Feeds

Boffins bust web authentication with game consoles

PS3 fleet spoofs SSL certs

The Power of One eBook: Top reasons to choose HP BladeSystem

Researchers have uncovered a weakness in the internet's digital certificate system that allows them to forge counterfeit credentials needed to impersonate virtually any website that relies on the widely used security measure.

Armed with more than 200 PlayStation 3 game consoles, the researchers are able to create a secure sockets layer certificate for any website of their choosing. The forged certificate causes all the major browsers to display a message indicating the website the user is visiting is legitimate because it's been vetted by a trusted certificate authority using supposedly robust cryptographic measures.

Such attacks could make it easier for phishers to impersonate the sites of banks and other sensitive online services. The findings were presented Tuesday at the 25th annual Chaos Communication Congress in Berlin by researchers from Centrum Wiskunde & Informatica (CWI) in the Netherlands, EPFL in Switzerland, Eindhoven University of Technology (TU/e) in the Netherlands and independent labs in California.

"This break is major," said Karsten Nohl, a cryptography expert and a researcher at the University of Virginia. "It definitely is the most wide-scale attack, because anything short of patching all browsers in the world to not accept the certificates, there's nothing you can do to prevent it."

The attack is based on known weaknesses in the cryptographic hash function known as MD5. In 2004, researchers from China showed it was possible to generate the same MD5 fingerprint for two different messages using off-the-shelf computer hardware. Three years later, a separate group of researchers - many who participated in Tuesday's presentation in Berlin - built off of those findings by showing how to have almost complete freedom in the choice of both messages.

The latest findings take the known MD5 weaknesses a step further by showing how so-called collisions allow for the creation of valid digital credentials used by certificate authorities, which are appointed organizations that validate the authenticity of websites used for banking and other sensitive online activities. Once the researchers have generated the rogue certificate authority certificate, they can create SSL certificates for any site that will be accepted by just about any web-connecting device.

The vulnerability in the web's SSL system is made possible by a handful of certificate authorities who continue to rely solely on MD5 to sign certificates. Even though the number amounts to a tiny fraction of authorities, all web browsers continue to accept MD5 hashes. The researchers didn't identify the certificate authorities by name.

Jacob Appelbaum, one of the researchers who developed the proof-of-concept attack, said browser makers should take action to protect their users against the vulnerability. Among the measures his group is advocating is disabling the use of MD5 signatures, blacklisting rogue certificates, and the required use of more robust cryptographic hashes such as SHA-2 and, when ready, SHA-3.

The researchers began their proof-of-concept attack with more than 200 PlayStation 3 consoles running in a Linux cluster, which they used to generate millions of possible certificates. Once they found a pair that had a special collision in the MD5 hash, they requested a legitimate website certificate from one of the authorities that relies only on MD5 to generate signatures.

After copying the signature into a rogue certificate authority credential, they had the ability to generate widely accepted website certificates for any site of their choosing.

To prevent misuse of their certificate, they set it to expire in 2004, so only machines that are badly out of date can be tricked by their attack. Still, Appelbaum says, it should now be clear that MD5 is irretrievably broken and can no longer be trusted.

"We can control the output of the hashing function within specific constraints," he says. "This means that when you use MD5 in digital signatures, you're rolling the dice." ®

Designing a Defense for Mobile Applications

More from The Register

next story
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.