Since [Snowden]’s release of thousands of classified documents in 2013, one question has tugged at the minds of security researchers: how, exactly, did the NSA apparently intercept VPN traffic, and decrypt SSH and HTTP, allowing the NSA to read millions of personal, private emails from persons around the globe? Every guess is invariably speculation, but a paper presented at the ACM Conference on Computer and Communications Security might shed some light on how the NSA appears to have broken some of the most widespread encryption used on the Internet (PDF).
The relevant encryption discussed in the paper is Diffie–Hellman key exchange (D-H), the encryption used for HTTPS, SSH, and VPN. D-H relies on a shared very large prime number. By performing many, many computations, an attacker could pre-compute a ‘crack’ on an individual prime number, then apply a relatively small computation to decrypt any individual message that uses that prime number. If all applications used a different prime number, this wouldn’t be a problem. This is the difference between cryptography theory and practice; 92% of the top 1 Million Alexa HTTPS domains use the same two prime numbers for D-H. An attacker could pre-compute a crack on those two prime numbers and consequently be able to read nearly all Internet traffic through those servers.
Even before the leaks by former NSA sysadmin Edward Snowden, rumours had circulated for years that the agency could decrypt a significant fraction of encrypted internet traffic.
Now security researchers, who published a paper on their theory in May, have come forward with a detailed and credible theory on the technical foundations of this code-breaking capability. They presented a talk last week with a better explanation of how this fitted with the Snowden leaks.
The Edward Snowden documents revealed that that the NSA had the ability to intercept and decrypt VPN traffic. The on-demand decryption of some HTTPS and SSH connections was also possible because of unspecified but ground breaking cryptanalysis capabilities, according to the Snowden leaks.
Earlier this week, the 13-member research team presented a paper at the ACM Computer and Communications Security conference billed as an answer to this technical mystery.
Diffie-Hellman is a cornerstone of modern cryptography used for VPNs, HTTPS websites, email, and many other protocols. Bad implementation choices combined with advanced in number theory mean real-world users of Diffie-Hellman are likely vulnerable to state-level attackers, the researchers warned back in May.
The researchers estimate that breaking a single, common 1024-bit prime would allow NSA to passively decrypt connections to two-thirds of VPNs and a quarter of all SSH servers globally. Breaking a second 1024-bit prime would allow passive eavesdropping on connections to nearly 20 per cent of the top million HTTPS websites. In other words, a one-time colossal investment in power-lifting computation would make it possible to eavesdrop on trillions of encrypted connections.
Weak application of Diffie-Hellman is widespread in many standards and implementations. Security weaknesses are built into deployed systems unlikely to replaced for years, even given heightened concern prompted by the latest research.
The possibility of multiple governments attempting attacks illustrates the tension between the conflict between the NSA’s two prime missions of gathering intelligence and defending US computer security. If the researchers are correct then the NSA has been vigorously exploiting weak Diffie-Hellman, while doing little or nothing to help fix the problem. On the defensive side, NSA has recommended that implementers should transition to elliptic curve cryptography, which isn’t known to suffer from this loophole, but such recommendations tend to go unheeded without explicit justifications or demonstrations.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
We are a professional review site that has advertisement and can receive compensation from the companies whose products we review. We use affiliate links in the post so if you use them to buy products through those links we can get compensation at no additional cost to you.OkDecline
3 Comments
Tomi Engdahl says:
How The NSA Can Read Your Emails
http://hackaday.com/2015/10/15/how-the-nsa-can-read-your-emails/
Since [Snowden]’s release of thousands of classified documents in 2013, one question has tugged at the minds of security researchers: how, exactly, did the NSA apparently intercept VPN traffic, and decrypt SSH and HTTP, allowing the NSA to read millions of personal, private emails from persons around the globe? Every guess is invariably speculation, but a paper presented at the ACM Conference on Computer and Communications Security might shed some light on how the NSA appears to have broken some of the most widespread encryption used on the Internet (PDF).
The relevant encryption discussed in the paper is Diffie–Hellman key exchange (D-H), the encryption used for HTTPS, SSH, and VPN. D-H relies on a shared very large prime number. By performing many, many computations, an attacker could pre-compute a ‘crack’ on an individual prime number, then apply a relatively small computation to decrypt any individual message that uses that prime number. If all applications used a different prime number, this wouldn’t be a problem. This is the difference between cryptography theory and practice; 92% of the top 1 Million Alexa HTTPS domains use the same two prime numbers for D-H. An attacker could pre-compute a crack on those two prime numbers and consequently be able to read nearly all Internet traffic through those servers.
Imperfect Forward Secrecy:
How Diffie-Hellman Fails in Practice
https://weakdh.org/imperfect-forward-secrecy-ccs15.pdf
Tomi Engdahl says:
Let’s talk about that NSA Diffie-Hellman crack
‘Logjam’ crypto bug researchers expand on theory in talk
http://www.theregister.co.uk/2015/10/19/nsa_crypto_breaking_theory/
Even before the leaks by former NSA sysadmin Edward Snowden, rumours had circulated for years that the agency could decrypt a significant fraction of encrypted internet traffic.
Now security researchers, who published a paper on their theory in May, have come forward with a detailed and credible theory on the technical foundations of this code-breaking capability. They presented a talk last week with a better explanation of how this fitted with the Snowden leaks.
The Edward Snowden documents revealed that that the NSA had the ability to intercept and decrypt VPN traffic. The on-demand decryption of some HTTPS and SSH connections was also possible because of unspecified but ground breaking cryptanalysis capabilities, according to the Snowden leaks.
Earlier this week, the 13-member research team presented a paper at the ACM Computer and Communications Security conference billed as an answer to this technical mystery.
Diffie-Hellman is a cornerstone of modern cryptography used for VPNs, HTTPS websites, email, and many other protocols. Bad implementation choices combined with advanced in number theory mean real-world users of Diffie-Hellman are likely vulnerable to state-level attackers, the researchers warned back in May.
The researchers estimate that breaking a single, common 1024-bit prime would allow NSA to passively decrypt connections to two-thirds of VPNs and a quarter of all SSH servers globally. Breaking a second 1024-bit prime would allow passive eavesdropping on connections to nearly 20 per cent of the top million HTTPS websites. In other words, a one-time colossal investment in power-lifting computation would make it possible to eavesdrop on trillions of encrypted connections.
Weak application of Diffie-Hellman is widespread in many standards and implementations. Security weaknesses are built into deployed systems unlikely to replaced for years, even given heightened concern prompted by the latest research.
The possibility of multiple governments attempting attacks illustrates the tension between the conflict between the NSA’s two prime missions of gathering intelligence and defending US computer security. If the researchers are correct then the NSA has been vigorously exploiting weak Diffie-Hellman, while doing little or nothing to help fix the problem. On the defensive side, NSA has recommended that implementers should transition to elliptic curve cryptography, which isn’t known to suffer from this loophole, but such recommendations tend to go unheeded without explicit justifications or demonstrations.
‘Logjam’ crypto bug could be how the NSA cracked VPNs
Johns Hopkins crypto boffin spots FREAK-like protocol bug
http://www.theregister.co.uk/2015/05/20/logjam_johns_hopkins_cryptoboffin_ids_next_branded_bug/
Zoila Mock says:
Blockchain and Cryptocurrency Email List for B2B Marketing