Flame crypto attack was very hard to pull off, security researcher says

The MD5 collision attack carried out by Flame's authors took more attempts to pull off than the RapidSSL one in 2008

The MD5 collision attack used by the creators of the Flame malware was significantly more difficult to pull off than an earlier attack that resulted in the creation of a rogue CA certificate, according to security researcher Alexander Sotirov.

In December 2008, at the Chaos Communication Congress (CCC) in Berlin, an international team of security researchers that included Sotirov presented a practical MD5 collision attack that allowed them to obtain a rogue CA certificate signed by VeriSign-owned RapidSSL.

The attack was significant because it showed for the first time that at least one of the known theoretical MD5 collision techniques could be used in practice to defeat the security of the HTTPS (HTTP Secure) protocol. To pull off the attack, the researchers used computing power generated by a cluster of 200 PlayStation 3s.

The creators of the Flame cyber-espionage malware used a similar attack to obtain a rogue digital certificate that allowed them to sign code as Microsoft. The certificate was used to distribute Flame to targeted computers as an official Windows update.

Last week, cryptanalysts announced that the MD5 collision attack used by Flame's creators was not identical to the RapidSSL one, which has been fully documented since 2009. Rather, the Flame attack uses a different method that might have been developed in parallel.

While this is an impressive achievement in itself, it turns out that the Flame attack was also significantly more difficult to pull off than the RapidSSL one.

The RapidSSL attackers had a one-second window to obtain a legitimate certificate with a serial number they predicted in advance and whose signature could be copied over to their rogue certificate. It took several attempts to time this right, and after each failed attempt they had to generate a new rogue certificate, which took several hours.

The Flame attackers had only a one-millisecond window to obtain the right certificate signed by Microsoft, said Sotirov, co-founder and chief scientist at security firm Trail of Bits, in a presentation at the SummerCon conference on Saturday. That means they probably needed a far greater number of attempts to succeed.

The RapidSSL attack would have cost around US$20,000 if it had been performed on Amazon's EC2 cloud. The Flame attack would have cost between 10 and 100 times more, Sotirov said.

"[Sotirov's] analysis on the time window seems to be correct and is excellent research," said Marc Stevens, a scientific staff member in the cryptology group at the Dutch national research center for mathematics and computer science (CWI), via email.

"This would significantly increase the overall cost and I agree with that assessment," said Stevens, another member of the team that performed the RapidSSL attack in 2008.

However, Stevens didn't agree with Sotirov's estimate for the theoretical cost of using Amazon's cloud for the attack. That's because there's currently not enough information about the MD5 collision method used in the Flame attack.

Sotirov assumes the attack had a similar cost-per-attempt as the RapidSSL one, Stevens said. However, the Flame attackers might have used a method that was faster, or one that was slower.

He expects they used a slower method, but that's still being researched and the findings won't be released until later.

The Flame attackers might also have had free access to powerful computer hardware, which would have significantly reduced the time required to perform the attack.

"More powerful hardware reduces the wall clock time," Stevens said. "The collision attack is highly parallelizable and a big cluster can be used very efficiently."

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?