Feeds

Google preps Chrome fix to slay SSL-attacking BEAST

20-line patch targets plaintext recovery exploit

Build a business case: developing custom apps

Google has prepared an update for its Chrome browser that protects users against an attack that decrypts data sent between browsers and many websites protected by the secure sockets layer protocol.

The fix, which has already been added to the latest developer version of Chrome, is designed to thwart attacks from BEAST, proof-of-concept code that its creators say exploits a serious weakness in the SSL protocol that millions of websites use to encrypt sensitive data. Researchers Juliano Rizzo and Thai Duong said they've been working with browser makers on a fix since May, and public discussions on the Chromium.org website show Chrome developers proposing changes as early as late June.

It's hard to know how effective BEAST will be at quickly and secretly cracking the encryption protecting online bank passwords, social security numbers and other sensitive data, but Google appears to be taking no chances. Rizzo and Duong have released only limited details of their attack ahead of a presentation scheduled for Friday at the Ekoparty security conference in Buenos Aires.

Until recently, many cryptographers speculated it refined attacks described in 2004 and later in 2006 (PDF) by researcher Gregory Bard. In a series of recent tweets, Duong discounted these theories, saying he and Rizzo read Bard's paper weeks after the genesis of BEAST. Instead, he said it was based on work by cryptographer Wei Dai.

Short for Browser Exploit Against SSL/TLS, BEAST performs what's known as a chosen plaintext-recovery attack against AES encryption in earlier versions of SSL and its successor TLS, or transport layer security. The technique exploits an encryption mode known as cipher block chaining, in which data from a previously encrypted block of data is used to encode the next block.

It has long been known that attackers can manipulate the process to make educated guesses about the contents of the plaintext blocks. If the attacker's guess is correct, the block cipher will receive the same input for a new block as for an old block, producing an identical ciphertext.

The change introduced into Chrome would counteract these attacks by splitting a message into fragments to reduce the attacker's control over the plaintext about to be encrypted. By adding unexpected randomness to the process, the new behavior in Chrome is intended to throw BEAST off the scent of the decryption process by feeding it confusing information.

The approach is similar to one introduced in 2002 by developers of the OpenSSL package that many websites use to implement SSL. That change added empty plaintext fragments to the the cipher block chain before sending the actual payload. The technique was effective in preventing the cracking of SSL-protected data sent from the server to browsers, but not the other way around. It was never widely adopted because many Microsoft products weren't compatible with it.

Like the unadopted change in OpenSSL, the Chrome fix is designed to protect SSL encryption against plaintext-recovery attacks while remaining compatible with TLS version 1. A quick review of Mozilla's developer website showed no signs that a similar fix is being planned for the Firefox browser.

Most of cryptographers who know the details of Rizzo and Duong's work have agreed not to disclose them ahead of Friday's talk. One of them is Adam Langley, a security researcher for Google. On Monday, shortly after publications including The Register previewed BEAST, he posted the following comment to the Hacker News website:

I happen to know the details of this attack since I work on Chrome's SSL/TLS stack. The linked article is sensationalist nonsense, but one should give the authors the benefit of the doubt because the press can be like that.

Fundamentally there's nothing that people should worry about here. Certainly it's not the case that anything is 'broken'.

He didn't elaborate, and so far Google has had nothing public to say about how BEAST might affect its users. With the discovery that the company's developers have spent the past three months working on a fix, we have some explanation for their insouciance. ®

The essential guide to IT transformation

More from The Register

next story
Rupert Murdoch says Google is worse than the NSA
Mr Burns vs. The Chocolate Factory, round three!
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Germany 'accidentally' snooped on John Kerry and Hillary Clinton
Dragnet surveillance picks up EVERYTHING, USA, m'kay?
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
Think crypto hides you from spooks on Facebook? THINK AGAIN
Traffic fingerprints reveal all, say boffins
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.