As if the Heartbleed bug that had much of the world scrambling to patch and reissue certificates for the last few weeks was not bad enough, there is also a serious flaw in the TLS protocol that could allow attackers to intercept and decrypt communications and inject commands.
Security researchers have taken note of the vulnerability – dubbed “3Shake” (CVE-2014-1295) – after Apple issued a patch for their TLS/SSL code in iOS and OS X last week, but the flaw still remains exploitable on other platforms. Apples described the attack as follows:
“In a ‘triple handshake’ attack, it was possible for an attacker to establish two connections which had the same encryption keys and handshake, insert the attacker’s data in one connection, and renegotiate so that the connections may be forwarded to each other. To prevent attacks based on this scenario, Secure Transport was changed so that, by default, a renegotiation must present the same server certificate as was presented in the original connection.”
Security analysts say the vulnerability is no where on the scale of the Heartbleed bug, but nonetheless is evidence that the TLS protocol may not be as secure as previously believed.
“3Shake is not Heartbleed. That’s both good and bad. It’s good because Heartbleed was nasty and 3Shake really isn’t anywhere near as dangerous,” wrote cryptographer Matthew Green of Johns Hopkins. “It’s bad since, awful as it was, Heartbleed was only an implementation vulnerability — and one in a single TLS library to boot. 3Shake represents a novel and fundamental bug in the TLS protocol.”
TLS is a secure communications transport protocol that is made up of two sub-protocols denoted as the handshake protocol and the record protocol, where the latter authenticates the parties in the communication and establishes the encryption keys, and the latter employs the keys to in order to exchange data securely.
Green says this view of the process is overly-simplified, and that the problem is that there are actually several variants of the handshake, and more than one may be used in a single connection. This was supposedly mitigated by requiring a “secure renegotiation” process that attempts to bind the new handshake to the previous handshake, and that’s where the vulnerability comes into play.
“It turns out that TLS does a pretty good job of establishing keys with people you’ve authenticated. Unfortunately there’s a caveat. It doesn’t truly guarantee the established key will be unique to your connection,” Green wrote. “This is a pretty big violation of the assumptions that underlie the ‘secure renegotiation’…”
Green suggests those concerned can investigate possible fixes at this site.
Read More Here…