A critical review of the Logjam Threat

LOGJAM A PRODUCT OF THE NSA?
A group of university researchers have discovered a vulnerability affecting the Diffie-Hellman key exchange which makes it susceptible to an attack called Logjam.
This exposes an implementation flaw allowing the shared key strength to be downgraded to a shorter key length which in turn means it is easier to decrypt and many encryption protocols use the same prime number to generate the secret key for encryption.The Diffie-Hellman key exchange is a cryptographic method for two computer hosts to generate a secret key without ever needing to send it down the public internet and many encryption protocols not just HTTPS, but also SMTP, IPSec VPN and SSH use it to set up shared secret keys.

The Logjam attack is an exploitation of the Diffie-Hellman key exchange protocol whereby a man-in-the-middle attack intercepts the Diffie-Hellman key exchange and downgrades it to an “export-grade” cipher using a 512-bit key but both computers still believe they are using 768- or 1024-bit keys (Elsevier, 2015). As a lot of protocols use the same prime numbers the attacker is able to calculate using the discrete algorithm the prime integer, and in conjunction with pre-cracked tables of secret keys they are then able to use these keys to decrypt the message.

This security loophole was made possible because of U.S. legislation during the 1990s imposing a 512-bit or lower encryption export ([1] Adrian, David et al, 2015) to certain countries for political reasons. The reason for this was to allow the American Government to decrypt the message digest but owing to this legacy legislation and web servers not being updated it has left us open to man-in-the-middle attacks like Logjam and variations like the Freak Attack.
Also as new revelations are being published from the whistle blower Edward Snowden Files it has become apparent that government organizations for example the NSA have been mirroring and storing all network traffic that is flowing through AT&T in San Francisco to a room that only the NSA have entry (Klein, Mark & Marcus, J. Scott (Testimony of), 2015). By incorporating security flaws the NSA will then have the time to crack these messages that have been stored off-line.

It is estimated that ‘An academic team can break a 768-key prime and that a nation state can break a 1024-bit prime’ (Schneier, B, 2015). Therefore remedial action needs to be carried out on all web browsers and web servers to accept a minimum of 2048-bit keys, however doing this could cause about 50% of the webs top million busiest sites being inaccessible to users trying to access them through their browsers. In reality because of ecommerce and legacy factors the recommendation has been to disable DHE_EXPORT cipher and use a minimum of a 1024-bit key for the initial connection which leaves only about 0.2% of secure website inaccessible, (Valentino-DeVries, J., 2015, May 19) but this is a reduction from the initial 8.4% ([2] Adrian, David et al, 2015) that was originally reported.

In conclusion the Logjam attack is rated a medium to low risk as “researchers said they were more likely to have been used by governments for surveillance than by criminals trying to steal credit-card numbers.”(Valentino-DeVries, J., 2015, May 19). In order to exploit this weakness the attacker needs to be able to intercept network traffic ,which on a wireless network at your local coffee-shop would pose a greater risk than being physically connected to your SOHO network.
It also goes to highlight that by just adding new security solutions without removing vulnerable technologies or updating them we are undermining the security, as shown in the Logjam vulnerability, where clients are able to be tricked into using old, less secure forms of encryption.
In addition, although the solution for this vulnerability is relatively easy, which top sites have already implemented, “there is this very long tail of sites that don’t patch, and as far as we can tell, this tail never ends.” (Valentino-DeVries, J., 2015, May 19). Therefore computer users will still be open to this sort of attack in the future.

References

[1] Adrian, D., Bhargavan, K., Durumeric, Z., Gaudry, P., Green, M., Halderman, J.A., Heninger, N., Springall, D., Thomé, E., Valenta, L., VanderSloot, B., Wustrow, E., Zanella-Béguelin, S., Zimmerman, P. (2015, October 12), ‘Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice’, CCS 2015 Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security, pp. 5-17 [Online]. DOI:10.1145/2810103.2813707 (Accessed 6 February 2016)

[2] Adrian, D., Bhargavan, K., Durumeric, Z., Gaudry, P., Green, M., Halderman, J.A., Heninger, N., Springall, D., Thomé, E., Valenta, L., VanderSloot, B., Wustrow, E., Zanella-Béguelin, S., Zimmerman, P. (2015), ‘Weak Diffie-Hellman and the Logjam Attack’ [Online]. Available at https://weakdh.org (Accessed 6 February 2016)

Anonymous (2015, May 20), ‘5 experts stuck in the Logjam: Vulnerability impact & insight’, Progressive Digital Media Technology News (London) [Online]. Available at http://search.proquest.com.libezproxy.open.ac.uk/docview/1682174722?rfr_id=info%3Axri%2Fsid%3Aprimo (Accessed 6 February 2016)

Anonymous,(n.d) ‘NSA Spying on Americans’, Electronic Frontier Foundation. Available at https://www.eff.org/nsa-spying (Accessed 13 February 2016)

Elsevier (2015), ‘Logjam is latest long-term flaw’, Network Security, vol. 2015, No. 6, pp. 2 [Online]. DOI:10.1016/S1353-4858(15)30044-1 (Accessed 6 February 2016)

Klein, Mark & Marcus, J. Scott (Testimony of),(2015) ‘AT&T’s Role in Dragnet Surveillance of Millions of Its Customers – Internet Spying in San Francisco’, Electronic Frontier Foundation. Available at https://www.eff.org/files/filenode/att/presskit/ATT_onepager.pdf

Schneier, B., (2015) ‘The Logjam (and Another) Vulnerability against Diffie-Hellman Key Exchange’, Schneier on Security.
Available at https://www.schneier.com/blog/archives/2015/05/the_logjam_and_.html
(Accessed 14 February 2016)

Smith, A. (2015, May 22), ‘Logjam isn’t the only reason your computer might be more vulnerable to internet threats’, The Conversation [Online]. Available at https://theconversation.com/logjam-isn’t-the-only-reason-your-computer-might-be-more-vulnerable-to-internet-threats-42229
(Accessed 9 January 2016)

Steeves, R. (2015, May 20), ‘Fix a security bug, break the Internet’, Inside Counsel. Breaking News [Online]. Available at http://search.proquest.com.libezproxy.open.ac.uk/docview/1682175169?OpenUrlRefld=info:xri/sid:primo&accountid=14697 (Accessed 6 February 2016)

Valentino-DeVries, J. (2015, May 19), ‘New Computer Bug Exposes Broad Security Flaws; Fix for Logjam bug could make more than 20,000 websites unreachable’, Wall Street Journal (New York, N.Y.) [Online]. Available at http://search.proquest.com.libezproxy.open.ac.uk/docview/1681650059?rfr_id=info%3Axri%2Fsid%3Aprimo (Accessed 6 February 2016)

Leave a Reply

Your email address will not be published. Required fields are marked *