Two security researchers claim to have found a way of breaking the SSL/TLS encryption that is widely used to guarantee...
the reliability and privacy of data exchanged between web browsers and servers.
The researchers, Thai Duong and Juliano Rizzo, are due to demonstrate their Browser Exploit Against SSL/TLS (Beast) at the Ekoparty security conference on Friday 23 September.
News of the Beast ahead of the demonstration has created a stir in the security community, according to Help Net Security.
The latest two versions (1.1 and 1.2) of the TLS cryptographic protocol are reportedly invulnerable to the exploit, but the majority of websites, VPNs and instant messaging services in operation use the vulnerable version 1.0 because of its compatibility with the widest range of other web technologies.
Unlike most published attacks against https that focus on the authenticity property of SSL, Beast attacks the confidentiality of the protocol, Duong told The Register.
Duong and Rizzo claim that Beast implements the first attack that actually decrypts https requests.
The researchers claim they have been working with browser and SSL suppliers since May, but every fix proposed so far has proved to be incompatible with some existing SSL applications.
Philip Hoyer, director of Strategy Solutions at ActivIdentity, said if the claims are true, authentication should be done as an ever-changing and one-time password, so even if the attacker sees a password, it always changes and hence cannot be guessed for the next authentication.
This can be achieved by many techniques, he said, both using one-time password (OTP) technology and public key infrastructure (PKI) using a challenge response.
"But this won't help to a level that is needed since the attacker can then simply read and hijack your session. So the only true defence from fraudulent transactions is to sign the transaction or part of the transaction data so that the attacker cannot inject bogus material," said Hoyer.
This means effectively using a token with a pin pad to enter transaction details or signing the transaction using a PKI certificate.
"This allows a cryptographic signature that the attacker can't forge and is intrinsically linked to the transaction data that is independent from the transport security and cannot be forged by the spying attacker," he said.
Hoyer believes this is the only way to stay secure until the infrastructure has been upgraded from TLS V1.0.