How the NSA can break trillions of encrypted Web and VPN connections

Status
Not open for further replies.

Dima007

Level 23
Thread author
Verified
Well-known
Apr 24, 2013
1,200
For years, privacy advocates have pushed developers of websites, virtual private network apps, and other cryptographic software to adopt the Diffie-Hellman cryptographic key exchange as a defense against surveillance from the US National Security Agency and other state-sponsored spies. Now, researchers are renewing their warning that a serious flaw in the way the key exchange is implemented is allowing the NSA to break and eavesdrop on trillions of encrypted connections.

The cost for adversaries is by no means modest. For commonly used 1024-bit keys, it would take about a year and cost a "few hundred million dollars" to crack just one of the extremely large prime numbers that form the starting point of a Diffie-Hellman negotiation. But it turns out that only a few primes are commonly used, putting the price well within the NSA's $11 billion-per-year budget dedicated to "groundbreaking cryptanalytic capabilities."

"Since a handful of primes are so widely reused, the payoff, in terms of connections they could decrypt, would be enormous," researchers Alex Halderman and Nadia Heninger wrote in a blog post published Wednesday. "Breaking a single, common 1024-bit prime would allow NSA to passively decrypt connections to two-thirds of VPNs and a quarter of all SSH servers globally. Breaking a second 1024-bit prime would allow passive eavesdropping on connections to nearly 20% of the top million HTTPS websites. In other words, a one-time investment in massive computation would make it possible to eavesdrop on trillions of encrypted connections."
Most plausible theory

Halderman and Heninger say their theory fits what's known about the NSA's mass decryption capabilities better than any competing explanation. Documents leaked by former NSA subcontractor Edward Snowden, for instance, showed the agency was able to monitor encrypted VPN connections, pass intercepted data to supercomputers, and then obtain the key required to decrypt the communications.

"The design of the system goes to great lengths to collect particular data that would be necessary for an attack on Diffie-Hellman but not for alternative explanations, like a break in AES or other symmetric crypto," the researchers wrote. "While the documents make it clear that NSA uses other attack techniques, like software and hardware 'implants,' to break crypto on specific targets, these don’t explain the ability to passively eavesdrop on VPN traffic at a large scale."

The blog post came as Halderman, Heninger, and a raft of other researchers formally presented their academic paper detailing their findings to the 22nd ACM Conference on Computer and Communications Security in Denver on Wednesday. The paper, titled "Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice," received extensive media coverage in May when the paper was first released. Besides exposing the likely secret behind the NSA's mass interception of encrypted communications, the paper also revealed a closely related attack that left tens of thousands of HTTPS-protected websites, mail servers, and other widely used Internet services open to less sophisticated eavesdroppers.

The attack, which was dubbed Logjam, was extremely serious because it required just two weeks to generate data needed to attack the two most commonly called prime numbers 512-bit Diffie-Hellman uses to negotiate ephemeral keys. It affected an estimated 8.4 percent of the top 1 million Web domains and 3.4 percent of HTTPS-supported websites overall. E-mail servers that support simple mail transfer protocol with StartTLS, secure POP3, and IMAP were estimated to be vulnerable in 14.8 percent, 8.9 percent, and 8.4 percent of the cases respectively. To exploit vulnerable connections, attackers used the number field sieve algorithm to precompute data. Once they had completed that task, they could perform man-in-the-middle attacks against vulnerable connections in real time.

The Logjam weakness was the result of export restrictions the US government mandated in the 1990s on US developers who wanted their software to be used abroad. The regimen was established by the Clinton administration so that the FBI and other agencies could break the encryption used by foreign entities. In the five months since the paper was released, most widely used browsers, VPNs, and server apps have removed support for 512-bit Diffie-Hellman, making Logjam much less of a threat. But a similar vulnerability can still be exploited by attackers with nation-state-sized budgets to passively decrypt the 1024-bit Diffie-Hellman key sizes that many implementations still use by default.

Unsettling conclusion
Halderman and Heninger's team arrived at this unsettling conclusion in May, but it's likely the NSA reached it long before then. While that knowledge makes it possible for the NSA to decrypt communications on a mass scale, it gives the same capability to other countries, some of which are adversaries to the US. Halderman and Heninger wrote:

Our findings illuminate the tension between NSA’s two missions, gathering intelligence and defending U.S. computer security. If our hypothesis is correct, the agency has been vigorously exploiting weak Diffie-Hellman, while taking only small steps to help fix the problem. On the defensive side, NSA has recommended that implementors should transition to elliptic curve cryptography, which isn’t known to suffer from this loophole, but such recommendations tend to go unheeded absent explicit justifications or demonstrations. This problem is compounded because the security community is hesitant to take NSA recommendations at face value, following apparent efforts to backdoor cryptographic standards.

This state of affairs puts everyone’s security at risk. Vulnerability on this scale is indiscriminate—it impacts everybody’s security, including American citizens and companies—but we hope that a clearer technical understanding of the cryptanalytic machinery behind government surveillance will be an important step towards better security for everyone.

Diffie-Hellman is the breakthrough that lets two parties that have never met before negotiate a secret key even when communicating over an unsecured, public channel that's monitored by a sophisticated adversary. It also makes possible perfect forward secrecy, which periodically changes the encryption key. That vastly increases the work of eavesdropping because attackers must obtain the ephemeral key anew each time it changes, as opposed to only once with other encryption schemes, such as those based on RSA keys. The research is significant because it shows a potentially crippling weakness in a crypto regimen widely favored by privacy and security advocates.

The original research team recommended that websites use 2048-bit Diffie-Hellman keys and published this Guide to Deploying Diffie-Hellman for TLS. The team also recommended SSH users upgrade both server and client software to the latest version of OpenSSH, which favors Elliptic-Curve Diffie-Hellman Key Exchange. Update: Nicholas Weaver, a security researcher at the University of California at Berkeley and the International Computer Science Institute, said the researchers' theory is "almost certainly correct" has analysis here.
 
Last edited by a moderator:

Tony Cole

Level 27
Verified
May 11, 2014
1,639
I think Edward Snowden has done a lot of damage, no one is asking the NSA, GCHQ as they'd say "you would say that." We now see the dangers, from Iran, Iraq and 9/11 why there is the need to use (where required) the full ability to stop this, otherwise we will end up with people being beheaded, and I hope not, another 9/11. Personally they should have the full powers to do what's needed to protect us, the NSA does not have meta data profiles of the enite population, nor do they care about innocent people - imagine agents sitting their, reading emails about your next day delivery from Sainsburys. Edward Snowden has given info to Russia, traitor all the way.
 

Enju

Level 9
Verified
Well-known
Jul 16, 2014
443
I think Edward Snowden has done a lot of damage, no one is asking the NSA, GCHQ as they'd say "you would say that." We now see the dangers, from Iran, Iraq and 9/11 why there is the need to use (where required) the full ability to stop this, otherwise we will end up with people being beheaded, and I hope not, another 9/11. Personally they should have the full powers to do what's needed to protect us, the NSA does not have meta data profiles of the enite population, nor do they care about innocent people - imagine agents sitting their, reading emails about your next day delivery from Sainsburys. Edward Snowden has given info to Russia, traitor all the way.
NSA workers shared nude pictures among themselves, so yeah they are interested in everything you do... France for example has data retention and did it help with the Charlie Hebdo shooting? No, it did not. The same with 9/11, the USA already had the NSA in full working condition and did it help? Again, no. See where I'm going?
The I have nothing to hide attitude is really annoying because everyone has something to hide and it's an essential human right to have privacy, but if you like losing every right you can keep on supporting those lies about terrorism.
 
  • Like
Reactions: upnorth and frogboy
L

LabZero

Well, the Internet was invented in USA, the ICANN (that manages top level domain) is in Los Angeles, for years, many Internet users put terabytes of information in servers managed by American companies (which, as such, must comply with the laws of the United States Government).

It is from 9/11 that citizens (and their politicians) have proven to be more than ready for a decline of civil rights in exchange for better security against terrorism.
Is that for years it was known that the NSA asked software giants like Microsoft to place secret keys in their software, Windows included, of course.

We thought that it wasn't true.
Yes, they do. And they do it because the US Government has ruled that it is legal to do so. NSA spy us because there is a political motivation behind making it possible and legal.

Snowden said that the King is actually naked, as the "common sense" already suggested for a long time.
 
  • Like
Reactions: frogboy

Tony Cole

Level 27
Verified
May 11, 2014
1,639
Everyone listens to Edward Snowden, but not the other side, how do you know he's telling the full truth, why go and work for an agency who needs powers, beyond the realms of the police, it's the nature of the job. He states all the evidence has been destroyed so Russia could not integrate him. So, how can he prove the current disclosures - you cannot!

In life people mess-up, fail, so yes 9/11 was an accident, but we all do. To say they should not have those powers as they failed before is like saying a surgeon should never practise again as they lost a patient. I know I'd rather let them continue, than have another 9/11, 7/7 bombing and beheading's on our streets, than worry about some NSA analysis reading your emails. I mean we had code crackers in world war 2, they helped win the war, was that wrong.
 

Exterminator

Community Manager
Verified
Staff Member
Well-known
Oct 23, 2012
12,527
This article has nothing to do with 9/11 and especially remarks that 9/11 was an inside job.I think some might find these remarks offensive as well as off topic especially if you were not there or did not have a friend or loved one killed on that day.
Please stay on topic or the thread will be closed.
 

Exterminator

Community Manager
Verified
Staff Member
Well-known
Oct 23, 2012
12,527
None taken.Your remarks are fine however those remarks interjecting personal theories with absolutely no valid proof in an article about the NSA's ability to exploit a serious flaw in the key exchange to view encrypted Web & VPN connections and the price citizens will have to pay with their privacy is hardly on topic and might be considered offensive.
We just need to stay on topic.
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top