SSL BEAST – Heavy Security Risk for SSL/TLS (aka HTTPS)
SSL is a critically important part of Internet security and it has come under increasing scrutiny in recent months. Last Friday, a pair of security researchers demonstrated a new attack called SSL BEAST at the ekoparty security conference in Buenos Aires, Argentina. Researchers Thai Duong and Juliano Rizzo leveraged weaknesses in cypher block chaining (CBC) in order to exploit SSL.
"The SSL standard mandates the use of the CBC mode encryption with chained initialization vectors (IV)," the researchers wrote in a white paper detailing their research. "Unfortunately, CBC mode encryption with chained IVs is insecure, and this insecurity extends to SSL."
Duong and Rizzo noted the CBC vulnerability can enable a man-in-the-middle (MITM) attacks against SSL to decrypt and obtain authentication tokens.
"The novelty of our attacks lie in the fact that they are the first attacks that actually decrypt HTTPS requests by exploiting cryptographic weaknesses of using HTTP over SSL," the researchers stated.
While the SSL BEAST attack is a cause for concern, there are already technologies in place to help mitigate the risk. For one, the BEAST attack only affects the TLS 1.0 version of SSL and not later versions. One vendor that leverages a non-vulnerable version of TLS is the Tor onion router project which provides a degree of anonymyity and privacy to users..
"Tor uses OpenSSL's empty fragment feature, which inserts a single empty TLS record before every record it sends," the Tor project noted in a blog post. "This effectively randomizes the IV of the actual records, like a low-budget TLS 1.1. So the attack is simply stopped."
Google's Chrome Web browser has also taken steps to mitigate the risk as well.
"Chrome has already addressed the issue and the fix on the browser side is quite simple and elegant," ISC SANS security research Mark Hofman blogged. "We'll see the other browsers implement something similar over the next few weeks. That doesn't fix the protocol, but it will help address the immediate issue of clients being attacked in this manner."
Google engineer Adam Langely blogged that Google's own servers are also somewhat protected from the SSL BEAST attack since they use a cipher that doesn't use CBC.
While Google has already taken steps to protect its users, Microsoft sees the risk as being low.
"Microsoft is aware of the industry-wide SSL 3.0 / TLSv1.0 issue demonstrated at a recent security conference which we believe presents low risk to our customers and to the Internet," Jerry Bryant, Group Manager, Response Communications, Microsoft Trustworthy Computing said in a statement emailed to InternetNews.com. "Windows 7 and Windows Server 2008 R2 support TLSv1.1 and TLSv1.2 but due to compatibility issues with many web sites, are not enabled by default."
2011 has not been a good year for SSL. SSL has come under fire due to the exploit of a pair of certificate authorities. Both Commodo and DigiNotar were exploited this year leaving big sites including Google and Mozilla at risk.
[…] SSL BEAST – Heavy Security Risk for SSL/TLS (aka HTTPS) 09/29 […]