A group of cryptographers has developed a new attack that has broken Kasumi, the encryption algorithm used to secure traffic on 3G GSM wireless networks. The technique enables them to recover a full key by using a tactic known as a related-hey attack, but experts say it is not the end of the world for Kasumi.
Kasumi, also known as A5/3, is the standard cipher used to encrypt communications on 3G GSM networks, and it’s a modified version of an older algorithm called Misty. The paper describing the new attack is not yet public, but the Emergent Chaos blog has a good description of the attack, including an excerpt from the abstract:
In this paper we describe a new type of attack called a sandwich attack, and use it to construct a simple distinguisher for 7 of the 8 rounds of KASUMI with an amazingly high probability of 2?14. By using this distinguisher and analyzing the single remaining round, we can derive the complete 128 bit key of the full KASUMI by using only 4 related keys, 226 data, 230 bytes of memory, and 232 time. These complexities are so small that we have actually simulated the attack in less than two hours on a single PC, and experimentally verified its correctness and complexity. Interestingly, neither our technique nor any other published attack can break MISTY in less than the 2128 complexity of exhaustive search, which indicates that the changes made by the GSM Association in moving from MISTY to KASUMI resulted in a much weaker cryptosystem.
As Emergent Chaos points out, this is not necessarily a sky-is-falling moment, but it’s not good news either. The group of researchers who developed the new attack includes Orr Dunkelman, Nathan Keller and Adi Shamir, one of the creators of the RSA algorithm.
The news of the Kasumi crack comes just a couple of weeks after researchers published a method for attacking the older A5/1 GSM algorithm.
Source: ThreatPost
Filed under Encryption
Tagged as Encryption, RSA
Yet another domino in the RSA encryption scheme has fallen with the announcement Thursday that cryptographers have broken 768-bit keys using the widely used public-key algorithm.
An international team of mathematicians, computer scientists and cryptographers broke the key though NFS, or number field sieve, which allowed them to deduce two prime numbers that when multiplied together generated a number with 768 bits. The discovery, which took about two-and-a-half years and hundreds of general-purpose computers, means 768-bit RSA keys can no longer be counted on to encrypt or authenticate sensitive communications.
More importantly, it means it’s only a matter of another decade or so – sooner assuming there’s some sort of breakthrough in NFS or some other form of mathematical factoring – until the next largest RSA key size, at 1024 bits, is similarly cracked. The accomplishment was reached on December 12.
“It’s an important milestone,” said Benjamin Jun, vice president of technology at security consultancy Cryptography Research. “There’s indisputable evidence here that 768-bit key are not enough. It’s a pretty interesting way to close out a decade.”
The team managed to factor the 232-digit number that RSA held out as a representative 768-bit modulus from a now-obsolete challenge. They spent half a year using 80 processors on polynomial selection. Sieving took almost two years and was done on “many hundreds of machines”. Using a single-core 2.2GHz AMD Opteron with 2GB RAM, sieving would have taken about 1,500 years, they estimated.
Source: The Register
German researchers have devised five methods that determined attackers can use to bypass hard-drive encryption in recent versions of Microsoft operating systems.
The methods, laid out by a research team from the Frauenhofer Institute for Security Information Technology, can be used to access files protected by BitLocker drive encryption contained in Windows Server 2008 and pricier versions of Windows Vista and Windows 7. BitLocker prevents files or entire volumes from being accessed without a user password being entered first.
The researchers stress that the strategies are useful only for targeted attacks, such as those used in industrial espionage, where an attacker is willing to devote considerable effort to breaching a single individual’s security.
They aren’t of much use in opportunistic attacks, such as those when an attacker happens upon a lost laptop. Still, they said their findings are useful because they demonstrate the limits of the protection.
Source: The Register
Filed under Encryption, Hacks
Tagged as exploit, VPN
Virtual private networking software from Cisco Systems, Juniper, and other manufacturers can make users susceptible to a variety of web-based attacks, the US Computer Emergency Readiness Team warned on Monday.
So-called clientless SSL VPN products, which provide browser-based access to intranets, email and other internal resources, expose users to attacks that allow eavesdroppers to view passwords and keystrokes. Of the 90 companies known to market products that use the technology, Cisco, Juniper, SafeNet and Sonic Wall are known to be affected, while it’s unclear if an additional 77 are vulnerable.
The weakness can be exploited only in attacks that are narrowly targeted at a particular website or domain, so there’s not much chance of attack code going public that automates the process. But given the wealth of proprietary information hiding behind the typical VPN, it can nonetheless be used by determined attackers to bypass a website’s authentication.
Full article at: The Register
Filed under Encryption
Tagged as Encryption, PS3
From Slashdot:
It seems that the US Immigration and Customs Enforcement Cyber Crimes Center, known as C3, has replaced its ‘$8,000 Tableau/Dell server combination’ with more efficient and much cheaper $300 PS3s. Each PS3 is capable of 4 million passwords per second, and C3 currently has 20 PS3s with plans to buy 40 more. Naturally this is only being used to break encryption on computers seized with a warrant and suspected of harboring child pornography.
Thierry Zoller has written a nice summary of the TLS & SSLv3 renegotiation vulnerability. He covers examples, impacts, solutions, and a conclusion. It can be found here: http://www.g-sec.lu/practicaltls.pdf. The ISC previously discussed the vulnerability here: http://isc.sans.org/diary.html?storyid=7534 and the OpenSSL update here: http://isc.sans.org/diary.html?storyid=7543.
Source: SANS ISC
