DROWN attack

"DROWN" redirects here. For other uses, see Drown (disambiguation).

Broken lock logo symbolizing DROWN attack

The DROWN attack is a cross-protocol security bug that attacks servers supporting modern TLS protocol suites by using their support for the obsolete, insecure, SSL v2 protocol to leverage an attack on connections using up-to-date protocols that would otherwise be secure.^[1]^[2] DROWN can affect all types of servers that offer services encrypted with TLS yet still support SSLv2, provided they share the same public key credentials between the two protocols.^[3] Additionally, if the same public key certificate is used on a different server that supports SSLv2, the TLS server is also vulnerable due to the SSLv2 server leaking key information that can be used against the TLS server.^[4]

Full details of DROWN were announced in March 2016, along with a patch that disables SSLv2 in OpenSSL; the vulnerability was assigned the CVE ID CVE-2016-0800.^[5] The patch alone will not be sufficient to mitigate the attack if the certificate can be found on another SSLv2 host. The only viable countermeasure is to disable SSLv2 on all servers.

The researchers estimated that 33% of all HTTPS sites were affected by this vulnerability as of March 1, 2016.^[6]

Details

DROWN is an acronym for "Decrypting RSA with Obsolete and Weakened eNcryption".^[7] It exploits a vulnerability in the combination of protocols used and the configuration of the server, rather than any specific implementation error. According to the discoverers, the exploit cannot be fixed by making changes to client software such as web browsers.^[8]

The exploit includes a chosen-ciphertext attack with the use of a SSLv2 server as a Bleichenbacher oracle. The proof-of-concept attack demonstrated how both multi-GPU configurations and commercial cloud computing could perform part of the codebreaking calculations, at a cost of around $18,000 for the GPU setup and a per-attack cost of $400 for the cloud. A successful attack will provide the session key for a captured TLS handshake.

The investigators, who described the attack above as the general DROWN attack also found a specific weakness in the OpenSSL implementation of SSLv2 that allowed what they called a special DROWN attack. This vastly reduced the effort required to break the encryption, making real-time man-in-the-middle attacks possible that required only modest computing resources.

The original reporters of the bug were the security researchers Nimrod Aviram and Sebastian Schinzel.^[9]

Mitigation

To protect against DROWN, server operators need to ensure that their private keys are not used anywhere with server software that allows SSLv2 connections. This includes web servers, SMTP servers, IMAP and POP servers, and any other software that supports SSL/TLS.^[10]

The OpenSSL group has released a security advisory, and a set of patches intended to mitigate the vulnerability by removing support for obsolete protocols and ciphers.^[11] However, if the server's certificate is used on other servers that support SSLv2, it is still vulnerable, and so are the patched servers.

Numerous sources have recommended that the vulnerability be patched as soon as possible by site operators.

References

↑ Leyden, John (1 March 2016). "One-third of all HTTPS websites open to DROWN attack". The Register. Retrieved 2016-03-02.
↑ Goodin, Dan (1 March 2016). "More than 11 million HTTPS websites imperiled by new decryption attack". Ars Technica. Retrieved 2016-03-02.
↑ Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni, Emilia Käsper, Shaanan Cohney, Susanne Engels, Christof Paar, and Yuval Shavitt. DROWN: Breaking TLS using SSLv2, 2016
↑ Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni, Emilia Käsper, Shaanan Cohney, Susanne Engels, Christof Paar, and Yuval Shavitt. DROWN: Breaking TLS using SSLv2, 2016
↑ "National Cyber Awareness System Vulnerability Summary for CVE-2016-0800". web.nvd.nist.gov. Retrieved 2016-03-02.
↑ "DROWN Attack". drownattack.com. Retrieved 2016-03-24.
↑ "New TLS decryption attack affects one in three servers due to legacy SSLv2 support". PCWorld. Retrieved 2016-03-02.
↑ Nimrod Aviram, Sebastian Schinzel, Juraj Somorovsky, Nadia Heninger, Maik Dankel, Jens Steube, Luke Valenta, David Adrian, J. Alex Halderman, Viktor Dukhovni, Emilia Käsper, Shaanan Cohney, Susanne Engels, Christof Paar, and Yuval Shavitt. DROWN: Breaking TLS using SSLv2, 2016
↑ "DROWN - Cross-protocol attack on TLS using SSLv2 - CVE-2016-0800 - Red Hat Customer Portal". access.redhat.com. Retrieved 2016-03-02.
↑ "DROWN Attack". 1 March 2016.
↑ "Cross-protocol attack on TLS using SSLv2 (DROWN) (CVE-2016-0800)". OpenSSL. 1 March 2016.

External links

TLS and SSL

Protocols and technologies

Transport Layer Security / Secure Sockets Layer (TLS/SSL)
Datagram Transport Layer Security (DTLS)
DNS Certification Authority Authorization (CAA)
DNS-based Authentication of Named Entities (DANE)
HTTPS
HTTP Public Key Pinning (HPKP)
HTTP Strict Transport Security (HSTS)
OCSP stapling
Perfect forward secrecy
Server Name Indication (SNI)
STARTTLS
Application-Layer Protocol Negotiation (ALPN)

Public-key infrastructure

Automated Certificate Management Environment (ACME)
Certificate authority (CA)
CA/Browser Forum
Certificate policy
Certificate revocation list (CRL)
Domain-validated certificate (DV)
Extended Validation Certificate (EV)
Online Certificate Status Protocol (OCSP)
Public key certificate
Public-key cryptography
Public key infrastructure (PKI)
Root certificate
Self-signed certificate

See also

Domain Name System Security Extensions (DNSSEC)
Internet Protocol Security (IPsec)
Secure Shell (SSH)

History

Implementations

Notaries

Vulnerabilities

Theory	Man-in-the-middle attack Padding oracle attack Lucky Thirteen attack

Cipher	Bar mitzvah attack

Protocol	BEAST BREACH CRIME DROWN Logjam POODLE (in regards to SSL 3.0)

Implementation	Certificate authority compromise Random number generator attacks FREAK goto fail Heartbleed POODLE (in regards to TLS 1.0)

Hacking in the 2010s

Major incidents	Operation Aurora (2010) Australian cyberattacks (2010) Operation Payback (2010) HBGary Federal (2011) DigiNotar (2011) RSA SecurID compromise (2011) Operation Tunisia (2011) 2011 PlayStation Network outage (2011) Operation AntiSec (2011) Stratfor email leak (2012–13) LinkedIn hack (2012) South Korea cyberattack (2013) Snapchat hack (2013) Operation Tovar (2014) iCloud leaks of celebrity photos (2014) Sony Pictures hack (2014) Yahoo! data breach (2014) Office of Personnel Management data breach (2015) Hacking Team (2015) Ashley Madison data breach (2015) VTech data breach (2015) Bangladesh Bank heist (2016) Commission on Elections data breach (2016) Democratic National Committee cyber attacks (2016) DCCC cyber attacks (2016) Dyn cyberattack (2016)

Groups	Anonymous associated events Bureau 121 Cozy Bear CyberBerkut Derp Equation Group Fancy Bear GNAA Goatse Security Hacking Team Iranian Cyber Army Lizard Squad LulzRaft LulzSec New World Hackers NullCrew NSO Group PayPal 14 PLA Unit 61398 Pranknet RedHack The Shadow Brokers Syrian Electronic Army TeaMp0isoN Tailored Access Operations UGNazi Yemen Cyber Army

Individuals	George Hotz Guccifer Guccifer 2.0 Hector Monsegur Jeremy Hammond Junaid Hussain Kristoffer von Hassel Mustafa Al-Bassam MLT Ryan Ackroyd Topiary The Jester weev

Vulnerabilities discovered	Heartbleed (2014) Shellshock (2014) POODLE (2014) Rootpipe (2014) JASBUG (2015) Stagefright (2015) DROWN (2016) Badlock (2016) Dirty COW (2016) BlackNurse (Computer Security) (2016)

Malware	Careto / The Mask CryptoLocker Dexter Duqu Duqu 2.0 FinFisher Flame Gameover ZeuS Mahdi Metulji botnet NSA ANT catalog Pegasus R2D2 Shamoon Stars virus Stuxnet XAgent

This article is issued from Wikipedia - version of the 11/29/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.