EDGE 2015 is starting in

Find out more EDGE 2015
Menu
Flame crypto attack was very hard to pull off, security researcher says

Flame crypto attack was very hard to pull off, security researcher says

The MD5 collision attack carried out by Flame's authors took more attempts to pull off than the RapidSSL one in 2008

The MD5 collision attack used by the creators of the Flame malware was significantly more difficult to pull off than an earlier attack that resulted in the creation of a rogue CA certificate, according to security researcher Alexander Sotirov.

In December 2008, at the Chaos Communication Congress (CCC) in Berlin, an international team of security researchers that included Sotirov presented a practical MD5 collision attack that allowed them to obtain a rogue CA certificate signed by VeriSign-owned RapidSSL.

The attack was significant because it showed for the first time that at least one of the known theoretical MD5 collision techniques could be used in practice to defeat the security of the HTTPS (HTTP Secure) protocol. To pull off the attack, the researchers used computing power generated by a cluster of 200 PlayStation 3s.

The creators of the Flame cyber-espionage malware used a similar attack to obtain a rogue digital certificate that allowed them to sign code as Microsoft. The certificate was used to distribute Flame to targeted computers as an official Windows update.

Last week, cryptanalysts announced that the MD5 collision attack used by Flame's creators was not identical to the RapidSSL one, which has been fully documented since 2009. Rather, the Flame attack uses a different method that might have been developed in parallel.

While this is an impressive achievement in itself, it turns out that the Flame attack was also significantly more difficult to pull off than the RapidSSL one.

The RapidSSL attackers had a one-second window to obtain a legitimate certificate with a serial number they predicted in advance and whose signature could be copied over to their rogue certificate. It took several attempts to time this right, and after each failed attempt they had to generate a new rogue certificate, which took several hours.

The Flame attackers had only a one-millisecond window to obtain the right certificate signed by Microsoft, said Sotirov, co-founder and chief scientist at security firm Trail of Bits, in a presentation at the SummerCon conference on Saturday. That means they probably needed a far greater number of attempts to succeed.

The RapidSSL attack would have cost around US$20,000 if it had been performed on Amazon's EC2 cloud. The Flame attack would have cost between 10 and 100 times more, Sotirov said.

"[Sotirov's] analysis on the time window seems to be correct and is excellent research," said Marc Stevens, a scientific staff member in the cryptology group at the Dutch national research center for mathematics and computer science (CWI), via email.

"This would significantly increase the overall cost and I agree with that assessment," said Stevens, another member of the team that performed the RapidSSL attack in 2008.

However, Stevens didn't agree with Sotirov's estimate for the theoretical cost of using Amazon's cloud for the attack. That's because there's currently not enough information about the MD5 collision method used in the Flame attack.

Sotirov assumes the attack had a similar cost-per-attempt as the RapidSSL one, Stevens said. However, the Flame attackers might have used a method that was faster, or one that was slower.

He expects they used a slower method, but that's still being researched and the findings won't be released until later.

The Flame attackers might also have had free access to powerful computer hardware, which would have significantly reduced the time required to perform the attack.

"More powerful hardware reduces the wall clock time," Stevens said. "The collision attack is highly parallelizable and a big cluster can be used very efficiently."

EDGE 2015:: For all the latest on EDGE 2015 including the keynote speakers visit the EDGE mini-site now

Follow Us

Join the ARN newsletter!

Error: Please check your email address.

Upcoming

Slideshows

In Pictures: 7 things we hate about Twitter

In Pictures: 7 things we hate about Twitter

You probably either love Twitter for its quirkiness and brevity or see it as a pointless waste of time. After nearly a decade on the social scene, Twitter still needs to improve its user experience and fill in notable gaps in the service. These seven problems are long overdue for a fix.

In Pictures: 7 things we hate about Twitter
IN PICTURES: EDGE 2015 - Sponsor Briefing

IN PICTURES: EDGE 2015 - Sponsor Briefing

With EDGE 2015 rapidly approaching, ARN and Reseller News NZ held a Sponsors Briefing where ARN publisher and president, Susan Searle, and Events Manager, Alexandra West, ran through the considerable logistics in detail. Attendees then enjoyed some splendid canapes and drinks. EDGE is designed to bring the A/NZ channel together in a collaborative and educational environment. Themed around channel channel leadership, EDGE will be held at the Sheraton Mirage, Port Douglas, July 20-23. Photos by MIKE GEE.

IN PICTURES: EDGE 2015 - Sponsor Briefing
In Pictures: Robots that cook, clean, sing and dance

In Pictures: Robots that cook, clean, sing and dance

Cooking, learning language and doing the laundry are a few of the human skills demonstrated by.real humanoid bots featured in the National Geographic movie Robots.

In Pictures: Robots that cook, clean, sing and dance

iasset.com is a channel management ecosystem that automates all major aspects of the entire sales, marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.

Show Comments