Feeds

Boffins bust web authentication with game consoles

PS3 fleet spoofs SSL certs

Providing a secure and efficient Helpdesk

Researchers have uncovered a weakness in the internet's digital certificate system that allows them to forge counterfeit credentials needed to impersonate virtually any website that relies on the widely used security measure.

Armed with more than 200 PlayStation 3 game consoles, the researchers are able to create a secure sockets layer certificate for any website of their choosing. The forged certificate causes all the major browsers to display a message indicating the website the user is visiting is legitimate because it's been vetted by a trusted certificate authority using supposedly robust cryptographic measures.

Such attacks could make it easier for phishers to impersonate the sites of banks and other sensitive online services. The findings were presented Tuesday at the 25th annual Chaos Communication Congress in Berlin by researchers from Centrum Wiskunde & Informatica (CWI) in the Netherlands, EPFL in Switzerland, Eindhoven University of Technology (TU/e) in the Netherlands and independent labs in California.

"This break is major," said Karsten Nohl, a cryptography expert and a researcher at the University of Virginia. "It definitely is the most wide-scale attack, because anything short of patching all browsers in the world to not accept the certificates, there's nothing you can do to prevent it."

The attack is based on known weaknesses in the cryptographic hash function known as MD5. In 2004, researchers from China showed it was possible to generate the same MD5 fingerprint for two different messages using off-the-shelf computer hardware. Three years later, a separate group of researchers - many who participated in Tuesday's presentation in Berlin - built off of those findings by showing how to have almost complete freedom in the choice of both messages.

The latest findings take the known MD5 weaknesses a step further by showing how so-called collisions allow for the creation of valid digital credentials used by certificate authorities, which are appointed organizations that validate the authenticity of websites used for banking and other sensitive online activities. Once the researchers have generated the rogue certificate authority certificate, they can create SSL certificates for any site that will be accepted by just about any web-connecting device.

The vulnerability in the web's SSL system is made possible by a handful of certificate authorities who continue to rely solely on MD5 to sign certificates. Even though the number amounts to a tiny fraction of authorities, all web browsers continue to accept MD5 hashes. The researchers didn't identify the certificate authorities by name.

Jacob Appelbaum, one of the researchers who developed the proof-of-concept attack, said browser makers should take action to protect their users against the vulnerability. Among the measures his group is advocating is disabling the use of MD5 signatures, blacklisting rogue certificates, and the required use of more robust cryptographic hashes such as SHA-2 and, when ready, SHA-3.

The researchers began their proof-of-concept attack with more than 200 PlayStation 3 consoles running in a Linux cluster, which they used to generate millions of possible certificates. Once they found a pair that had a special collision in the MD5 hash, they requested a legitimate website certificate from one of the authorities that relies only on MD5 to generate signatures.

After copying the signature into a rogue certificate authority credential, they had the ability to generate widely accepted website certificates for any site of their choosing.

To prevent misuse of their certificate, they set it to expire in 2004, so only machines that are badly out of date can be tricked by their attack. Still, Appelbaum says, it should now be clear that MD5 is irretrievably broken and can no longer be trusted.

"We can control the output of the hashing function within specific constraints," he says. "This means that when you use MD5 in digital signatures, you're rolling the dice." ®

New hybrid storage solutions

More from The Register

next story
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
Reddit wipes clean leaked celeb nudie pics, tells users to zip it
Now we've had all THAT TRAFFIC, we 'deplore' this theft
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
TorrentLocker unpicked: Crypto coding shocker defeats extortionists
Lousy XOR opens door into which victims can shove a foot
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Top 5 reasons to deploy VMware with Tegile
Data demand and the rise of virtualization is challenging IT teams to deliver storage performance, scalability and capacity that can keep up, while maximizing efficiency.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.