OpenSSL Heartbleed Highlights Crypto Pitfalls

There is no shortage of bad advice online about crypto–or anything else, for that matter. And the recent mess involving the OpenSSL heartbleed vulnerability has brought out plenty of advice on building, implementing and repairing cryptosystems, but experts say that the fundamental truths about how to do these tasks hasn’t changed much.

Cryptosystems are the foundation of the security for much of the Internet. Protocols such as SSL/TLS help secure communications between users and banks, e-commerce sites and other services that rely on confidentiality. The crypto code in those systems is, like all code, fragile and subject to all kinds of outside influences.

Cryptographers for many years have been warning developers and anyone else who would listen to leave cryptosystem design to the expert and not build their own.

That advice hasn’t changed. If anything, it’s become even more important.

“Never invent your own primitives or protocols. Cryptographic protocols are fiendishly difficult to get right; even pros often get them wrong. Encryption algorithms are even harder to design. It’s certainly true that there have been very few known attacks on bad crypto by hackers not working for a major government. But ‘few’ is not the same as ‘none’—think of WEP—and many commercial sites have been targeted by governments,” Steve Bellovin, professor of computer science at Columbia University, wrote in a post on the topic.

The second point there is a key one. Crypto is implemented all over the place, and in a lot of places you might not expect. One of the things that the heartbleed fiasco has shown is that OpenSSL and its many cousins in the crypto world have spread far and wide on the Internet, which is a good thing. But it also means that the attack surface is potentially huge when a major bug such as heartbleed emerges. Vulnerable implementations could be virtually anywhere, and researchers have shown that to be true in the last few weeks.

The other part of the issue is that crypto attacks have continued to advance over the years, with new variants and innovative techniques emerging regularly. And with crypto code running in more and more places, the opportunities to make mistakes are increasing by the day.

“Crypto code, though, is special; there are precautions that need to be taken that are irrelevant anywhere else. Consider things like timing attacks: if you’re using RSA but haven’t implemented it with all due paranoia, an attacker can recover your private key just by seeing how long it takes you to respond to certain messages. There are cache timing attacks: if the attacker can run programs on the same computer as your crypto code (and this isn’t a preposterous notion in a world of cloud computing), it’s possible to figure out an AES key by watching what cache lines are busy during an encryption or decryption operation,” Bellovin said.

Of course the question, as always, is what other hidden crypto flaws on the level of heartbleed are lurking out there. The answer is almost certainly “plenty”. As Bellovin said, crypto code is still code and it has all of the natural fragilities and inherent problems that normal code has, with the added fun of it being critical for security. That code is written and implemented by humans, and we all know how that story ends.

Image from Flickr photos of Rachael Townes

Suggested articles