Lucky13 SSL exploit reveals hidden risk in the pervasive security technology.
Secure Sockets Layer/Transport Layer Security is the foundational technology that secures Web transactions and communications, but it is not infallible.
New research dubbed Lucky13 reveals that SSL/TLS is at risk from a theoretical timing attack that could expose encrypted data. TLS headers include 13 bytes of data used for the secure handshake protocol, said researchers from Royal Holloway at the University of London, and they can be exploited in the Lucky13 attack.
The Lucky13 attack is not the first time in recent years that SSL/TLS has been found to be at risk. In September of 2011, the SSL BEAST attack was first reported. SSL BEAST was patched by Microsoft in January of 2012. The emergence of the new Lucky13 vulnerability is not a surprise to some SSL experts.
Ryan Hurst, CTO of GlobalSign, a SSL Certificate Authority, told eSecurity Planet that there has been some good research into SSL/TLS in recent years.
"Over the last two to three years we have started to see security researchers and universities taking research and seeing if it can be weaponized," Hurst said. "As a trend, I think we'll see more research into attacks that once were thought not to be possible, to actually be possible."
Why is an attack like Lucky13 theoretically possible today? It has a lot to do with increases in available computing and networking power. Though Lucky13 is a theoretically possible attack vector, hackers will likely not be interested in weaponizing it at the current time.
"Many people don't use HSTS, and there are plenty of opportunities to subvert SSL if you don't have a solid SSL configuration," Hurst said. "I don't want to trivialize the Lucky13 attack. It's cool research, but if I wanted to attack SSL I'd start with the initial connection."
HTTP Strict Transport Security (HSTS) is a recently ratified IETF standard to help ensure that browsers connect to a website over HTTPS. Without HSTS, it is possible for a user to insecurely log into a website that they should be logging into securely via HTTPS. At the Black Hat DC 2009 event, security researcher Moxie Marlinspike released a tool called SSLstrip that is able to deceive users and Web browsers into thinking they are on an SSL/HTTPS secured site when in fact they are not.
One of the enabling factors for the Lucky13 attack is the usage of a weak CBC (cipher-block chaining) cipher. One of the ways to avoid the Lucky13 attack is to not use a CBC cipher, though Hurst notes that CBC can be implemented properly to limit risk. Getting CBC implemented right is no easy task and involves a lot of technical subtleties.
"In the case of SSL, I don't recommend people deploy CBC-based ciphers today because of Lucky13," Hurst said. "But is CBC fundamentally flawed? No, it just needs to be used right."
For the Lucky13 attack, one possible fix to mitigate risk is on the server side implementations of SSL/TLS. Hurst suggests that all SSL server vendors, including OpenSSL and Microsoft, are now likely in the process of providing patches to their SSL/TLS servers to provide a constant time computation.
Hurst also suggests that users visit online SSL server validation tools, including one developed by his company. Security vendor Qualys also has an SSL checking tool. Those tools are able to look at a server configuration and make recommendations on proper deployment.
Another route to limit the risk of potential SSL vulnerabilities is for enterprises to have a solid grasp of the SSL certificates they are using and where they are being deployed. Jeff Hudson, CEO of Venafi, told eSecurity Planet that in his view most people don't know what they are using when it comes to SSL.
Venafi is a vendor of key and certificate management solutions. In Hudson's view, the Lucky13 vulnerability is not the first and won't be the last time that risks in SSL are exposed. "Any system of any kind of complexity always has vulnerabilities," he said.
For Hudson, managing SSL is all about trust and the ability to manage sources of trust in a rapidly evolving threat landscape.
"We do know that encryption and SSL certificates are foundational and we cannot get away from them as they are the very fabric of our digital world," Hudson said. "We can't change that; what you can do is get better at managing them."