V. Yakobchuk - Fotolia
DUHK attack puts random number generators at risk
News roundup: Researchers find DUHK attacks can get around encrypted communications. Plus, FBI Director Wray criticizes mobile device encryption, and more.
Researchers have discovered a vulnerability that affects some legacy security devices, including Fortinet's FortiGate devices.
The vulnerability has been dubbed DUHK, which stands for Don't Use Hard-coded Keys, and affects devices that use the ANSI X9.31 Random Number Generator (RNG) and a hardcoded seed key. Researchers Nadia Heninger and Shaanan Cohney from the University of Pennsylvania, along with cryptographer Matthew Green at Johns Hopkins University, studied the Federal Information Processing Standards (FIPS) certified products that use the ANSI X9.31 RNG algorithm and found 12 that are vulnerable to DUHK.
"DUHK allows attackers to recover secret encryption keys from vulnerable implementations and decrypt and read communications passing over VPN connections or encrypted web sessions," the researchers explained in a blog post. "The encrypted data could include sensitive business data, login credentials, credit card data and other confidential content."
Heninger, Cohney and Green were only able to gain access to the firmware of one product -- a Fortinet firewall -- so their detailed research paper mostly focuses on the affected Fortinet devices, specifically the FortiGate VPN gateways.
"Traffic from any VPN using FortiOS 4.3.0 to FortiOS 4.3.18 can be decrypted by a passive network adversary who can observe the encrypted handshake traffic," they explained. "Other key recovery attacks on different protocols may also be possible."
The full list of affected vendors is in the research paper and includes Fortinet, Becrypt, Cisco, DeltaCrypt Technologies, MRV Communications, NeoScale Systems, Neopost Technologies, Renesas Technology America, TechGuard Security, Tendyron Corp., ViaSat and Vocera Communications.
The ANSI X9.31 RNG algorithm lost its FIPS certification in January 2016, so the researchers noted that many vendors have since published software updates to remove it.
Devices have to meet four requirements in order to be vulnerable to DUHK, according to Heninger, Cohney and Green:
- A device must use the X9.31 RNG.
- A seed key is hardcoded into the implementation.
- The output from the RNG is used to generate crypto keys.
- "At least some of the random numbers before or after those used to make the keys are transmitted unencrypted. This is typically the case for SSL/TLS and IPsec."
The researchers recommended anyone who develops cryptographic software should stop using the X9.31 RNG and not use a hardcoded key.
The research team also warned that this vulnerability is the key to an easy and practical attack, though there's no evidence it's being actively exploited by attackers.
"Our attack against [the] FortiGate device can be carried out on a modern computer in about four minutes," they noted.
In other news:
- FBI Director Christopher Wray spoke earlier this week about the FBI's continuous battle with mobile device encryption. Speaking at the International Association of Chiefs of Police conference in Philadelphia, Wray said the FBI was unable to access more than 6,900 mobile devices so far this year. "To put it mildly, this is a huge, huge problem," Wray said. "It impacts investigations across the board -- narcotics, human trafficking, counterterrorism, counterintelligence, gangs, organized crime [and] child exploitation." The FBI has warred with vendors and the security community in recent years over encryption in mobile devices, arguing that law enforcement needs backdoors through encryption to access devices during investigations. Vendors such as Apple and security experts argue that a backdoor cannot exist for law enforcement without it being accessible by malicious actors, as well, and thus putting user privacy at risk. Wray's comment follows the U.S. Department of Justice's call for "responsible encryption."
- A group of senators and congressmen have introduced a bipartisan bill that would create a new legal framework that would allow law enforcement to access U.S. electronic communications stored on servers located in other countries. The group includes Rep. Doug Collins (R-Ga.), Rep. Hakeem Jeffries (D-N.Y.), Sen. Orrin Hatch (R-Utah), Sen. Chris Coons (D-Del.), and Sen. Dean Heller (R-Nev.). They are calling on Congress to pass the bill, called the International Communications Privacy Act, and are supported by organizations such as Americans for Tax Reform and the R Street Institute, which penned a letter to the Congress pushing for the bill. With this new bill, the group of senators and representatives aims to update the Electronic Communications Privacy Act of 1986, which they argued is outdated. The International Communications Privacy Act would require law enforcement to obtain a warrant for all electronic data on U.S. citizens and allow law enforcement to access data on foreign nationals.
- Serious security flaws have been discovered in the way the Presidential Advisory Commission on Election Integrity, which is investigating voter fraud, handles the personal data of millions of voters. Illinois-based advocacy group Indivisible Chicago requested public records from Illinois and Florida on the Interstate Voter Registration Crosscheck Program. Crosscheck aims to identify people who are registered and voting in more than one state. Indivisible Chicago received emails and other documents from election officials, which showed several security issues with Crosscheck, including the freely available usernames and passwords. "The primary problem here is not that we have these passwords, but that every official and IT department involved in this process sends usernames, login passwords, and decryption passwords in clear text in email -- sometimes with up to eighty recipients," Indivisible Chicago wrote. "Anyone could have these passwords and could have had them at a time they could have been used while the ISBE would have been none the wiser."