Logjam: New Dangers for Secure Protocols

logjam new dangers for secure protocols l.w
1 / 11
Embed
Share

Discover the dangers posed by Logjam, FREAK attack, and weak Diffie-Hellman parameters in secure protocols. Learn why short parameters can lead to vulnerabilities and find out how to avoid these attacks by switching to ECDH scheme and using longer custom parameters.

  • Logjam
  • Secure Protocols
  • Diffie-Hellman
  • Security
  • Vulnerabilities
rayaanacharya
tylenac Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Logjam: new dangers for secure protocols Dmitry Belyavskiy, TCI ENOG 9, Kazan, June 9-10, 2015

  2. Attack of 2015 FREAK Historical reasons A lot of browsers A lot of web-servers 512-bit temporary RSA is not secure! CVE-2015-0204

  3. Attack of 2015 LogJam In short: too weak Diffie- Hellman parameters (EXPORT DH) All browsers (middle of May) All web-servers (depending on settings) SSH/VPN 512/768/1024 is not enough! https://weakdh.org/ https://openssl.org/blog/blog/2015/05/20/logjam-freak-upcoming-changes/ https://www.trustworthyinternet.org/ssl-pulse/

  4. Diffie-Hellman scheme ALICE + = + = Common Paint Secret Colours Secret Colours Common Secret Public Transport = + + = BOB SSL Best Practices https://www.ssllabs.com/projects/best-practices/

  5. Diffie-Hellman math

  6. Handshake struct In case of DH key exchange signed data includes: opaque client_random[32]; opaque server_random[32]; serverDHParams params; DOES NOT include the negotiating Cipher Suite id The result will be checked at the end of the handshake

  7. Handshake in case of attack

  8. Why does it work? Too short parameters: Precalc for hard-coded values Add some timeouts to provide correct Finished message Profit! 2 primes used at 92% Apache sites 512 bits is too short 1024 bits can be attacked too

  9. Who is under the attack? SSH - 25% if 1024 bits is broken IKEv1 (IPSEC VPNs) 66% if 1024 is broken HTTPS (7% popular sites) IPSec POP3S/IMAPS/SMPTP 8-15% Postfix enables EXPORT Ciphersuites by default all protocols using DH scheme

  10. How to avoid the attack? Switch to ECDH scheme Clients should decline too short DH parameters Old Java versions not longer 768 bits Use longer custom parameters (2048 bits)

  11. Questions? beldmit@tcinet.ru

Related


No related presentations.

More Related Content