Communications of the ACM
Chink in Encryption Armor Discovered
"This is a design flaw in OpenSSH," says Kenny Paterson, a professor with the Information Security Group at Royal Holloway, University of London.
Researchers from the Information Security Group (ISG) at Royal Holloway, University of London have discovered an underlying flaw in the OpenSSH encryption protocol. The flaw, which is present in version 4.7 of OpenSSH on Debian/GNU Linux, allows 32 bits of encrypted text to be rendered in plaintext. An attack has a one-in-262,144 chance of success.
ISG lead professor Kenny Paterson says the flaw is more threatening than previous vulnerabilities in OpenSSH. "This is a design flaw in OpenSSH," Paterson says. "The other vulnerabilities have been more about coding errors." He says a man-in-the-middle attacker could sit on a network and catch blocks of encrypted text as they are sent from client to server. By re-transmitting the blocks to the server, the attack can determine the first four bytes of corresponding plaintext by counting how many bytes the attacker sends until the server generates an error message and breaks the connection, and then work backwards to deduce the OpenSSH encryption field before encryption. The attack uses flaws in the Request for Comments Internet standards that define SSH.
The vulnerability was first made public in November 2008 by the UK Centre for Protection of National Infrastructure (CPNI), though the full details of the flaw were not released at that time. The CPNI advisory says the OpenSSH flaw can be mitigated by IT professionals using AES in counter mode to encrypt, instead of cipher-block chaining mode. Paterson says his team has worked with OpenSSH developers to mitigate the flaw, and OpenSSH version 5.2 features countermeasures.
From ZDNet UK
View Full Article
Abstracts Copyright © 2009 Information Inc., Bethesda, Maryland, USA 
No entries found