Breaking https:// with Bar Mitzvah


Shamir (The S of RSA) once predicted that the use of Stream Ciphers, like RC4, would inevitably decline over time. Stream Ciphers, while less secure than block ciphers, are faster and simpler to implement than block ciphers. However, with the increasing processing power of computers and the increasing understanding and adoption of Block Ciphers, Stream Ciphers are fast on the decline. Additionally, the weaknesses of Stream Ciphers like RC4 have also left administrators rushing to replace it with Block Ciphers.

1. Implications of Bar Mitzvah

Recently a new discovered attack on an RC4 implementation of TLS, dubbed Bar Mitzvah, may be the final nail in the coffin for RC4 and also for TLS versions 1.0 and 1.1. Whilst the RC4 weaknesses exploited in this attack were first published two years ago, a practical attack wasn’t feasible until a security researcher, Itsik Mantin from Imperva, discovered Bar Mitzvah.

2. RC4 basics

The RC4 algorithm is a Stream cipher that encrypts each plaintext value with a pseudorandom string of bits, known as the keystream. To generate the keystream, a secret key is combined with an initial array of values to form a permuted state, which then goes through more permutation before it is XOR’ed with the plaintext to create the ciphertext. To increase the randomness of the first permuted state, the combination of the key and initial value is done one character at a time and the result is used in the combination of the next value and so on. As the length of the initial array is fixed (e.g. at 256 bytes) and the key length is variable (e.g. may only be 128 bytes), the key is repeated to make up the bytes of the array.

The RC4 algorithm is here (from Wikipedia)

3. RC4 weaknesses

The RC4 algorithm has a few known weaknesses. Due to the way RC4 is initialised, there are single byte biases found in first few bytes of the keystream where the probability of a certain value occurring is statistically higher than average. Another problem is the invariance weakness, which is a key pattern that appears when using weak RC4 keys. This makes its possible to detect specific patterns in the cipher when weak keys are used (e.g. the Least Significant Byte of weak 16 byte keys have statistical biases e.g. even number/multiple of four have a higher probability of occurring etc.)

4. RC4 attacks

RC4 weaknesses have been used to break encryption before. WEP (Wired Equivalent Privacy) used small-sized fixed length (40 bit) keys that were shared across internal networks and never changed. Additionally it also concatenated a small-sized (24 bit) Initialisation Vector (IV) before the key. This made WEP a prime candidate for brute force attacks and a reason why the new Wireless standards enforce the use of AES block ciphers.

5. Bar Mitzvah

The recent Bar Mitzvah attack exploits the fact that in TLS, the first encrypted bytes include predictable information related to the SSL handshake. Therefore, you can use plaintext to compare against the keystream pattern of a known weak key to check if any ciphertext pattern emerges. This requires many encrypted sessions to complete, which may be possible if users have Javascript malware running on their browser, sending multiple requests to the server.

For more information

3 examples when Digital Payments failed. What can they learn from store cards?


1. BebaPay

BebaPay was Google’s attempt to introduce digital payments to Kenya. BebaPay was a prepaid card powered by Near Field Communication (NFC) technology. It was first introduced to the transport system with the view to extend to shops and small businesses. BebaPay also hoped to expand to other parts of Africa eventually. It was introduced to the transport system to solve the inefficiencies of the current cash-based system. Commuters were running out of change, losing their tickets and sometimes being overcharged. Drivers and conductors were unable to obtain meaningful data to assess where the popular routes were. BebaPay was trying to make payments simpler but ultimately found it hard to compete with the simplicity of cash. With cash, bus operators were paid in real-time and to the full cent. They also had more flexibility and privacy to do as they wish with the cash. For everyday consumers, BebaPay was less convenient than cash and therefore had no value-add. With the bus operators offside, commuters indifferent and no regulation/law to enforce the use of BebaPay. It died.

2. Square Wallet

Square was a digital wallet, invented by Jack Dorsey (inventor of Twitter). Square is a mobile application with a credit card reader attached to a plug-in from a headphone jack. Customers could swipe their credit card and set up a tab with their name and then head into one of the participating stores to pay by just saying their name. It was supposed to revolutionize payments by making transactions more human and easier. However, against the convenience of cash, cards and the benefits of store cards, Square did not add enough value to cause any real disruption. Even with Starbucks and Whole Foods Markets on-boarded, it failed to gain widespread adoption. The application was removed from Apple and Play stores.

3. Google Wallet

Similarly, Google Wallet failed to gain adoption for similar reason. The NFC chip wasn’t integrated with many devices and the user experience wasn’t compelling enough to gain widespread adoption. It made payment simpler but not simpler than what was already available.

Digital payment ventures based only around the idea of simpler payments may wish to ask themselves the following questions. Am I really making it simpler? How well do I know my customers, both the merchants and users? Will I be adding an additional layer of complexity?

Vs Starbucks

Alternatively, store cards like the Starbucks store card have done very well. Starbucks store cards have had widespread adoption with millions of active users and billions of dollars being deposited into their cards annually. The differentiator being the loyalty program and free in-store deals that provides customers with a true end-to-end customer and payment experience.

Smart rings – The future digital ringleaders?


Across the world, researchers are exploring new ways to create the next generation of wearables – smart rings.

A small band wrapped around a finger may seem underwhelming at first, especially since smart watches are just only coming to market, but great things come in small packages. From how we unlock phones and doors, to how we store sensitive data and interact with screens, smart rings may change the game completely. These new technologies have secured some serious money through crowdfunded initiatives and have attracted some interest from consumers already.

Three developments to watch out for:

1. NFC Ring
Created in the UK by John McLear, this incorporates the use of passive Near Field Communications (NFC) Technology to unlock phones, doors, turn wifi on/off and transfer information. There is also a secondary NFC tag inlay in the ring to store sensitive information. The use of passive tags is more secure (read-only data and accessible only at close range e.g. 4cm), water resistant and doesn’t require any power. NFC is already widely used across multiple industries e.g. contactless payments through PayPass, tapping on/off at train stations etc. NFC Ring has already raised £241, 947.

A demonstration of using a NFC ring to lock/unlock your phone

2. Ringly
Created in the USA by Christina Mercando, in collaboration with designers and engineers in MIT, Ringly allows you to receive notifications for messages and missed communitications (even when the phone is out of reach). The ring can be charged in the Ringly case and this will be required every 2-3 days. Out of all the smart rings, this is perhaps the most stylish ring and offers consumers a wide choice of ring designs and specifications. So far, Ringly has raised $5.1 million in funding.

3. Ring Zero
Created in Japan by Takuro Yoshida and launched recently. This ring, using bluetooth technology, allows users to use hand gestures to complete actions like the following from a distance of 2-15 metres.
– Flip presentation slides without a remote
– Open/Close doors (including garage doors)
– Turn lights on and off
– Write text on screens.
This initiative has so far raised $900,000 and has an active community of users who provide feedback to the creators to continuously improve the look, design and usability of the ring.

New technologies can provide new ways for criminals to steal information and commit fraud. They can also provide added layers to increase the security of existing  technologies. This all depends on the implementation of the technology and the security awareness of the users.

A billion data records leaked in 2014

Security News

2014 was the year when “designer vulnerabilities” emerged, when breaches and security incidents were being announced so fast that we struggled to keep up, when old financial malware began being used to hit new targets.

The recently released IBM X-Force Threat Intelligence Quarterly notes that in 2014:

  • More than a billion emails, credit card numbers, passwords and other types of personally identifiable information have been leaked online in wake of security breaches. “Based on pure volume, the total number of records breached in 2014 was nearly 25 percent higher than in 2013,” the researchers added.
  • When primary points of entry are well secured, cyber attackers will seek other ways to breach the target. “A prime example was the public disclosure of sensitive photos stored on a cloud service. The security of the cloud service itself was not fundamentally flawed, but users’ weak passwords and easy-to-guess security questions, coupled with lax…

View original post 157 more words

Breaking https:// with POODLE. How does it work?


This is an introduction to some basic concepts around how POODLE (Padding Oracle on downgraded legacy encryption) works. There are plenty of other blogs/videos that go into greater detail about how it works but the basics can help to provide a framework to navigate through the detail. 

Basically POODLE discovered that it was possible to decrypt some parts of encrypted SSL sessions via a man-in-the-middle. A victim can be vulnerable when using public wifi or if they have some nasty malware on their computers. 

1. Basics of Cipher Block Chaining 

During the SSL handshake, symmetric keys are exchanged to encrypt sessions. Sessions encrypted via the Cipher block chaining method are susceptible to what is known as a padding oracle attack. CBC is a method of symmetric block cipher cryptography. In CBC, a message is broken into 3 blocks of equal size blocks (eg 8 bit blocks). Each plaintext block is encrypted sequentially until you end up with 3 blocks of ciphertext. Before each block is encrypted, it is XOR’ed with the previous ciphertext block (the first block is XOR’ed with a block of random bytes known as IV) . To decrypt, this operation is reversed e.g.  Encrypted block is XOR’ed with the previous ciphertext block and then decrypted. This operation results in a very random block of ciphertext being produced every time. It is almost impossible to break however….

2. Padding in CBC

Most messages are not perfect block sizes of x bytes. Actually, messages may be of varying length. As block ciphers require the blocks to be of exact x bytes, extra padding (a string of random bytes) is added to fill up any unused bytes. The length of the padding is also stored as the last byte of the encrypted block. 

3. How padding checks can weaken security

Once the message is decrypted, servers undergo two checks. The first is to validate the padding length. If the padding length doesn’t match the actual padding, this will result in an error. The second check is a MAC on the encrypted block. This check verifies that the encrypted block hasn’t been altered during the transition.

This poses a problem. As the padding is checked before the MAC checks, a man-in-the-middle can intercept the message and try to guess what the padding length is. In only 255 guesses, he/she will be able to decrypt the last byte. 

4. Chosen ciphertext attack

If you recall, encrypted blocks are XOR’ed with the previous ciphertext block before it is decrypted. Therefore, you can substitute the last byte of the previous ciphertext block as many times as needed until the padding length is valid. Once that happens, you know you successfully guessed the padding length and cracked the last byte. You can also continue to decrypt more bytes using similar methods. 

5. What next? 

To stop padding oracle attacks, the server can provide more validation around the padding and also ensure that error messages don’t specify whether a failed session is caused by bad padding or a bad MAC.  Unfortunately, SSLv3 implementations don’t do this, which is why users should disable SSLv3. Whilst TLS does, on certain TLS implementations (e.g. TLSv1.0- TLSv1.1), a padding oracle may still be possible if there is significant time difference between sessions failing due to bad padding vs bad MAC. This can occur in certain server setups (e.g. when load balancing is used)

Want more information?

History of Biometrics


Looking into the history of biometrics we can see that the concept of biometrics is not a recent phenomenon. Automated biometric system however have only become available recently and more reliably due to an increase in computer processing power.

In fact the first systematic use of biometrics for personal identification was documented in the mid 19th century. During this time a handprint was recorded on the back of a contract for each worker to differentiate between employees and those who claimed to be employees on payday. It wasn’t until the beginning of the 20th century that the most well known use of biometrics came into effect, the identification of criminals.

Fingerprints_taken_by_William_James_Herschel_1859-1860 Fingerprints taken by William James Herschel 1859-1860.

In 1936, an ophthalmologist by the name of Frank Burch proposed the concept of using iris patterns as a method to recognise a particular individual, introducing the start of facial recognition. Greater developments to…

View original post 192 more words

%d bloggers like this: