Home / Blog / 2014: The toughest year for cryptographic web protocols

2014: The toughest year for cryptographic web protocols

Posted on 12/30/2014, by Santiago González (INCIBE)
cryptographic web protocols

Security errors

SSL (along with its TLS evolution) is the most used cryptographic protocol in its different implementations to guarantee the confidentiality of communications on Internet. This is achieved by ciphering, via asymmetrical cryptography algorithms, the communications between the client (usually the user’s web browser) and the server it gains access to. When a website is shown using HTTPS, in reality the HTTP protocol is being used through a safe communication channel based on the security provided by SSL/TLS, which guarantees that if the communications are intercepted between the two points it won’t be possible to interpret the sensitive information transmitted. In 2014, various relevant vulnerabilities which are associated in one way or another to these protocols have been published. Some of these vulnerabilities are inherent to the protocol itself (errors or design flaws), whereas others refer to errors or flaws in the implementation of the aforementioned protocols, therefore only affecting technologies with those implementation errors. In what’s left of the article we will only discuss the most important ones that affect servers, and that are reflected in the following timeline.

protocolos criptograficos

The evolution and novelties of these vulnerabilities have been followed by the Security and Industry CERT operated by the INCIBE through different publications and notices.

However, to round off the year, it’s interesting to have a brief look back at the functioning and impact of each of these relevant security errors individually, along with a revision of the level of exposure of the .es domains to these vulnerabilities nowadays.

Heartbleed

Heartbleed is a vulnerability that is present in certain versions of the OpenSSL library, which enables an attacker to remotely read the memory of the systems that use this library, being able to compromise the security of ciphering passwords, credentials and other sensitive information of users of the services lodged in these systems. More precisely, the vulnerability affects the implementation of OpenSSL in the Heartbeat extension of the TLS protocol, used to maintain connections which haven’t got a continuous transfer of data open.

Heartbleed is a vulnerability that is present in certain versions of the OpenSSL library, which enables an attacker to remotely read the memory of the systems that use this library, being able to compromise the security of ciphering passwords, credentials and other sensitive information of users of the services lodged in these systems. More precisely, the vulnerability affects the implementation of OpenSSL in the Heartbeat extension of the TLS protocol, used to maintain connections which haven’t got a continuous transfer of data open.

Poodle

POODLE (Padding Oracle On Downgraded Legacy Encryption) inicialmente se aprovecha de una vulnerabilidad en el protocolo SSLv3 que permite a un atacante descifrar comunicaciones seguras, pudiendo obtener información privada como contraseñas o cookies de sesión. Aunque cliente y servidor estén configurados para utilizar protocolos más modernos como TLS, si ambos soportan el uso de SSLv3 la comunicación seguirá siendo vulnerable, ya que el atacante puede forzar el uso de protocolos más antiguos provocando errores de conexión. Para esto, Poodle requiere de la ejecución de un ataque de tipo “man-in-the-middle” previo con el objetivo de poder interceptar, modificar y descifrar la comunicación entre cliente y servidor.

Al tratarse de una vulnerabilidad asociada al protocolo y no a implementaciones concretas del mismo, no existe un parche como tal y la mejor contramedida es desactivar completamente el soporte para SSLv3 en los servidores que lo utilicen. Si el uso de SSLv3 es necesario por problemas de compatibilidad o por cualquier otra razón, existe un mecanismo denominado TLS_FALLBACK_SCSV (TLS Fallback Signaling Cipher Suite Value), que evita que los atacantes puedan obligar al servidor a utilizar protocolos antiguos.

Se ha determinado que POODLE es una vulnerabilidad de menor impacto que Heartbleed. En cualquier caso, SSL 3.0 es un protocolo de unos 18 años de antigüedad, y la aparición de POODLE probablemente suponga la desaparición definitiva de este protocolo en los productos más utilizados a corto o medio plazo.

Durante el mes de diciembre de 2014, se han publicado variantes de la vulnerabilidad para algunas implementaciones concretas del protocolo TLS, lo cual implica que podrían existir servidores vulnerables incluso habiendo desactivado el soporte para SSLv3.

 Winshock

The Microsoft Schannel Remote Code Execution Vulnerability (or WinShock) affects an element used in the majority of Windows systems both in server type technologies (Active Directory, IIs…) and clients (Windows Update, Internet Explorer…). Specifically, it affects the Microsoft Secure Channel component, which refers to a library that implements, amongst other packages, the safe SSL and TSL communication protocols used by Microsoft products. This security error enables the remote code execution in the vulnerable system, which could lead to problems such as service refusal, information theft or even total control of the attacked machine.

Differently from previous occasions, although the impact of this vulnerability continues to be high, the information of this vulnerability was published after the liberation of the patch that mitigated it on behalf of the manufacturer, so that the probability that it is being exploited in non-parched systems is much lower.

The patch of the manufacturer that enables to mitigate this vulnerability is KB2992611

 

Use of HTTPS in Spain

Since some time has passed since the publishing of these security errors, it’s interesting to unveil the level of exposure of Spanish domains to these vulnerabilities. In order to do so, the statistical analysis carried out in collaboration with Red.es on websites .es domains unravels the following information:

Gráfico HTTPS

From the data obtained, you can observe that as of today the level of exposure is relatively low, with 1,7% of webs that tolerate the use of SSL/TLS figuring as affected by any of the three vulnerabilities.

If we analyse each vulnerability in a more specific way, we obtain the following results:

Grafico vulnerabilidades

Contrasting the results, it can be observed that the number of websites that are vulnerable to POODLE is virtually insignificant, whereas the number of webs affected by Heartbleed has reduced drastically since the emergence of the vulnerability (Heartbleed desmitificado). The WinShock vulnerability is the one which appears most, possibly due in part to the fact that it’s the most recent.

Conclusions

Despite the seriousness of the mentioned vulnerabilities, the analysis carried out indicated that currently the rate of affectation in Spain is low.

The Security and Industry CERT operated by INCIBE has carried out in recent months a number of prevention tasks, getting in touch with those affected and contributing information about preventive and mitigation measurements. However, to avoid being affected by these vulnerabilities and others that could appear in the future, it’s always important to follow basic security recommendations such as keeping products updated and applying good practices in the configuration of systems.