which come back to haunt users more than a decade later.”

Cold war in cyberspace

The FREAK flaw is a sobering reminder of the extent to which state espionage has shaped and continues to shape cyberspace. Commenting on the timing of the flaw’s discovery, Mott writes, “it’s fitting that FREAK has been rediscovered as governments around

the world, from the United Kingdom and France to China and the US, have sought access to tech products. They want backdoors; they want encryption keys; they want to undermine basic security.”

Even more ironic, given the US government’s role in the apotheosis of FREAK, are President Barack Obama’s vehement criticism and threats against the Chinese government over its proposed anti-terrorism legislation. This legislation will require technology companies operating in China to install special backdoors in their security systems and hand over encryption keys to Beijing.

The draft law stipulates that any tech company operating or selling products in China would be required to give authorities encryption keys and allow back doors for law enforcement to access data. The US fears that exposing companies to this type of access by Beijing will leave their customers personal information and communications open to abuse.

Beijing has been quick to show Washington the mirror, pointing out that the law is not so different from the blocking of Huawei and ZTL’s telecommunications products from the US and Europe due to fears of cyber- security exposure. The Chinese state-run newsagency, Xinhua, has quite fittingly used this as an opportunity to say to the Americans: hey, at least we’re being open about it!

Back to Cyber/Tech

FREAK: when 'export grade' proves inferior.

Follow us...

 

 

© 2015. Defsec Media Limited. All Rights Reserved.

Defsec on YouTube...