Subscribe
Blog / Podcast Readers
NEWSGATOR YAHOO
BLOGLINES ITUNES
DEL.ICIO.US DIRECT RSS

Dan Kaminsky's New PKI Hack Discovery - The EMC/RSA viewpoint

by Reeny Sondhi on 7/30/2009
Topics: Authentication | Encryption | Software Security | Standards

At the BlackHat Conference on July 29, Dan Kaminsky from IOActive talked about new collision attacks against the global X.509 CA infrastructure. Here’s a brief vendor view about this issue with some background about the effort that went in over the last few weeks by the various vendors affected by the issue from the time Dan identified it, and the steps EMC/ RSA is taking to remediate the impact across its products and protect its customers.

We have known about MD5’s collision attacks and their impact on the real-world Public Key Infrastructure for some time now. With this new disclosure, Dan has shown the possibility of new classes of collision. One of them is the MD2 pre-image attack primarily against the VeriSign primary root certificate. This attack can be exploited to create a new, intermediate certificate with the same MD2 message digest as the root, and then transfer the signature from the valid root to this malicious intermediate. Since currently anything that is signed by an embedded trusted root using MD2 such as a VeriSign root certificate is fully trusted, new malicious intermediate certificates with valid root signature will also be trusted by browsers and crypto-toolkits.

Fortunately for the industry, the attacks on MD2 are beyond the storage capabilities practically accessible today, but because computing resources only get better over time, the industry must transition away from the use of older hash functions.
Another concern raised by Dan is the inconsistent interpretation and insufficient input validation of the X.509 Subject Names in a PKCS#10 certificate request which may allow a CA to issue certificates for an unauthorized subject or containing a subject name that includes special characters such as nulls, carriage returns, and asterisks. Use of these certificates within a browser can result in that browser being fooled to connect to a bogus server or the use of the special characters can be used to programmatically control the browser. This means that consistent interpretation and proper input validation of subject names must be done by the technology providers.

The problems identified by Dan impact multiple technology areas including browsers, cryptographic APIs, and certification authorities and impacts multiple vendors and users of these technologies.

In a previous blog post, I talked about the importance of collaboration between security researchers and software vendors in effectively dealing with vulnerabilities that impact protocols and technologies that impact not just one product, but multiple products that use these underlying technologies. In the past few months Dan has collaborated with us and the vendor community to help us evaluate the impact of his findings underscoring the point I was making by way of my earlier blog post.

Although the issues identified by Dan are important and need to be taken seriously, due to their current nature did not require a synchronized release by the vendor community. But, to that end, this prepared RSA and EMC to effectively do an impact check across our products and work on remedies that will be released to our customers in the coming few weeks. This is also an example of the ongoing effort vendors like us are taking to handle older protocols. This also serves as a reminder for software vendors and developers on the need to have an up-to-date secure development standard for their organizations and review and update them regularly in light of the latest exploits and attacks. For more information on EMC/ RSA secure development standards, refer to the blog post by Eric Baize.

Comments

No comments for this blog entry

Post A Comment

Your Name
Your Email Publish email?: Yes No
Your Blog
Subject
Comment
Verification Word
© 2010 RSA Security. All rights reserved | Privacy | Legal | Site Map

RSA, The Security Division of EMC, provides Secure Data, Compliance, SIM, SEM, SIEM, PCI, Consumer Identity, Two-Factor Authentication, Custom Applications, Consulting, Assessment, and other security solutions and services to over 90% of the Fortune 500.
 
Access Control |  Authentication and Identity Assurance |  Credential Management |  Data Loss Prevention |  Data Encryption and Key Management |  Fraud Prevention |  Security Information and Event Management |  Log Management |  IT Compliance |  ISO 27002 Compliance |  Information Risk Management for Financial Services |  Payment Card Industry Data Security Standard | 
 
RSA Access Manager
RSA BSAFE
RSA eFraudNetwork
 RSA Data Loss Prevention
RSA Consumer Solutions
RSA FraudAction
 RSA Digital Certificate Solutions
RSA Encryption/Key Management
RSA Enterprise Data Security
 RSA enVision
RSA SecurID
RSA Smart Cards

 RSA Federated Identity Manager
RSA Adaptive Authentication