Hacker group releases attack tool for SSL
- By William Jackson
- Oct 25, 2011
A German hacker group has released a tool for launching denial-of-service attacks against Secure Sockets Layer servers used to secure online transactions, exploiting vulnerabilities that have been known for years.
The group, The Hacker’s Choice said in a press release issued Oct. 24 that the tool is an effort to force the industry to correct flaws in the SSL protocol.
“We are hoping that the fishy security in SSL does not go unnoticed,” the group said in the release. “The industry should step in to fix the problem so that citizens are safe and secure again.”
Team cracks chips used in military, aerospace systems
Cracks in encryption security for embedded chips not fatal, company says
Paul Kocher, co-author of SSL v. 3.0, disagreed with the hackers’ assessment.
“This isn’t a vulnerability in the protocol,” said Kocher, president of Cryptography Research Inc. Instead, it's a question of how much computational effort is required to do the cryptography, and the attack threat probably can be defended against with proper configuration of servers, he said. “I wouldn’t expect there to be any protocol changes as a result of this.”
SSL is a commonly used tool to secure network connections using public-key cryptography (and it puts "HTTPS" into the URL). The group described SSL security as out of date and needlessly complex. The THC SSL DOS tool leverages the disproportionate amount of processing power required for a server to establish a secure SSL connection and exploits the secure renegotiation feature of SSL servers by triggering thousands of renegotiations with a single TCP connection.
The group said that because of the asymmetric computing requirements, a single laptop with a DSL connection can take down an average SSL server. Taking down a larger server farm using SSL load balancing would take 20 laptops.
“All in all, superb results,” the group said in the release.
The Hacker’s Choice describes itself as a group of computer enthusiasts and security researchers dating back to 1995.
“THC is not an underground hacking club for illegal activities,” the group says. “Our team consists of open-minded, friendly people concerned with real problems. If you prefer doing your stuff alone in the dark or seek to conflict with laws, THC is not your group.”
The group has released a number of software tools, including an IPv6 attack toolkit for scanning and exploiting inherent vulnerabilities in the new version of the Internet Protocols, vulnerability scanners, password crackers and tools to unlock cell phones, as well as T-shirts.
The group described the DOS tool as a proof of concept that was released publicly after it they realized it had been leaked several months ago. It uses a technique called resource exhaustion, rather than flooding, to overwhelm a server. Flooding typically requires a number of attacking computers in a distributed attack to knock a server offline with the sheer volume of requests. Resource exhaustion relies on the fact that establishing a secure SSL session requires 15 times more processing power on the server side than on the client.
This disparity can allow a single computer with limited bandwidth to swamp a server. The effect is amplified by exploiting secure renegotiation, which further consumes capacity by forcing the server to repeatedly renegotiate the exchange of cryptographic keys. The feature is enabled by default on most servers, although it rarely is used, THC said.
“Renegotiating key material is a stupid idea from a cryptography standpoint,” the group said in its release. “If you are not happy with the key material negotiated at the start of the session, then the session should be re-established and not renegotiated.”
The group said there are no short-term fixes to the vulnerabilities but advised that disabling SSL renegotiation or using an SSL accelerator to offload some of the processing from the server could help, although either countermeasure can be circumvented by modifying the attack tool.
Kocher said the renegotiation feature is a relic of older cryptographic export control rules that could require use of different strength keys for connections with different countries that probably are seldom used now. He said that turning off renogiation and using SSL acceleration should be an adequate protection against denial-of-service attacks, and is more efficient than chaning the protocols and making them more difficult to use.
“There certainly are a lot of badly configured servers out there,” he said, and the release of the attack tool could spur them to correct problems. But most bit users of SSL should already be prepared to deal with DOS attacks, he said.
William Jackson is a Maryland-based freelance writer.