Resolution of the latest SSL/TLS Vulnerabilities

Resolution of the latest SSL/TLS Vulnerabilities

In March 2015, about 30% of network communication was protected by RC4. Through the attack, attackers can only use sniffing listening in a specific environment to restore plain text in encrypted information protected by RC4, this results in exposure of important sensitive information such as accounts, passwords, and credit card information, and session hijacking can be performed through Man-in-the-middle.

Attack methods and modes

Attackers can sniff and listen to a large number of SSL connections and determine that the first encrypted message contains both SSL completion messages and HTTP requests. This information is predictable. Then, wait for a link with an immutable weak key to arrive. LBS can be extracted when a weak key link is obtained. When the weak key is used, the plaintext and the key are different or different. Attackers can see the generated ciphertext mode.

Attackers also conduct DNS poisoning and link all links to a malicious host. The host performs man-in-the-middle attacks to effectively perform sniffing and session hijacking for a large number of users.

Vulnerability principles and details

According to the lecture, the main cause of the vulnerability is that the immutable weak key is an L-Type Image in the RC4 key. Once it exists in the RC4 key, maintains the integrity of state transition throughout the initialization process. This complete Part includes the minimum valid bits in the replacement process. When the RPGA algorithm processes these bits, it determines the minimum valid bits of the pseudo-random output stream. The Byte and plaintext of these deviations are exclusive or, leading to leakage of important plaintext information in the ciphertext.

Status Conversion

This mode occurs when different numbers such as LSBs, a single LSB, and 2 LSBs lead to different types of RC4 Weak keys.

Preliminary report on the latest SSL/TLS Vulnerability "quit"

If a key of q-class (q refers to the number of LSB) is used, the following problems may occur:

The initialization Statement of RC4 does not properly match the state and key information, and stores K minimum valid bits in the internal state;

The initial status of RC4 has a fixed non-mixed q LSB;

The first minimum valid q bits of 30-50 bytes for text throttle observe the mode of determining the apparent probability;

The first minimum valid q bits of 30-50 bytes for text throttling has a significant probability of exposure.

SSL uses RC4 for encryption in many cipher suites. The RC4 key is generated during the handshake to encrypt the upstream and downstream data streams. The upstream data streams are used to encrypt the client-server data streams, and the downstream data streams are used to encrypt the server-client data streams. Encryption is stateful. The first encrypted stream is used to encrypt the information of the first byte, and the subsequent encrypted stream encrypts the next message (same as the CBC mode ). Because string encryption destroys the certainty of the lowest valid bit, immutable Weak keys can only be used for the first protected 100 bytes.

The SSL handshake End message is the first encrypted message in each direction (uplink and downlink), and the End message is fixed to 36 bytes, so there are 64 bytes left for attackers to use.

SSL server test: https://www.lighttp.com/isapi_redir.php? Token = 3798

IIS repair method (import the following registry ):

Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\DES56/56]"Enabled"=dword:00000000[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\NULL]"Enabled"=dword:00000000[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC240/128]"Enabled"=dword:00000000[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC256/128]"Enabled"=dword:00000000[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC440/128]"Enabled"=dword:00000000[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC456/128]"Enabled"=dword:00000000[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Ciphers\RC464/128]"Enabled"=dword:00000000[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\PCT1.0\Server]"Enabled"=dword:00000000[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL2.0\Server]"Enabled"=dword:00000000[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL3.0\Server]"Enabled"=dword:00000000[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\SSL3.0\Client]"DisabledByDefault"=dword:00000001