Another flaw has been found in the basic encryption algorithms that secure the Internet. This flaw, named the Logjam attack by its discoverers (researchers from various universities and companies), allows an attacker that can carry out man-in-the-middle attacks to weaken the encryption used in secure connections (such as HTTPS, SSH, and VPNs). In theory, this means that an attacker (with sufficient resources) can break the encryption and read the “secure” traffic.
In some ways, this attack is similar to the recent FREAK attack. Both attacks were made possible by support for “export-grade” encryption standards. Until the 1990s, cryptography was considered a “munition” in the United States and limits were placed on the strength of cryptography that products “exported” for use outside of the US could support. Unfortunately, what was “acceptable” cryptography then can now be cracked with sufficient computation resources.
The vulnerability lies in how the Diffie-Hellman key exchange is carried out. Logjam can be used to lower the strength of the accepted algorithms to those that use 512-bit prime numbers (as used in “export-grade” encryption). Similar research (also carried out by the Logjam researchers) proved that other vulnerabilities are present in systems that use 768- and 1024-bit primes. Nation-states may have the resources needed to exploit these flaws; this can allow an attacker to decrypt secure traffic that has been passively collected.
Who is at risk?
Theoretically, any protocol that uses the Diffie-Hellman key exchange is at risk from this attack. However, note that this attack requires two factors on the part of the attacker: the ability to intercept traffic between the secure server and the client, as well as significant computation resources.
The researchers estimate that up to 8.4% of all sites in the top one million domains are vulnerable. Similar percentages of POP3S and IMAPS (secure email) servers are at risk.
What should I do now?
For end users, there’s really only one thing to do: update your browsers. All the major browser vendors (Google, Mozilla, Microsoft, and Apple) are preparing updates for their various products, and should release an update soon. You can also check if your browser is vulnerable by visiting this site.
For software developers, the fix is also relatively simple. Check that any encryption libraries that are used or bundled with your application are all up to date. In addition, the use of larger prime numbers for key exchange can be specified as well.
The main task falls on IT administrators with servers that use any of the at-risk services and protocols. In these cases, the following needs to be performed:
- Disable support for all export cipher suites, to ensure they cannot be used.
- Increase the number of bits used by the prime numbers in the Diffie-Hellman key exchange to 2048 bits; this ensures that exceptional computational powers would be needed to break any encryption based on this process.
Trend Micro solutions
We have released the following rules for Trend Micro Deep Security and Vulnerability Protection users that protect against this threat:
- 1006561 – Identified Usage Of TLS/SSL EXPORT Cipher Suite In Response
- 1006562 – Identified Usage Of TLS/SSL EXPORT Cipher Suite In Request
- 1006740 – Identified SSL/TLS Diffie-Hellman Key Exchange Using Weak Parameters Client
- 1006741 – Identified SSL/TLS Diffie-Hellman Key Exchange Using Weak Parameters Server
Post updated on May 20, 2015 7:45 PM PDT to add Trend Micro solutions.
Post updated on May 21, 2015 1:40 PM PDT to refine Trend Micro solutions.
Post updated on June 19, 2015 12:06 PM PDT to add Trend Micro solutions.