Researchers have uncovered yet another gaping encryption flaw, this time in the way some servers handle the Diffie-Hellman Key exchange, the vulnerability is similar to the FREAK attack and threatens the security of many email servers, HTTPS-protected websites, VPN’s and other online services. The vulnerability affects all major browsers and any server that can support export-grade 512-bit Diffie-Hellman cryptography.
A team of security researchers have unearthed a new attack known as LogJam, allowing a man-in-the-middle (MiTM) to downgrade encrypted connections between users and the web server. The flaw allowed researchers to downgrade the encryption to weaker 512-bit keys which could be easily decrypted.
Logjam and FREAK attacks have similarities, where FREAK forces SSL/TLS clients to weaken ciphers over the web allowing attackers to easily intercept and decrypt HTTPS-protected connections, LogJam resides in TLS directly.
Freak is an implementation flaw, while Logjam is due to a flaw in the design of the transport layer security (TLS) protocol, putting all web browsers, email servers, VPN’s and other services that rely on TLS vulnerable.
As discussed earlier, Logjam can exploit servers that support the cryptographic algorithm known as the Diffie-Hellman key exchange, allowing protocols such as HTTPS, SSH, SMTPS, and IPsec to negotiate a secret key used to secure the connection.
“Millions of HTTPS, SSH, and VPN servers all use the same prime numbers for Diffie-Hellman key exchange. Practitioners believed this was safe as long as new key exchange messages were generated for every connection. However, the first step in the number field sieve—the most efficient algorithm for breaking a Diffie-Hellman connection—is dependent only on this prime. After this first step, an attacker can quickly break individual connections,” the Logjam explanation reads, a flaw researched by a group of experts from Johns Hopkins University, Microsoft and the University of Michigan among other locations.
Logjam is a severe vulnerability for a number of reasons, including:
- Logjam allows potential attackers to trick web browsers into thinking the export key version is the regular key.
- A majority of systems reuse the same large numbers to generate keys, now making it faster and easier for attackers to crack.
- LogJam vulnerability has been present for over 20 years, affecting HTTPS, SMTPS, SSH, IPsec among other protocols that rely on TLS.
The bug affects all servers supporting DHE_EXPORT ciphers and all of todays modern browsers. Reports of an estimated 8.4 percent of the worlds top one million websites that utilize HTTPS and a number of mail servers are vulnerable to Logjam simply because they support those specific export keys.
LogJam and NSA?
Revisiting Snowden leaks, confidential NSA documents revealed the agency was massively surveling the electronic communications of millions, while simultaneously launching cryptographic attacks towards secure communications, but leaked documents did not disclose how the mass decryption tactics were made possible.
Recent disclosures of the Logjam attack make it apparent how the NSA, with their large amounts of computing power, were able to break heavily encrypted communications that made use of the algorithm.
“A close reading of published NSA leaks shows that the agency’s attacks on VPNs are consistent with having achieved such a break,” the paper said.
“Our calculations suggest that it is plausibly within NSA’s resources to have performed number field sieve precomputa- tions for at least a small number of 1024-bit Diffie-Hellman groups. This would allow them to break any key exchanges made with those groups in close to real time. If true, this would answer one of the major cryptographic questions raised by the Edward Snowden leaks: How is NSA defeating the encryption for widely used VPN protocols?,” the paper continued.
Are you Vulnerable to Logjam? Check Now!
Curios if your browser is vulnerable to Logjam? Click here to find out. Wait for a colored bar atop the screen to appear, if red, your browser is vulnerable, if blue, your browser is safe.
Currently, some major browser vendors are still vulnerable to Logjam attack. Major browser vendors affected include Mozilla, Chrome and Opera. Surprisingly, Internet Explorer was secure against the attack.
How to Protect Yourself against Logjam
Researchers recommend web server administrators to disable support for the export-grade cipher suites that allow Diffie-Hellman connections to be downgraded, while generating a new and unique 2084-bit Diffie-Hellman group. Researchers have a detailed guide on how to securely deploy Diffie-Hellman for TLS.
In the coming days, it is strongly recommended you stay on the lookout for browser updates and email client upgrades, ensuring you install them as soon as they become available.