Secure sockets layer (SSL) is used to protect millions of network users but how vulnerable is it? Over the last
several years, there has been an array of attacks designed to subvert SSL. While the technology is fundamentally secure, attackers are always looking for loopholes to bypass security protocols and standards. And SSL is a big target. It is used to protect sensitive Hypertext Transfer Protocol (HTTP) traffic. Attackers, who like to think outside the box, are always seeking new ways to gain access to sensitive data. Let's look at some of the different ways that hackers are trying to break SSL.
Trick, no treat: Trick the user to accept a bad certificate. This is the classic approach when targeting users of SSL. The idea is to get the user to click through to a website even though a warning or error is displayed to the end user. While this attack is easy to launch, it requires the victim to accept a certificate that clearly has problems. Most users will detect this type of fraudulent activity; therefore, the threat level is low.
Fraudulent certificates: While this approach may appear far-fetched, it has been successful in the past. In a few cases attackers have been able to obtain valid certificates and use them maliciously. In one case, hackers breached a Dutch certificate authority's security in 2011 and then created bogus certificates for sites like Yahoo, Google, Wordpress and others. With possession of valid certificates, the attackers got past HTTPS protections. Still, the overall threat level of this attack remains low.
Take away the SSL and send data via clear text: In 2009, a new technique to subvert SSL was pioneered with something called SSLStrip. Instead of attempting to get the user to click through warnings, this tool acts as a proxy and strips off the S in HTTPS so that the user is instead presented with HTTP. SSLStrip also allows the attacker to present the user with the favicon "lock" so the only indication that something is wrong is the browser's display of HTTP instead of HTTPS. If the user does not notice this one tiny detail, the attacker can gain access to secure data. The threat level of this attack is medium.
Crack the keys: Most certificates currently use 1,024-bit or 2,048-bit keys. The 2,048-bit-length keys are extremely strong and would require eons of time to crack using a standard desktop computer. That said, it has been reported that the National Security Agency has made great strides in gaining access to SSL traffic. While some theorize that the NSA may have discovered new quantum computing techniques, it is also entirely possible that the agency has simply obtained encryption keys or perhaps placed backdoors (entry points) into software and hardware. The threat level of the NSA or others accessing secure data in this way is unknown.
Learn more about SSL management
Why SSL certificate security matters
How trusted and forged SSL certificates work
SSL acceleration: The basics
Man in the middle: This attack is a form of active eavesdropping in which the attacker makes independent connections with the victim and relays messages to the server. Case in point: Lucky 13, named after 13-byte headers in Transport Layer Security Media Access Control calculations. While this ciphertext attack is theoretically possible, it would require a controlled environment and a very long amount of time; therefore, the threat level is considered very low.
Side-channel attacks: Over the last several years, several side-channel attacks have been demonstrated that can be used to recover HTTP requests and cookies used for authentication. Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext (BREACH) is one example. BREACH leverages compression and takes advantage of HTTP responses, which are compressed using mechanisms such as gzip. For the application to be vulnerable, it must use HTTP-level compression, reflect user input in HTTP responses and expose cross-site request forgery tokens in HTTP response bodies. While theoretically possible, controls can be used to mitigate this attack, and thus it's considered a low threat.
Indeed, many of these attacks are more theoretical than likely. That said, it's important to note that exploits like these typically get more refined with time. This is one of the reasons why you see 1,024-bit keys being phased out and replaced with 2,048-bit keys. To keep your information secure, strong encryption algorithms that are properly designed and implemented are needed. There is also a need for better laws to protect the privacy of individuals and for algorithms that are open to public review. Only then do we have a long-term fighting chance to be truly secure.
About the author:
Michael Gregg, CISSP, CISA, CISM, CASP, is an "ethical hacker" who provides cybersecurity and penetration-testing services to Fortune 500 companies and U.S. government agencies. He's published more than a dozen books on IT security and is a well-known speaker and security trainer. Gregg is chief operations officer of Superior Solutions Inc., headquartered in Houston.