Skip to main content

Flaw in ServerKeyExchange messages of TLS Protocol


Here we will discuss the flaw in the ServerKeyExchange messages of the TLS protocol which caused the Logjam attack over TLS while using Diffie-Hellman Key Exchange.

Before SSLv3, we don't use to authenticate the ServerKeyExchange messages where server negotiates with client regarding usage of cipersuite and parameters.
From onwards SSLv3, TLS send the signed message where it mention about parameters it will use but remain silent over ciphersuite.

Or in other words, signed portion contains parameters but not contain information about ciphersuite the server will going to use.
Now just to remind you, the difference between DH and DH-EXPORT is the size of parameters only.

So how to use this flaw -

If the server supports DH-EXPORT, an attacker (Men-in-the-Middle) can edit the negotiation sent by the client (even if client doesn't support DH-EXPORT), and replace the list of client supported ciphersuite with DH-EXPORT only. The server will in turn send back a signed 512-bit export-grade Diffie-Hellman tuple, which the client will blindly accept -- because it doesn't realise that the server is negotiating the export version of the ciphersuite.

Logjam Attack
Logjam Attack

All this hard work will fails when client and server will exchange the Finished messages (this include Hash of all the data exchange between client and server).  The loophole (or the solution) of this is to recover the DH secret quickly before Finished messages exchanged between client and server.



So, the main task will be solve 512 bit discrete logarithmic problem before exchange of Finished messages. And this is a big task :).






Popular posts from this blog

Availability of 5 GHz WLAN Channels in India under unlicensed band

Availability of 5 GHz WLAN Channels in India under unlicensed band  In India, Wireless Planning and Coordination Wing of Department of Telecom, under Ministry of Communication takes care of licensing of radio frequencies.  In the latest National Frequency allocation plan 2018 (https://dot.gov.in/sites/default/files/NFAP%202018.pdf), Government of India (GoI), exempted the licensing requirements of the following radio frequency ranges for wireless usage and a gazette notification has also published for this (https://dot.gov.in/sites/default/files/License%20Exemption%20in%205%20GHz%20G_S_R_1048%28E%29%20dated%2022nd%20October%2C%202018_0.pdf)  -- 1.  5150-5250 2. 5250-5350 3. 5470-5725 4. 5725-5875 References
Read more

Why we have IPv6 after IPv4..... Where is IPv5 ?

IP or Internet Protocol, is the primary network protocol used on the Internet, introduced by Vint Cerf and Bob Kahn in 1974. IP version 0 to 3 was introduced and used between 1974 and 1979. After changes and refinements in initial IP protocol, version 4 was introduced in 1981, commonly known as IPv4, described in RFC 791 , which become the backbone of Whole Internet in no time. (IPv4 is know as v4 because it is the fourth version of IP not because it has 4 octets, which is a common myth). TCP/IP Protocol was designed as a part of project ARPANET, whose aim was to interconnect various universities and research institutes of USA. But with the dot com boom, TCP/IP grows like anything and its become a victim of its own success. In Early 90's, expert realized that we will exhaust the whole IPv4 number very soon and there is a need for a new protocol, which should be enough in size to serve the internet community for at least 30-40 years. This lead to new version of Internet Protoco...
Read more

Shouldn't India have a Root Server ???

A Root name server is a name server for DNS root zone. Every new DNS query resolved by our local resolver first goes to Root Name Server and then root name server directs it to required domain server. This means that if in any case, root name servers goes down, then whole internet goes down (don't worry this cannot be done so easily as most of root name servers are running on Anycast and located all over the world). Recently, an anonymous group posted, to target these 13 root name severs and to bring them down by DDOS attack on 31st March 2011, to protest against SOPA and PIPA. But as expected, they didn't succeed. The last time someone seriously tried to take out the root servers was about 4 or 5 years ago and they managed to take down six out of thirteen servers. I am not saying that it could not be done but it would be tough. Every root name server is operated by different organization (except 'A' and 'J' which are operated by VeriSign) but they all po...
Read more