Logjam Security Vulnerability (CVE-2015-4000)

Following the continuous revealing of security vulnerabilities with the most unimaginable names such as "Shellshock" (CVE-2014-6271 and CVE-2014-7169), "POODLE" (CVE-2014-3566), "POODLE 2.0" (CVE-2014-8730) and "GHOST" (CVE-2015-0235) affecting SSL, TLS and other widely-used security protocols, it was just a matter of time until the curtain rolled revealing the latest security vulnerability this time affecting Diffie-Hellman algorithm for key exchange. The vulnerability is dubbed "Logjam" with reference CVE-2015-4000.

Why "Logjam"?

"The encryption algorithm that is attacked by the vulnerability uses mathematical calculations called discrete logarithms, known as "logs" for short. The attack computes a special log, and uses it to jam bogus messages into your data to crack open your traffic, so it's a Logjam." Source

Diffie-Hellman algorithm was originally published in 1976 and is considered one of the earliest public-key cryptographic mechanisms to exchange cryptographic keys (used to encrypt/decrypt sensitive data) over non-secure channel. DH algorithm has many flavors known as "Groups" where each group specifies the length -and ultimately the strength- of the keys used in the process. Logjam is a cryptographic attack against DH algorithm where an attacker can force-downgrade a "strong" non-DHE_EXPORT TLS connection to a "weak" DHE_EXPORT connection forcing the use of 512-bit DH Group which is breakable using modern day computing.

Vendors around the world have already started analyzing this vulnerability and posting recommendations (if any). Below is a preliminary list to major vendors links:

Cisco's Intrusion Prevention System (IPS) can target this attack starting IPS signature update S870 with the enabling of the following signatures: 6379/0 - 6379/1 - 6379/2 - 6379/3.

With the rapid advancement of Technology and computing power, keeping in mind Moore's law, security professionals are continuously being challenged to stay up-to-date to guard against the latest threats, vulnerabilities and attacks. As an essential security best practice, Cisco published a very useful document entitled "Next Generation Encryption" summarizing the security of cryptographic algorithms and parameters in addition to best practices and recommendations.

Elie Bassil

Next Post »