Millions of high-security crypto keys crippled by newly discovered flaw

Millions of high-security crypto keys crippled by newly discovered flaw
Factorization weakness lets attackers impersonate key holders and decrypt their data.
By Dan Goodin
Oct 16 2017

A crippling flaw in a widely used code library has fatally undermined the security of millions of encryption keys used in some of the highest-stakes settings, including national identity cards, software- and application-signing, and trusted platform modules protecting government and corporate computers.

The weakness allows attackers to calculate the private portion of any vulnerable key using nothing more than the corresponding public portion. Hackers can then use the private key to impersonate key owners, decrypt sensitive data, sneak malicious code into digitally signed software, and bypass protections that prevent accessing or tampering with stolen PCs. The five-year-old flaw is also troubling because it’s located in code that complies with two internationally recognized security certification standards that are binding on many governments, contractors, and companies around the world. The code library was developed by German chipmaker Infineon and has been generating weak keys since 2012 at the latest.

The flaw is the one Estonia’s government obliquely referred to last month when it warned that 750,000 digital IDs issued since 2014 were vulnerable to attack. Estonian officials said they were closing the ID card public key database to prevent abuse. On Monday, officials posted this update. Last week, Microsoft, Google, and Infineon all warned how the weakness can impair the protections built into TPM products that ironically enough are designed to give an additional measure of security to high-targeted individuals and organizations.

Completely broken

“In public key cryptography, a fundamental property is that public keys really are public—you can give them to anyone without any impact in security,” Graham Steel, CEO of encryption consultancy Cryptosense, told Ars. “In this work, that property is completely broken.” He continued:

It means that if you have a document digitally signed with someone’s private key, you can’t prove it was really them who signed it. Or if you sent sensitive data encrypted under someone’s public key, you can’t be sure that only they can read it. You could now go to court and deny that it was you that signed something—there would be no way to prove it, because theoretically, anyone could have worked out your private key.

Both Steel and Petr Svenda, one of the researchers who discovered the faulty library, also warned the flaw has, or at least had, the potential to create problems for elections in countries where vulnerable cards are used. While actual voter fraud would be difficult to carry out, particularly on a scale needed to sway elections, “just the possibility (although impractical) is troubling as it is support for various fake news or conspiracy theories,” Svenda, who is a professor at Masaryk University in the Czech Republic, told Ars. Invoking the prolific leakers of classified National Security Agency material, Steel added: “Imagine a Shadowbrokers-like organization posts just a couple of private keys on the Internet and claims to have used the technique to break many more.”



Neutron stars collide, solve major astronomical mysteries

Neutron stars collide, solve major astronomical mysteries
Produces light and gravitational waves, confirms collisions produce fast gamma ray bursts, heavy elements.
Oct 16 2017

We’ve been extremely lucky. The LIGO and VIRGO detectors only operated simultaneously for a few weeks, but they were a remarkably busy few weeks. Today, those behind the joint collaboration announced that they’ve observed the merger of two neutron stars. And, because neutron stars don’t swallow everything they encounter, the gravitational waves were accompanied by photons, including an extended afterglow. So dozens of telescopes, and many in space, had representatives involved in the announcement.

The number of major astrophysical issues cleared up by this collision is impressive. The collision was simultaneously detected with the Fermi space telescope, confirming that neutron star mergers produce a phenomenon known as a short gamma-ray burst. The gravitational waves were detected nearly simultaneously with the gamma ray burst, confirming that they move at the speed of light. And heavy elements like gold were detected in the debris, indicating that these mergers are a source of elements that would otherwise be difficult to produce in a supernova.

Finally, the gravitational waves from this event were detected over a period of roughly 100 seconds, which should allow a detailed analysis of their production.

Meet the neutrons

Neutron stars are the product of supernovae where the star doing the exploding doesn’t have sufficient mass to form a black hole. The object that forms instead crushes one or two solar masses down to an object with a diameter of about 20km. At these densities, individual atoms are crushed out of existence, and the entire star becomes a single chunk of neutrons—and possibly other exotic particles (quark matter stars have been proposed but not yet confirmed to exist). In cases where two massive stars both go supernova, it’s possible to form binary systems where two neutron stars orbit each other.

We’ve known about binary neutron star systems for years, including some that were inspiralling toward a collision. Theoreticians have been busy proposing what they would look like and how they would behave once the merger took place, but the simultaneous detection of the event in gravitational and electromagnetic waves has been essential to confirm a number of the theoreticians’ ideas.

For that to happen, we needed to get lucky in two ways. Since neutron stars are substantially less massive than black holes, the events are weaker, and we’d only detect them if they were closer. In this case, the merger took place 130 million light years from Earth, something astronomers are calling a “relatively close distance.” (For context, that “relatively close distance” means the event took place shortly after the ancestors of marsupials and placental mammals went their separate ways.)

We also needed LIGO and VIRGO in operation simultaneously. As shown by a diagram in the gallery above, having a third detector has radically shrunk the area of sky that contains a gravitational wave source. Thus, we have a high degree of certainty that the gamma ray burst was produced by the same source as the gravitational waves.

The two neutron stars that merged here have a relatively low mass: they were estimated at about 1.1 to 1.6 times the mass of the Sun, compared to black holes that have been greater than 20 solar masses. This means that the neutron stars spent more time orbiting at a close distance before merging. This allowed the detection of gravitational waves for nearly 100 seconds; black hole mergers have produced detectable waves for only a fraction of a second. This should provide a nice test of our understanding of gravitational wave production.

Let there be light

LIGO-VIRGO’s analysis software is programmed to do a quick-and-dirty analysis of data for possible sources and send out an alert to telescopes to allow them to perform observations of the area of sky where an event may be taking place. In this case, however, the telescopes also got an alert from NASA’s Fermi Space Telescope, which specializes in catching high-energy events. Fermi has a gamma-ray burst monitor, and it picked up an event about two seconds after the gravitational wave signal arrived. This increased the precision with which we could map the source of the event, and telescopes of every sort sprung into action. More than 70 have provided observations that went into today’s announcement.


WPA2: Broken with KRACK. What now?

[Note:  This item comes from friend Gary Rimar.  DLH]

WPA2: Broken with KRACK. What now?
By Alex Hudson
Oct 15 2017

On social media right now, strong rumours are spreading that the WPA2 encryption scheme has been broken in a fundamental way. What this means: the security built into WiFi is likely ineffective, and we should not assume it provides any security.

The current name I’m seeing for this is “KRACK”: Key Reinstallation AttaCK. If this is true, it means third parties will be able to eavesdrop on your network traffic: what should be a private conversation could be listened in to.

This has happened before with WiFi: who remembers WEP passwords? However, what is different this time around: there is no obvious, easy, replacement ready and waiting. This is suddenly a very big deal.

In truth, WPA2 has been suspect for some time now. A number of attacks against WPA2-PSK have been shown to be successful to a limited degree, WPA2-Enterprise has shown itself to be slightly more resilient.

This is a story that is unfolding as I write. Please be aware:
• I’m not one of the researchers here: credit for this goes to Mathy Vanhoef and Frank Piessens at KU Leuven, who have a great track record of discovering problems here. I want to be clear about this as I’ve be quoted incorrectly in a couple of places!
• is now up!
• Attacks against Android Phones are very easy! Oh dear 🙁 Best to turn off wifi on these devices until fixes are applied.
• Windows and Mac OS users are much safer. Updates for other OSes will come quite quickly, the big problem is embedded devices for whom updates are slow / never coming
• For the very technical, the CVE list is at the bottom of this post.
• The main attack is against clients, not access points. So, updating your router may or may not be necessary: updating your client devices absolutely is! Keep your laptops patched, and particularly get your Android phone updated
• I haven’t made any corrections to the advice below yet, but will call out any changes. If you have some great advice to share, please let me know!
Information here is good as of 2017-10-16 13:00 UTC, but based on public information – I don’t know anything private, sorry. There will be better sources of information later today which I will endeavour to link to.

So, this is going to be a horrible Monday morning for IT admins across the world. The practical question is: what now?

Keep Calm

Remember, there is a limited amount of physical security already on offer by WiFi: an attack needs to be in proximity. So, you’re not suddenly vulnerable to everyone on the internet. It’s very weak protection, but this is important when reviewing your threat level.

Additionally, it’s likely that you don’t have too many protocols relying on WPA2 security. Every time you access an https site – like this one – your browser is negotiating a separate layer of encryption. Accessing secure websites over WiFi is still totally safe. Hopefully – but there is no guarantee – you don’t have much information going over your network that requires the encryption WPA2 provides.

So, we’re alright?

In a word, No. There are plenty of nasty attacks people will be able to do this. They may be able to disrupt existing communications. They may be able to pretend to be other nodes on the network. This could be really bad – again, they won’t be able to pretend to be a secure site like your bank on the wifi, but they can definitely pretend to be non-secure resources. Almost certainly there are other problems that will come up, especially privacy issues with cheaper internet-enabled devices that have poor security.

You can think of this a little bit like your firewall being defeated. WiFi encryption mainly functions to keep other devices from talking on your network (the security otherwise has been a bit suspect for a while). If that no longer works, it makes the devices on your network a lot more vulnerable – attackers in proximity will now be able to talk to them.


Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping

Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping
KRACK attack allows other nasties, including connection hijacking and malicious injection
By Dan Goodin
Oct 16 2017

An air of unease set into the security circles on Sunday as they prepared for the disclosure of high-severity vulnerabilities in the Wi-Fi Protected Access II protocolthat make it possible for attackers to eavesdrop Wi-Fi traffic passing between computers and access points.

The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks. The research has been a closely guarded secret for weeks ahead of a coordinated disclosure that’s scheduled for 8am Monday, East Coast time. An advisory the US CERT recently distributed to about 100 organizations described the research this way:

US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017.

According to a researcher who has been briefed on the vulnerability, it works by exploiting a four-way handshake that’s used to establish a key for encrypting traffic. During the third step, the key can be resent multiple times. When it’s resent in certain ways, a cryptographic nonce can be reused in a way that completely undermines the encryption.

A Github page belonging to one of the researchers and a separate placeholder website for the vulnerability used the following tags:

• WPA2
• key reinstallation
• security protocols
• network security, attacks
• nonce reuse
• handshake
• packet number
• initialization vector

Researchers briefed on the vulnerabilities said they are indexed as: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088. One researcher told Ars that Aruba and Ubiquiti, which sell wireless access points to large corporations and government organizations, already have updates available to patch or mitigate the vulnerabilities.

The vulnerabilities are scheduled to be formally presented in a talk titled Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 scheduled for November 1 at the ACM Conference on Computer and Communications Security in Dallas. It’s believed that Monday’s disclosure will be made through the site The researchers presenting the talk are Mathy Vanhoef and Frank Piessens of KU Leuven and imec-DistriNet, Maliheh Shirvanian and Nitesh Saxena of the University of Alabama at Birmingham, Yong Li of Huawei Technologies in Düsseldorf, Germany, and Sven Schäge of Ruhr-Universität Bochum in Germany. The researchers presented this related research in August at the Black Hat Security Conference in Las Vegas.


Scientists Are Developing A Technique To Control The Weather With Laser-Beams

[Note:  This item comes from friend Steve Schear.  DLH]

Scientists Are Developing A Technique To Control The Weather With Laser-Beams
By Tyler Durden
Sep 29 2017

In a breakthrough that could permanently ameliorate the threat of thinning water supplies in California and much of the western US, a team of scientists says it will soon be able to induce rainfall and lightning storms by firing high-energy laser beams into the heavens.

Express reports that the breakthrough involves manipulating the static electricity present in clouds – which, after all, are just balls of condensation, triggering rainfall, according to experts at the University of Central Florida and the University of Arizona.

A six year drought in California was finally declared over this year but the threat for the south-western state as well as other locations in the world remains the same.

But scientists may now be able to induce rain and lightning storms using high energy lasers in a breakthrough that could potentially eradicate droughts throughout the globe.

The possibility of condensation, lightning and storms are ever present in the clouds and are containED through high amounts of static electricity.

Experts from the University of Central Florida and the University of Arizona believe that by firing a series of laser beams, they can activate the static electricity and induce rain and storms.

Here’s how it would work: One beam would be fired into the clouds to stimulate rainfall. Then, a second beam would surround the first beam to help sustain it for longer.

“When a laser beam becomes intense enough, it behaves differently than usual – it collapses inward on itself,” said Matthew Mills, a graduate student in the Center for Research and Education in Optics and Lasers (CREOL).

“The collapse becomes so intense that electrons in the air’s oxygen and nitrogen are ripped off creating plasma – basically a soup of electrons.”

This struggle is known as “filamentation” and creates a “light string” that only lasts for a short time before it disperses – hence the need for the second beam.

However, “because a filament creates excited electrons in its wake as it moves, it artificially seeds the conditions necessary for rain and lightning to occur.”

And, as it turns out, “if you wrap a large, low intensity, doughnut-like ‘dress’ beam around the filament and slowly move it inward, you can provide this arbitrary extension.


20 of America’s top political scientists gathered to discuss our democracy. They’re scared.

[Note:  This item comes from friend Mike Cheponis.  DLH]

20 of America’s top political scientists gathered to discuss our democracy. They’re scared.
“If current trends continue for another 20 or 30 years, democracy will be toast.”
By Sean Illing
Oct 13 2017

Is American democracy in decline? Should we be worried?

On October 6, some of America’s top political scientists gathered at Yale University to answer these questions. And nearly everyone agreed: American democracy is eroding on multiple fronts — socially, culturally, and economically. 

The scholars pointed to breakdowns in social cohesion (meaning citizens are more fragmented than ever), the rise of tribalism, the erosion of democratic norms such as a commitment to rule of law, and a loss of faith in the electoral and economic systems as clear signs of democratic erosion. 

No one believed the end is nigh, or that it’s too late to solve America’s many problems. Scholars said that America’s institutions are where democracy has proven most resilient. So far at least, our system of checks and balances is working — the courts are checking the executive branch, the press remains free and vibrant, and Congress is (mostly) fulfilling its role as an equal branch. 

But there was a sense that the alarm bells are ringing.

Yascha Mounk, a lecturer in government at Harvard University, summed it up well: “If current trends continue for another 20 or 30 years, democracy will be toast.”

“Democracies don’t fall apart — they’re taken apart” 

Nancy Bermeo, a politics professor at Princeton and Harvard, began her talk with a jarring reminder: Democracies don’t merely collapse, as that “implies a process devoid of will.” Democracies die because of deliberate decisions made by human beings. 

Usually, it’s because the people in power take democratic institutions for granted. They become disconnected from the citizenry. They develop interests separate and apart from the voters. They push policies that benefit themselves and harm the broader population. Do that long enough, Bermeo says, and you’ll cultivate an angry, divided society that pulls apart at the seams. 

So how might this look in America?

Adam Przeworski, a democratic theorist at New York University, suggested that democratic erosion in America begins with a breakdown in what he calls the “class compromise.” His point is that democracies thrive so long as people believe they can improve their lot in life. This basic belief has been “an essential ingredient of Western civilization during the past 200 years,” he said. 

But fewer and fewer Americans believe this is true. Due to wage stagnation, growing inequalities, automation, and a shrinking labor market, millions of Americans are deeply pessimistic about the future: 64 percent of people in Europe believe their children will be worse off than they were; the number is 60 percent in America.

That pessimism is grounded in economic reality. In 1970, 90 percent of 30-year-olds in America were better off than their parents at the same age. In 2010, only 50 percent were. Numbers like this cause people to lose faith in the system. What you get is a spike in extremism and a retreat from the political center. That leads to declines in voter turnout and, consequently, more opportunities for fringe parties and candidates. 

Political polarization is an obvious problem, but researchers like Przeworski suggest something more profound is going on. Political theorists like to talk about the “social compact,” which is basically an implicit agreement among members of society to participate in a system that benefits everyone. 

Well, that only works if the system actually delivers on its promises. If it fails to do so, if it leads enough people to conclude that the alternative is less scary than the status quo, the system will implode from within. 

Is that happening here? Neither Przeworski nor anyone else went quite that far. But we know there’s a growing disconnect between productivity (how hard people work) and compensation (how much they’re paid for that work). At the same time, we’ve seen a spike in racial animus, particularly on the right. It seems likely there’s a connection here.

Przeworski believes that American democracy isn’t collapsing so much as deteriorating. “Our divisions are not merely political but have deep roots in society,” he argues. The system has become too rigged and too unfair, and most people have no real faith in it. 

Where does that leave us? Nowhere good, Przeworski says. The best he could say is that “our current crisis will continue for the foreseeable future.”