Rarely a month goes by now without researchers publicizing a newly discovered attack or vulnerability against widely used systems. So far this year we’ve had GHOST in January, JASBUG in February, FREAK in March, and VENOM in May. Now, we can add Logjam to the collection.
The discovery of the Logjam attack (minus a logo) comes courtesy of an international group of security researchers. This attack affects a range of commonly used secure communication services including Transport Layer Security (TLS), Secure Shell (SSH), and IPSec. It has been said that this attack method is an offshoot of the FREAK flaw. FREAK allowed attackers to force the downgrade of TLS strength to export grade, allowing the encryption to be easily cracked.
The Logjam attack exploits a weakness in the critical session key exchange mechanism that takes place at the start of secure communications when secure sessions are being negotiated between the communicating parties. During the negotiation stage, the Diffie-Hellman key exchange protocol is frequently used by the communicating parties to exchange session encryption keys over an insecure channel. The session keys that are exchanged are subsequently used for setting up the secure channel.
The Diffie-Hellman key exchange process is generally believed to be secure, as it involves a mathematical problem (discrete logs—hence Logjam!) that is difficult to solve because there is no efficient way of solving it—that is, if everything is implemented properly. However, the researchers discovered that many widely used implementations of the process use shared and often static (512-bit) prime numbers. This lets attackers make pre-computations based on expected values, allowing them to quickly break the encryption and carry out the Logjam attack. In effect, this is like knowing that locks in all houses only use a handful of key pin patterns and having the keys pre-cut before attempting to break into a house.
How does the Logjam attack work?
The Logjam attack works because it is possible for an attacker to make a client/server key exchange process use much weaker protection. By manipulating the session key negotiation process, an attacker could force the use of an export-grade Diffie-Hellman key exchange mechanism for transporting session keys. Export-grade encryption uses 512-bit keys which, along with other factors in widely used implementations, can enable the attacker to quickly break the encryption and discover the session key being exchanged. The downgrade mechanism is similar to the FREAK vulnerability in which an attacker could force clients and servers communicating on SSL/TLS to downgrade to export grade encryption which is much easier to break.
Is it a big deal?
As the researchers have shown, the systems that are vulnerable to this attack are quite common, however because this is a man-in-the-middle (MITM) attack between a client and a server, we would not expect to see massive use of this attack method in the wild. Another mitigating factor is that the systems that are already patched against the FREAK flaw are protected against this attack also.
What are the typical attack scenarios?
An attacker could carry out an attack by injecting themselves into communications between a client and a server as an MITM. This could be carried out in places offering public Wi-Fi such as an airport or cafe. The attack could also be carried out if the attacker can gain access to a wired network to intercept network traffic. Attackers who already have a network presence could potentially carry out this attack on a corporate network.
Who is affected?
According to the researchers, the Logjam attack works on all current browsers as well as up to 8.4 percent of websites supporting HTTPS from the top 1 million domains ranked by web analytics firm Alexa. This means that the problem is very widespread and concerns both consumers and business users. However, we have not seen any evidence of this attack being used in the wild.
What’s the impact?
The main impact of this vulnerability is the loss of secrecy. Many users worldwide are highly dependent on secure channels to exchange sensitive information such as trade secrets, payment card information when shopping online, or usernames and passwords when logging onto online services. This attack could compromise the secure channel, allowing the attacker to read and manipulate information that should be secure.
What should I do about this?
Home users should check for updates from the browser provider. All major browser vendors have been notified of the issue and are working on patches for it.
For business users running servers, make sure to disable support for export-grade cipher suites. This will help to address FREAK as well as Logjam. Administrators are also advised to use a unique 2048-bit strength Diffie-Hellman group for key exchange. The researchers behind Logjam have kindly provided some guidance on how to strengthen servers affected by this issue.
Customers can check their domains for Logjam, and other major vulnerabilities, using Symantec’s SSL Toolbox. Use this free tool to check for major issues, such as POODLE or Heartbleed, as well as potential errors in your SSL/TLS certificate(s) installation.
What the future holds
While logos may not accompany every new vulnerability, it’s clear to see that marketing is playing a much bigger role when it comes to communicating new security issues. The use of catchy names and logos looks like a trend that’s here to stay, thanks to Heartbleed.