Latest attack against TLS shows the pitfalls of intentionally weakening encryption

Following FREAK and Logjam, DROWN is the third attack resulting from encryption algorithms that were deliberately weakened by the government

For the third time in less than a year, security researchers have found a method to attack encrypted Web communications, a direct result of weaknesses that were mandated two decades ago by the U.S. government.

These new attacks show the dangers of deliberately weakening security protocols by introducing backdoors or other access mechanisms like those that law enforcement agencies and the intelligence community are calling for today.

The field of cryptography escaped the military domain in the 1970s and reached the general public through the works of pioneers like Whitfield Diffie and Martin Hellman, and ever since, the government has tried to keep it under control and limit its usefulness in one way or another.

One approach used throughout the 1990s was to enforce export controls on products that used encryption by limiting the key lengths, allowing the National Security Agency to easily decrypt foreign communications.

This gave birth to so-called "export-grade" encryption algorithms that have been integrated into cryptographic libraries and have survived to this day. While these algorithms are no longer used in practice, researchers found that the mere support for them in TLS (Transport Layer Security) libraries and server configurations endanger Web communications encrypted with modern standards.

In March 2015, a team of researchers from Inria in Paris and the miTLS project developed an attack dubbed FREAK. They found that if a server was willing to negotiate an RSA_EXPORT cipher suite, a man-in-the-middle attacker could trick a user's browser to use a weak export key and decrypt TLS connections between that user and the server.

In May, another team of researchers announced another attack dubbed Logjam. While similar in concept to FREAK, Logjam targeted the Diffie-Hellman (DHE) key exchange instead of RSA and affected servers that supported DHE_EXPORT ciphers.

On Tuesday, another team of researchers announced a third attack.

Dubbed DROWN, this attack can be used to decrypt TLS connections between a user and a server if that server supports the old SSL version 2 protocol or shares its private key with another server that does. The attack is possible because of a fundamental weakness in the SSLv2 protocol that also relates to export-grade cryptography.

The U.S. government deliberately weakened three kinds of cryptographic primitives in the 1990s -- RSA encryption, Diffie-Hellman key exchange, and symmetric ciphers -- and all three have put the security of the Internet at risk decades later, the researchers who developed DROWN said on a website that explains the attack.

"Today, some policy makers are calling for new restrictions on the design of cryptography in order to prevent law enforcement from 'going dark,'" the researchers said. "While we believe that advocates of such backdoors are acting out of a good- faith desire to protect their countries, history's technical lesson is clear: Weakening cryptography carries enormous risk to all of our security."

Attacks like DROWN show the costs that Internet users continue to pay for mandated vulnerabilities in encryption that gave intelligence agencies a small, short-term advantage, Matthew Green, a cryptographer and assistant professor at the Johns Hopkins Information Security Institute, wrote in a blog post. "Given that we're currently in the midst of a very important discussion about the balance of short- and long-term security, let's hope that we won't make the same mistake again."

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Cool Tech

Crucial Ballistix Elite 32GB Kit (4 x 8GB) DDR4-3000 UDIMM

Learn more >

Gadgets & Things

Lexar® Professional 1000x microSDHC™/microSDXC™ UHS-II cards

Learn more >

Family Friendly

Lexar® JumpDrive® S57 USB 3.0 flash drive 

Learn more >

Stocking Stuffer

Plox Star Wars Death Star Levitating Bluetooth Speaker

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?