English summary of RUB team announce: http://aktuell.ruhr-uni-bochum.de/pm2011/pm00330.html.en
Their paper: http://www.nds.rub.de/media/nds/veroeffentlichungen/2011/10/22/HowToBreakXMLenc.pdf
German computer scientists have cracked components of an encryption system used to securely exchange data between e-commerce and banking systems. Boffins from the Ruhr University of Bochum (RUB) have devised a technique partly based on analysing error messages returned when carefully modified cipher text is submitted to a web …
Thanks to AC above for posting the link to the paper. I just skimmed it, but here are some comments on the article:
- The attack applies to XML Encryption with any block cipher running in CBC mode. The current XML Encryption standard permits AES and 3DES as block ciphers, and CBC is the only mode it allows. So this also applies to 3DES-CBC.
- "An RSA key and X.509 certificates" is of course a largely meaningless phrase in this context. (And yes, I saw this came from the H Security piece, which is equally rubbish.) RSA is an asymmetric algorithm, so its keys come in pairs; X.509 certificates can be used for many purposes. The paper doesn't mention asymmetric encryption (or stream ciphers, but XML Enc currently doesn't support any); it's only concerned with block ciphers. Encrypting a message of more than trivial length with an asymmetric algorithm is generally a pretty dumb thing to do, though XML Enc does allow this. In the real world, the only place you're likely to see RSA used with XML Enc is to transport session keys, using PKCS#1 or OAEP.
- Here's the essence of the attack, for non-crypto folks. CBC has a well-known weakness: if you tweak the ciphertext with XOR, and someone tells you whether it decrypts "correctly", you can derive some information about the plaintext. The authors of this paper have developed some clever new attacks using this weakness that apply specifically to XML Enc. The trick is getting the server to try to decrypt the tweaked ciphertext, and having it tell you whether there are improperly encoded characters in it - that's the side channel.
- The authors show that enabling XML Signature does NOT mitigate against the attack. You'll see from the previous point, though, that changing the server to not tell the client why it's rejecting a request disables the side channel and DOES mitigate the attack (again, as noted by the authors). So that's one short-term option. It makes things harder on legitimate users, but who cares about them, eh?
- But note that's "mitigates", not "prevents". The authors make some good suggestions for opening other side channels.
- The attack takes, on average, 14 queries by the attacker *per byte of cracked plaintext*. Now, a knowledgeable attacker won't need to decrypt all of the ciphertext - XML is hugely redundant - but it should be possible to detect a simplistic attack like this heuristically and block it. So work on those Snort rules.
But in the longer term, it does look like XML Encryption is broken and will have to be fixed in the standard by a significant change.
Messaging app Telegram, which came to prominence for offering end-to-end encryption that irritated governments, has celebrated passing 700 million active monthly users with a pastel-hued announcement: a paid Premium tier of service.
A Sunday post celebrates the 700 million user milestone by announcing a $4.99/month tier. The Premium tier distinguishes itself from the freebie plebeian tier with the ability to upload 4GB files, unthrottled downloads that come as fast as users' carriers will allow, and the chance to follow up to 1000 channels, create up to 20 chat folders each containing up to 200 chats, and to run four accounts in the Telegram app.
Paying punters will also get exclusive stickers and reactions and won't see ads once they sign up to hand over coin each month.
Analysis Startup QuSecure will this week introduce a service aimed at addressing how to safeguard cybersecurity once quantum computing renders current public key encryption technologies vulnerable.
It's unclear when quantum computers will easily crack classical crypto – estimates range from three to five years to never – but conventional wisdom is that now's the time to start preparing to ensure data remains encrypted.
A growing list of established vendors like IBM and Google and smaller startups – Quantum Xchange and Quantinuum, among others – have worked on this for several years. QuSecure, which is launching this week after three years in stealth mode, will offer a fully managed service approach with QuProtect, which is designed to not only secure data now against conventional threats but also against future attacks from nation-states and bad actors leveraging quantum systems.
Another ransomware strain is targeting VMware ESXi servers, which have been the focus of extortionists and other miscreants in recent months.
ESXi, a bare-metal hypervisor used by a broad range of organizations throughout the world, has become the target of such ransomware families as LockBit, Hive, and RansomEXX. The ubiquitous use of the technology, and the size of some companies that use it has made it an efficient way for crooks to infect large numbers of virtualized systems and connected devices and equipment, according to researchers with Trend Micro.
"ESXi is widely used in enterprise settings for server virtualization," Trend Micro noted in a write-up this week. "It is therefore a popular target for ransomware attacks … Compromising ESXi servers has been a scheme used by some notorious cybercriminal groups because it is a means to swiftly spread the ransomware to many devices."
Proposed European regulations that purport to curb child abuse by imposing mass surveillance would be a "disaster" for digital privacy and strong encryption, say cybersecurity experts.
A number of options have been put forward for lawmakers to mull that aim to encourage or ensure online service providers and messaging apps tackle the "detection, removal, and reporting of previously-known and new child sexual abuse material and grooming."
These options range from voluntary detection and reporting of child sexual abuse material (CSAM) and grooming, to legally mandating that service providers find and report such material using whatever detection technology they wish — essentially scanning all private communications and, if necessary, breaking end-to-end (E2E) encryption for everyone.
US president Joe Biden issued two directives on Wednesday aimed at ensuring the nation – and like-minded friends – remain ahead of other countries in the field of quantum computing. Especially as applied to cryptography.
The first directive, an Executive Order, creates a National Quantum Initiative Advisory Committee comprising up to 26 experts from industry, academia, and federal laboratories – all appointed by the president and under the authority of the White House. The committee is an enhancement to the National Quantum Initiative Act – a 2018 law that provides $1.2 billion and a plan for advancing quantum tech.
The other directive is a memorandum designed to promote US leadership in quantum computing while mitigating risks to cryptographic systems.
Kaspersky has found a vulnerability in the Yanluowang ransomware encryption algorithm and, as a result, released a free decryptor tool to help victims of this software nasty recover their files.
Yanluowang, named after a Chinese deity and underworld judge, is a type of ransomware that has been used against financial institutions and other firms in America, Brazil, and Turkey as well as a smaller number of organizations in Sweden and China, Kaspersky said yesterday. The Russian security shop said it found a fatal flaw in the ransomware's encryption system and those afflicted can get a free fix to restore their scrambled data.
Symantec's threat hunters uncovered this Windows ransomware strain in the fall and said unknown fiends have been using it to infect US corporations since at least August 2021.
End-to-end encryption (E2EE) has become a global flashpoint in the ongoing debate between the security of private communications versus the need of law enforcement agencies to protect the public from criminals.
The Register has written at length about this increasingly strident back-and-forth that is seeing proponents of both sides more entrenched in their beliefs.
London-based think tank the Royal United Services Institute (RUSI) released a report [PDF] this week laying out the contours of the privacy-vs-safety debate, weighing the needs and exploring possible solutions.
OpenSSH 9 is here, with updates aimed at dealing with cryptographically challenging quantum computers.
The popular open-source SSH implementation aims to provide secure communication in a potentially unsecure network environments. While version 9 is ostensibly focused on bug-fixing, there are some substantial changes lurking within that could catch the unwary, most notably, the switch from the legacy SCP/RCP protocol to SFTP by default.
The OpenSSH group warned the change was coming earlier this year, with a deprecation notice in February's version 8.9 release. Experimental support for transfers using the SFTP protocol as a replacement for the SCP/RCP protocol turned up in version 8.7 in August 2021 with the warning: "It is intended for SFTP to become the default transfer mode in the near future."
IBM has unveiled a cloud-based key management service that should make it easier for organizations to manage encryption keys across complex multi-cloud hybrid environments, as well as on-premises.
The new support comes in the form of the Unified Key Orchestrator, a multi-cloud key management product sold as a managed service as part of IBM's Cloud Hyper Protect Crypto Services.
Many organizations have by now adopted a multi-cloud strategy, hosting workloads in the most advantageous location, whether that is in a public cloud or in the organization's own datacenter.
House Democrats on Monday plan to introduce a law bill that calls for the development of an electronic version of the US dollar that has the same legal status and privacy expectations as physical currency.
The bill, titled Electronic Currency and Secure Hardware (ECASH) Act, would direct the US Treasury Department to establish a program to coordinate the development and implementation of e-cash and the technology necessary to support it, such as cryptographic hardware.
Sponsored by Rep Stephen Lynch (D-MA), Chairman of the Task Force on Financial Technology, and by Rep Jesús "Chuy" García (D-IL), who serves on the Committee on Financial Services, the ECASH Act represents a response to recent calls by the US Federal Reserve and the Biden administration to promote the development of digital assets.
Biting the hand that feeds IT © 1998–2022