BEAST on Loose; Google gets Ready

Friday, September 23, 2011 @ 02:09 PM gHale

Google has an update for its Chrome browser that protects users against an attack that can crack encrypted data sent between browsers and websites protected by the secure sockets layer (SSL) protocol.

The fix, which has already been added to the latest developer version of Chrome, thwarts attacks from BEAST, proof-of-concept code its creators said exploits a serious weakness in the SSL protocol that millions of websites use to encrypt sensitive data.

SCADA Alert: Fixes in Works
Mitsubishi Heavy Hack: Nuclear Info
Attention Botnet Shoppers
Trojans, Mules, Mean Big Payoff

Researchers Juliano Rizzo and Thai Duong have been working with browser makers on a fix since May, and Chrome developers started proposing changes as early as late June.

While security experts do not know how severe the BEAST really is, Google wants to be ready just in case. The BEAST’s goal is to quickly and secretly crack the encryption protecting online bank passwords, social security numbers and other sensitive data.

Rizzo and Duong released limited details of their attack ahead of a presentation scheduled at the Ekoparty security conference in Buenos Aires.

BEAST performs a chosen plaintext-recovery attack against AES encryption in earlier versions of SSL and its successor TLS, or transport layer security. The technique exploits an encryption mode known as cipher block chaining, in which data from a previously encrypted block of data helps encode the next block.

Attackers can manipulate the process to make educated guesses about the contents of the plaintext blocks. If the attacker’s guess is correct, the block cipher will receive the same input for a new block as for an old block, producing an identical ciphertext.

The change introduced into Chrome would counteract these attacks by splitting a message into fragments to reduce the attacker’s control over the plaintext about to undergo encryption. By adding unexpected randomness to the process, the new behavior in Chrome should throw BEAST off the scent of the decryption process by feeding it confusing information.

The approach is similar to one introduced in 2002 by developers of the OpenSSL package websites use to implement SSL. That change added empty plaintext fragments to the cipher block chain before sending the actual payload. The technique was effective in preventing the cracking of SSL-protected data sent from the server to browsers, but not the other way around. It was never widely adopted because many Microsoft products weren’t compatible with it.

Like the unadopted change in OpenSSL, the Chrome fix protects SSL encryption against plaintext-recovery attacks while remaining compatible with TLS version 1.

Leave a Reply

You must be logged in to post a comment.