On Nov 8, 2009, at 7:45 PM, Thorsten Holz wrote:
...There are several approaches to stop (or at least make it more difficult) this attack vector. A prototype of a system that implements the techniques described in your blog posting was presented by IBM Zurich about a year ago, see http://www-03.ibm.com/press/us/en/pressrelease/25828.wss for details.
Bring two threads together: The ZTIC is designed to work with unmodified servers, hence implements SSL/TLS internally. Could the recently discovered SSL injection attack be used against it? (I haven't thought it through and have no idea.) Whether or not it can, it demonstrates the hazards of freezing implementations of crypto protocols into ROM: Imagine a world in which there are a couple of hundred million ZTIC's or similar devices fielded - and a significant vulnerability is found in the protocol they speak. (Since we're talking about a *protocol* vulnerability, having multiple competing implementations doesn't help.)

Now, you could make the same argument about the encryption mechanisms - AES, RSA, whatever else is frozen in that silicon - as well. We're reasonably sure of our ability to build strong block and public key ciphers - there have been no significant (publicly known!) breaks in any fielded system in years. The problems with hash functions show that our abilities there aren't as good as we thought. But this recent attack against SSL/TLS, studied by so many people for so many years, should make us really humble about the state of the art in secure protocol development.

Not that this should block the use of devices like the ZTIC! They're still much more secure than the alternatives. But it's important to keep in mind the vulnerabilities we engineer *into* systems at the same time we engineer others *out*.
                                                        -- Jerry

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to