MD5 Broken, E-business And Other PKI Secured Services At Risk - Computers - Nairaland
Nairaland Forum / Science/Technology / Computers / MD5 Broken, E-business And Other PKI Secured Services At Risk (680 Views)
How To Resume Download Of Broken Files With IDM (Internet Download Manager) / Please How Do I Retrieve Files From A Broken Flash Drive? / Get E-business Fastest Growing Global Certification-increase Your Opportunity! (2) (3) (4)
(1) (Reply)
| MD5 Broken, E-business And Other PKI Secured Services At Risk by duduspace(m): 4:03am On Jan 04, 2009 |
What a way to start the new year
25C3: Naughty Boys completely break SSL using 200 PS3s
posted Dec 30th 2008 9:40am by Eliot Phillips
filed under: cons, security hacks
A team of security researchers and academics has broken a core piece of internet technology. They made their work public at the 25th Chaos Communication Congress in Berlin today. The team was able to create a rogue certificate authority and use it to issue valid SSL certificates for any site they want. The user would have no indication that their HTTPS connection was being monitored/modified.
This attack is possible because of a flaw in MD5. MD5 is a hashing algorithm; each unique file has a unique hash. In 2004, a team of Chinese researchers demonstrated creating two different files that had the same MD5 hash. In 2007, another team showed theoretical attacks that took advantage of these collisions. The team focused on SSL certificates signed with MD5 for their exploit.
The first step was doing some broad scans to see what certificate authorities (CA) were issuing MD5 signed certs. They collected 30K certs from Firefox trusted CAs. 9K of them were MD5 signed. 97% of those came from RapidSSL.
Having selected their target, the team needed to generate their rogue certificate to transfer the signature to. They employed the processing power of 200 Playstation 3s to get the job done. For this task, it’s the equivalent of 8000 standard CPU cores or $20K of Amazon EC2 time. The task takes ~1-2 days to calculate. The tricky part was knowing the content of the certificate that would be issued by RapidSSL. They needed to predict two variables: the serial number and the timestamp. RapidSSL’s serial numbers were all sequential. From testing, they knew that RapidSSL would always sign six seconds after the order was acknowledged. Knowing these two facts they were able to generate a certificate in advance and then purchase the exact certificate they wanted. They’d purchase certificates to advance the serial number and then buy on the exact time they calculated.
The cert was issued to their particular domain, but since they controlled the content, they changed the flags to make themselves an intermediate certificate authority. That gave them authority to issue any certificate they wanted. All of these ‘valid’ certs were signed using SHA-1.
If you set your clock back to before August 2004, you can try out their live demo site. This time is just a security measure for the example and this would work identically with a certificate that hasn’t expired. There’s a project site and a much more detailed writeup than this.
To fix this vulnerability, all CAs are now using SHA-1 for signing and Microsoft and Firefox will be blacklisting the team’s rogue CA in their browser products.
Don't know how these guys did it, but if this gets out, any savvy techie or group could claim the identity of any e-business outfit they wanted to without raising a flag. This is one sorry mess and I do recall my lecturer pointing this out in my Internetwork security module during my Master's program last year. The funny thing is, SHA1 is also subject to the same vulnerability of the "Birthday Paradox" but with a larger keyspace, I can guess the next step for these guys would be beefing up their hardware to tackle SHA1. The internet get more and more murky with each passing day. |
