Now that it is known .. a critical flaw in the Diffie-Hellman key-exchange protocol was exploited by the NSA to break the internet encryption, the, how to stop it?
Recently a group of researchers has revealed how the NSA has cracked HTTPS, SSH, and VPNs rely on the Diffie-Hellman encryption by exploiting a wrong implementation of the cryptographic algorithm.
The critical flaw in the Diffie-Hellman key-exchange protocol was exploited by the NSA to break and eavesdrop on trillions of encrypted connections.
Which is the response of the organization operating in Internet to secure the global network?
Experts at the Internet Engineering Task Force (IETF) are questioning colleagues in the security industry on how to improve the security in the Internet starting from the Diffie-Hellman Case Study.
A blog post published by Jari Arkko and Paul Wouters from IETF provides suggestions how to improve the internet's security.
The experts explained in the post that software and hardware implementation of Diffie-Hellman's protocol in the real world scenarios are often flawed allowing attackers to break the encryption.
The NSA hasn't broken the Diffie-Hellman, instead they target the start of the process. For each actor involved in the communication is generated a couple of keys, the public key is shared with the interlocutor, meanwhile the private key is kept secret. The algorithm generates a common public key, a large prime number which is agreed upon at the start of the process.
Unfortunately, due to a wrong implementation of the algorithm, only a few prime numbers are commonly used.
The experts noticed that one single prime is used to encrypt two-thirds of all VPNs and a quarter of all the SSH servers. A second prime is used to encrypt "nearly 20% of the top million HTTPS websites".
A persistent attacker like the NSA needs to calculate common prime numbers used in Diffie-Hellman exchanges in order to break the Internet encryption. This is possible by investing a few hundred million dollars in super computers to perform the complex calculation.
How to solve the problem? Is it possible to protect Internet encryption on the Internet?
According to the experts at IETF there are two different approaches to improve the Internet Security:
- Stop using 1024-bit keys forcing the use of longer prime numbers. Use 2048-bit keys as recommended in the IETF's RFC 4307 document (2005).
- Use the latest revisions of protocols that rely on longer prime numbers.
The IETF plans to stop providing support for 1024-bit Diffie-Hellman keys by updating RFC 4307.
"The IETF community has done considerable work to strengthen trust in the Internet, in line with its mission of 'making the Internet work better.' But, a lot of work also remains – in deploying the better versions, in building defenses to new attacks, and in understanding the issues and possible improvements. This is a continuous process."
Prime numbers are public and it is computationally expensive to generate new ones, for this reason, many encryption systems reuse them to improve performance. Some embedded hardware are not able to manage 4096-bit keys, the larger keys will require greater computational effort and dramatically increase the battery consumption.
If you are interested in the topic you can refer the RFC 7525 which provides the best current practice for improving the security.