Secure Crypto: Leaving Insecurity Behind

There are a number of TLS protocols vulnerabilities that have been discovered in recent years. Of those there are three that can and should be prevented by design: Renegotiation Attack, Triple Handshake Attack and CRIME. The Renegotiation and Triple Handshake Attacks both rely on failures in the design of the renegotiation feature. The original Renegotiation…

Secure Crypto: Survival of the Strong

Not all TLS cipher suites are made equal. Some cipher suites use weaker algorithms and others don’t provide independent handshake security. The cipher suites to avoid include those using: SHA-1 as the digest algorithm and/or RSA for key exchange and authentication. A digest algorithm is used in the handshake in three places: ensuring the integrity…

Secure Crypto: Weak Ciphers Be Gone!

There are a number of cryptographic algorithms that, for one reason or another, should no longer be used. Current TLS specifications and implementations still allow the use of these ‘weak’ algorithms and businesses are still using them. In TLS, the cryptographic algorithms used in a connection are bundled together to form cipher suites. Each cipher…

Secure Crypto: 2014 – Security Fails, Vulnerabilities and Enhanced Security

2014 will be remembered as the year the SSL/TLS protocols and implementations were heavily scrutinized and found wanting. In response, new standards are in development that will enhance security as well as performance. Security Fails and Vulnerabilities The year of security fails had Apple operating systems not verifying handshake data (“Goto Fail”), OpenSSL leaking private…

Secure Crypto: TLS 1.3 – Authentication and Encryption

The TLS Working Group in the IETF is working on specifying a new version of the TLS protocol: TLS 1.3. One improvement being included is targeted at preventing CBC padding attacks like: the padding oracle, BEAST and Lucky Thirteen. TLS 1.0 was found to be vulnerable to a padding oracle attack. An attacker sends packets…

Secure Crypto: TLS 1.3 – A New Beginning

The Transport Layer Security (TLS) Working Group of the IETF has taken on the task of specifying a new version of the TLS protocol. There have been a number of attacks against TLS reported in the last few years: Renegotiation Attack, BEAST, CRIME, BREACH, RC4 Attack, Lucky Thirteen, Truncation Attack, and Triple Handshake Attack. TLS…

Secure Architecture: Securely Storing Data on SD Cards

If you are writing an app for Android, it makes sense to store large amounts of user data on the SD card. While the data might not be highly sensitive, like credit card numbers, the user likely needs it protected. Remember, the SD card is normally readable by any app. Each file that is stored…

Secure Architecture: End-to-End Encryption

There has been a lot of talk lately about protecting data from interception through the use of end-to-end encryption. Writing applications for this architecture is difficult but here are a few tips. Requiring end-to-end encryption presupposes that the data is passing through one or more machines before reaching the destination. End-to-end encryption therefore requires that…

Secure Server: TLS v1.1 and v1.2 Support

The recent “BEAST” and “Lucky Thirteen” attacks have made clear that it is time to use the newer versions of TLS: v1.1 and v1.2. TLS v1.2 also adds the new, safer GCM cipher suites and changes the MD5/SHA-1 handshake hash for a simple SHA-2 hash. The following table shows a list of common browsers and…

Secure Crypto: “Lucky Thirteen” Attack

By Sean Parkinson, Consultant Software Engineer Once again an attack against TLS has been published and again the attack targets cipher suites that use Cipher Block Chaining (CBC) mode encryption. This Man-in-the-Middle attack is easier to perpetrate than the previous Man-in-the-Browser attacks like “BEAST” and “CRIME,” but results in many failed TLS connections and requires…