While we’re all collectively struggling with how to internalize Logjam, a high-profile vulnerability that doesn’t have a catchy logo, I’d like to take those who are interested aside for a moment to consider how we might talk about the threat this vulnerability poses.
I’ll start with some basics, but if you want more technical details, the Tripwire VERT Alert is a good resource. Let’s start with what the vulnerability actually does.
Depth of Access
LogJam is actually two vulnerabilities rolled into one. First, there’s the ability to force a connection to use weaker encryption, and secondly, there’s the ability to greatly decrease the time required to crack an encrypted connection by doing some work ahead of time (precomputation).
Again, if you want the technical details, there are lots of resources [pdf] and discussions, but the end result is that these two conditions individually allow for an encrypted connection to be compromised, and together, make it feasible for an attacker to actually do so in real-world scenarios.
The real world consequence of exploit is a compromise of confidentiality; a successful attacker can read the traffic for your encrypted connection. There’s also the opportunity to compromise integrity by modifying the contents of a connection and passing the results along, but doing so in real-time, without substantial delay in the connection presents additional challenges.
LogJam uses a man-in-the-middle (MITM) attack, meaning that there are three parties involved in the attack scenario. Let’s call them Alice, Bob and James.
Alice and Bob want to exchange some information in a confidential way, not surprisingly, but they’re using a connection that’s vulnerable to LogJam. James would like to capture all the data from that exchange.
In order to successfully do so, James requires a few things:
- The ability to capture and send packets for the connection, e.g. an inline device or device on the same network
- Computational resources to compromise the initial key exchange, i.e. the precomputation
If we put this in real terms, James has to be in a position not just to capture the encrypted traffic, but to actually interrupt the connection, so that he can artificially force the encryption downgrade. Then, he has to have the resources to precompute the prime numbers used in the exchange, or rather has to have already done this ahead of time.
Resources aside, open Wifi is the most obvious attack vector for a targeted individual, and some large traffic aggregation point would be necessary for attacks at scale.
Understanding the way the attack works helps us model a profile of likely attackers. I can’t help but mentally model this process around a search metaphor—as you add parameters, you narrow the results.
In this case, the attacker must have selected a target, have the ability to actually man-in-the-middle their connection at some point (or all the time), and have the computational resources necessary. The computational resources part is that final parameter that narrows the results substantially. It’s really about cost, either paying for the compute cycles somewhere, or running them yourself. Regardless, there has to be something of sufficient value at the end to justify it.
Who might be able to reasonably apply such resources to this problem?
You might find the raw resources at a large company, university or government. It would be hard, though not impossible, to use them without some disclosure at a for-profit company or university. The reality is that nation-state actors are the most capable of undertaking this type of attack. While very possible to execute, this isn’t an inexpensive endeavor.
The end result of this blogalysis is a picture of what a likely target might look like.
If we’ve narrowed the field of probable attackers to nation-states, then the targets are going to be those individuals or organizations that have desirable data for adversary nation-states to acquire or modify. You might think that’s a small group, but it’s more expansive than you’d guess.
You can start with basically any government of significance, i.e. all the potential threat actors are also likely targets. Then you can add any economic power, since money is essentially a munition at this level. This paints a pretty compelling picture for large scale … uh … LogJammin’.
The paranoid, which describes a fair percentage of information security professionals, can easily extend the likely targets to individuals within any of these organizations. At this point, you’ve basically ruined the model, however, by being overly inclusive. Attacking an individual through a complicated man-in-the-middle attack on an encrypted connection that requires some ‘big iron’ reminds me of this XKCD classic.
There are less expensive ways, generally speaking.
If you’ve got responsibility for information security at an organization, you need a plan to apply the relevant patches for this vulnerability, and FREAK, POODLE, HEARTBLEED, etc. It’s important, and it will be important again soon. If you’re at a government agency, it’s probably a little more important. If you’re running a banana stand somewhere, then you probably have bigger concerns.