Latest attack against TLS shows the pitfalls of intentionally weakening encryption

Following FREAK and Logjam, DROWN is the third attack resulting from encryption algorithms that were deliberately weakened by the government

For the third time in less than a year, security researchers have found a method to attack encrypted Web communications, a direct result of weaknesses that were mandated two decades ago by the U.S. government.

These new attacks show the dangers of deliberately weakening security protocols by introducing backdoors or other access mechanisms like those that law enforcement agencies and the intelligence community are calling for today.

The field of cryptography escaped the military domain in the 1970s and reached the general public through the works of pioneers like Whitfield Diffie and Martin Hellman, and ever since, the government has tried to keep it under control and limit its usefulness in one way or another.

One approach used throughout the 1990s was to enforce export controls on products that used encryption by limiting the key lengths, allowing the National Security Agency to easily decrypt foreign communications.

This gave birth to so-called "export-grade" encryption algorithms that have been integrated into cryptographic libraries and have survived to this day. While these algorithms are no longer used in practice, researchers found that the mere support for them in TLS (Transport Layer Security) libraries and server configurations endanger Web communications encrypted with modern standards.

In March 2015, a team of researchers from Inria in Paris and the miTLS project developed an attack dubbed FREAK. They found that if a server was willing to negotiate an RSA_EXPORT cipher suite, a man-in-the-middle attacker could trick a user's browser to use a weak export key and decrypt TLS connections between that user and the server.

In May, another team of researchers announced another attack dubbed Logjam. While similar in concept to FREAK, Logjam targeted the Diffie-Hellman (DHE) key exchange instead of RSA and affected servers that supported DHE_EXPORT ciphers.

On Tuesday, another team of researchers announced a third attack.

Dubbed DROWN, this attack can be used to decrypt TLS connections between a user and a server if that server supports the old SSL version 2 protocol or shares its private key with another server that does. The attack is possible because of a fundamental weakness in the SSLv2 protocol that also relates to export-grade cryptography.

The U.S. government deliberately weakened three kinds of cryptographic primitives in the 1990s -- RSA encryption, Diffie-Hellman key exchange, and symmetric ciphers -- and all three have put the security of the Internet at risk decades later, the researchers who developed DROWN said on a website that explains the attack.

"Today, some policy makers are calling for new restrictions on the design of cryptography in order to prevent law enforcement from 'going dark,'" the researchers said. "While we believe that advocates of such backdoors are acting out of a good- faith desire to protect their countries, history's technical lesson is clear: Weakening cryptography carries enormous risk to all of our security."

Attacks like DROWN show the costs that Internet users continue to pay for mandated vulnerabilities in encryption that gave intelligence agencies a small, short-term advantage, Matthew Green, a cryptographer and assistant professor at the Johns Hopkins Information Security Institute, wrote in a blog post. "Given that we're currently in the midst of a very important discussion about the balance of short- and long-term security, let's hope that we won't make the same mistake again."

Join the PC World newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Matthew Stivala

HP OfficeJet 250 Mobile Printer

The HP OfficeJet 250 Mobile Printer is a great device that fits perfectly into my fast paced and mobile lifestyle. My first impression of the printer itself was how incredibly compact and sleek the device was.

Armand Abogado

HP OfficeJet 250 Mobile Printer

Wireless printing from my iPhone was also a handy feature, the whole experience was quick and seamless with no setup requirements - accessed through the default iOS printing menu options.

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?