http://www.news.com/News/Item/0,4,23595,00.html?dd.ne.html.hl
E-commerce crypto code cracked
By Randy Weston
Staff Writer, CNET NEWS.COM
June 26, 1998, 1:05 p.m. PT
update Secure Internet commerce may not be so secure, at least in the sterile
environment of Bell Labs.
A computer scientist at Lucent Technologies' research arm in Murray Hill, New
Jersey, this week discovered a way to crack encryption code from secured Web
sites. Web server software firms have been scrambling this week to get a
software patch to customers to plug the security hole.
In theory, the discovery means a hacker could access a Web shopper's credit
card number, address, and other vital information as the user conducts a
transaction.
"The mechanism used is to send particular messages to a server and observe the
error messages," Daniel Bleichenbacher, the scientist who uncovered the
security breach told CNET NEWS.COM. "This gives me a bit of information of
what a decrypted message looks like. Whenever I don't get an error message
back, I also have some information on what the secret message looks like."
Bleichenbacher's department was researching ways of cracking various security
protocols. He said he chose the Public Key Cryptography Standard (PKCS) No. 1
protocol because it is so widely used in electronic commerce. He explained
that the method means someone needs to repeatedly send about a million
carefully constructed messages to a target server and that the hacker would
need a special connection to screen out any other Internet traffic.
The scientist also stressed that the sheer volume of messages required should
alert a network administrator to trouble.
"If they have a log and a batch log, they could see if an attack took place or
not," Bleichenbacher added. "You can detect when an attack takes place."
The news is still disheartening to the electronic commerce industry, which is
fighting a battle to persuade the public and corporate users that the Internet
is a safe place to conduct business.
Commerce software firms quickly went into a flurry of activity, writing and
distributing a software patch that would fix the problem. The companies
issuing the patch include Netscape Communications, Microsoft, and Security
Dynamics Technologies' RSA Data Security unit, whose SSL (Secure Sockets
Layer) technology is a key element in online commerce.
SSL is a key protocol for secure Internet commerce and communications.
Virtually all Internet credit card transactions today use SSL. However, this
security weakness is in specific implementations of SSL that use RSA's PKCS 1
tools, not in the standard itself.
"No updates are required for Internet client software," noted a Microsoft
security bulletin, which "strongly recommends" that customers using SSL on
their Internet servers install the patch. Netscape did likewise and said Bank
of America, its own Netcenter site, and other leading financial sites have
already installed the patch.
"The problems and updates have been rolled out before any attack was ever
mounted," said Brian Byun, Netscape's group product manager for security
products. "We take security issues very seriously, even if theoretical, as
this one was." Netscape termed the weakness "nearly impossible to exploit."
"The patch, like all great things in life, is amazingly simple," said Scott
Schnell, vice president of marketing at RSA. "The way a server vendor solves
the problem is if someone sends an improperly formulated message and you patch
the mechanism so it always returns the same message, there is no way for the
hacker to get the session keys."
Schnell explained that the error messages are implemented by the programmers
to track problems during the development and testing phases. He added that so
far the hacking has been isolated to a laboratory environment and has not
taken place in the real world.
"Discoveries like this are inevitable, and we have built them into being part
of our business," Schnell noted. "If we didn't, we wouldn't have been ready
for such an event as this. We are confident that there will be other
discoveries, and it is not if and when but how well people handle the problem
when it is discovered."
A complete scenario of the breach can be found on RSA's Web site.
"The vulnerability affects interactive key establishment protocols that use
the PKCS 1, including SSL," RSA executives said in a statement. "The
vulnerability does not apply to PKCS 1-based secure messaging protocols, such
as SET (Secure Electronic Transactions) and S/MIME (Secure Multipurpose
Internet Mail Extension) because they are not susceptible to or already
implement mechanisms preventing this potential vulnerability."
Bleichenbacher said he will continue his work to see if other holes can be
found in systems and other types of protocols.
In the network security field, researchers often publicize weaknesses to
motivate vendors to update their products and install the protection. This
particular vulnerability was in Web servers, meaning that individuals using
Web browsers don't need to do anything. Also, it means the weakness will be
easier to fix than if every browser had to be updated.
However, users likewise won't know for sure if a Web site has fixed the
security hole.
Reuters contributed to this report.
-o-
Subscribe: mail majordomo@sekurity.org with "subscribe isn".
Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
Received on Mon Jun 29 10:23:47 1998