June 26, 1998 2:05 PM PDT
E-commerce crypto code cracked
A computer scientist at Lucent Technologies' research arm in Murray Hill, New Jersey, this week discovered a way to crack encryption code from secured Web sites. Web server software firms have been scrambling this week to get a software patch to customers to plug the security hole.
In theory, the discovery means a hacker could access a Web shopper's credit card number, address, and other vital information as the user conducts a transaction.
"The mechanism used is to send particular messages to a server and observe the error messages," Daniel Bleichenbacher, the scientist who uncovered the security breach told CNET NEWS.COM. "This gives me a bit of information of what a decrypted message looks like. Whenever I don't get an error message back, I also have some information on what the secret message looks like."
Bleichenbacher's department was researching ways of cracking various security protocols. He said he chose the Public Key Cryptography Standard (PKCS) No. 1 protocol because it is so widely used in electronic commerce. He explained that the method means someone needs to repeatedly send about a million carefully constructed messages to a target server and that the hacker would need a special connection to screen out any other Internet traffic.
The scientist also stressed that the sheer volume of messages required should alert a network administrator to trouble.
"If they have a log and a batch log, they could see if an attack took place or not," Bleichenbacher added. "You can detect when an attack takes place."
The news is still disheartening to the electronic commerce industry, which is fighting a battle to persuade the public and corporate users that the Internet is a safe place to conduct business.
Commerce software firms quickly went into a flurry of activity, writing and distributing a software patch that would fix the problem. The companies issuing the patch include Netscape Communications, Microsoft, and Security Dynamics Technologies' RSA Data Security unit, which uses SSL (Secure Sockets Layer) technology as a key element in online commerce.
SSL is a key protocol for secure Internet commerce and communications. Virtually all Internet credit card transactions today use SSL. However, this security weakness is in specific implementations of SSL that use RSA's PKCS 1 tools, not in the standard itself.
"No updates are required for Internet client software," noted a Microsoft security bulletin, which "strongly recommends" that customers using SSL on their Internet servers install the patch. Netscape did likewise and said Bank of America, its own Netcenter site, and other leading financial sites have already installed the patch.
"The problems and updates have been rolled out before any attack was ever mounted," said Brian Byun, Netscape's group product manager for security products. "We take security issues very seriously, even if theoretical, as this one was." Netscape termed the weakness "nearly impossible to exploit."
"The patch, like all great things in life, is amazingly simple," said Scott Schnell, vice president of marketing at RSA. "The way a server vendor solves the problem is if someone sends an improperly formulated message and you patch the mechanism so it always returns the same message, there is no way for the hacker to get the session keys."
Schnell explained that the error messages are implemented by the programmers to track problems during the development and testing phases. He added that so far the hacking has been isolated to a laboratory environment and has not taken place in the real world.
"Discoveries like this are inevitable, and we have built them into being part of our business," Schnell noted. "If we didn't, we wouldn't have been ready for such an event as this. We are confident that there will be other discoveries, and it is not if and when but how well people handle the problem when it is discovered."
A complete scenario of the breach can be found on RSA's Web site.
"The vulnerability affects interactive key establishment protocols that use the PKCS 1, including SSL," RSA executives said in a statement. "The vulnerability does not apply to PKCS 1-based secure messaging protocols, such as SET (Secure Electronic Transactions) and S/MIME (Secure Multipurpose Internet Mail Extension) because they are not susceptible to or already implement mechanisms preventing this potential vulnerability."
Bleichenbacher said he will continue his work to see if other holes can be found in systems and other types of protocols.
In the network security field, researchers often publicize weaknesses to motivate vendors to update their products and install the protection. This particular vulnerability was in Web servers, meaning that individuals using Web browsers don't need to do anything. Also, it means the weakness will be easier to fix than if every browser had to be updated.
However, users likewise won't know for sure if a Web site has fixed the security hole.
Reuters contributed to this report.