Glaring Flaws Uncovered In Web Encryption Protocols

Tom Brewster is TechWeek Europe's Security Correspondent. He has also been named BT Information Security Journalist of the Year in 2012 and 2013.

TLS/SSL encryption standards have a flaw which allows man-in-the-middle attacks, while the GnuTLS implementation has a long-running weakness

Some widely used encryption standards on the Internet have gaping holes in them that could allow attackers to bypass protective layers, security researchers have warned. Red Hat has found a long-unnoticed hole in a free software implementation of the TLS security standard, while French security experts have found a way to subvert the TLS protocols themselves with a man-in-the-middle attack.

One of the problems uncovered by Red Hat lies in the GnuTLS library, which has been found to incorrectly handle certain errors that could occur during the verification of an X.509 certificate, used for the handshake process common to this form of encryption. GnuTLS is a free software library that provides an interface to a secure network transport layer. It was created so TLS (transport layer security) could be used by free software – as opposed to open source software which can use the OopenSSL software. This problem meant a connection using GnuTLS could falsely report a successful verification.

Encryption fail

security vulnerability Shutterstock - © Andy Dean Photography

GnuTLS can be used by almost any system, but in practice is mostly limited to Linux systems, many of which also use OpenSSL. Linux users have reported that the software is in fact not so widely used as some have said.

It was a similar problem to that recently seen in iOS and Mac OS X, which also made false validations possible. An attack would see a hacker create a fake certificate and potentially carry out further attacks which appear to come from a legitimate service.

“An attacker could use this flaw to create a specially crafted certificate that could be accepted by GnuTLS as valid for a site chosen by the attacker,” Red Hat wrote in its advisory for its Enterprise Linux 6 product. “Users of GnuTLS are advised to upgrade to these updated packages, which correct this issue. For the update to take effect, all applications linked to the GnuTLS library must be restarted.”

All Linux users or anyone who knows they run the GnuTLS library should update given the apparent severity of the issue, security experts said.

Another SSL encryption weakness

Meanwhile, a more difficult – but more widely applicable – attack has been reported by researchers from the French National Institute for Research in Computer Science and Control. The experts detailed a “triple handshake attack” on TLS/SSL encryption. It sees a malicious server using the same key a client used to connect to a non-malicious server. Normal protections against this are circumvented by injecting session resumption between handshakes.

It is essentially a very smart man-in-the-middle attack, allowing the attacker to spy on a target’s internet traffic and steal credentials for websites the victim visits. The  Internet Engineering Task Force has proposed some countermeasures on its website.

“To summarise the attacks briefly, if a TLS client connects to a malicious server and presents a client credential, the server can then impersonate the client at any other server that accepts the same credential,” the researchers wrote on their website.

“Concretely, the malicious server performs a man-in-the-middle attack on three successive handshakes between the honest client and server, and succeeds in impersonating the client on the third handshake.

“Our attacks exploit a lack of cross-connection binding when TLS sessions are resumed on new connections.”

Are you a security expert? Try our quiz!