Vulnerability of a Cryptosystem
Vulnerability of a Cryptosystem
The vulnerability that has been discovered has a primary affect to a cryptosystem and a secondary affect to a cryptosystem. The vulnerability in question is a weakness in the MD5 algorithm that would allow for collisions in output. As a result, attackers can generate cryptographic tokens or other data that illegitimately appear to be authentic. Now the secondary affect is that the MD5 hashes may allow for certificate spoofing on a Cisco ASA system. If an attacker was able to exploit this weakness on the University’s cryptosystem, the said attacker could construct forged data in a variety of forms that will cause software using the MD5 algorithm to incorrectly identify it as trustworthy. Since the underlying vulnerability occurs in a cryptographic primitive, specific exploitation scenarios vary widely depending on the nature of the data, the attacker has the ability to spoof and how it is validated by the software.
For example, in a particularly egregious vulnerability scenario, a victim user may be mislead into supplying sensitive information to a malicious website believing that it is authentic based on an apparently valid signed SSL certificate. There is currently not a fix or solution for the weakness/vulnerability. The best that has been presented are mere suggestions to implement. There are currently only (2) suggestions, those are, 1. Do not use MD5 algorithm, Software developers, Certification Authorities, website owners, and users should avoid using the MD5 algorithm in an capacity, it should be considered cryptographically broken and unsuitable for further use. 2. Scrutinize SSL certificates signed by certificates using MD5 algorithm. Users may wish to manually analyze the properties of web site certificates that are signed by signing certificates using the MD5 algorithm. The procedures for accessing certificate details differ depending on the software in use but the signature algorithm is often identified in the “Signature algorithm”, “Certificate Signature Algorithm”, or similarly named field.
Users of systems with the OpenSSL command line utility can view certificate properties using “openssl x509 -text” or a similar utility. Certificates listed as md5RSA or similar are affected. Such certificates that include strange or suspicious fields or other anomalies may be fraudulent since there are no reliable signs of tampering it must be noted that this workaround is error-prone and impractical for most users. For the secondary affect, Cisco announced that the hashing algorithm used in the digital certificates on the Cisco ASA cannot be changed; however, the ASA is unlikely to be affected by the attacks described in this research due to the way certificates are generated on the device. Also the Cisco IOS CA may be vulnerable to the attack described in this research when configured to utilize MD5 hashes in endpoint certificates, this is by default. The research that Cisco has mentioned for the weakness/vulnerability can be found here: http://tools.cisco.com/security/center/viewAlert.x?alertId=17341, listed below are (2) fixes that Cisco will be releasing for the Cisco ASA and the Cisco IOS CA.
While Cisco does recognize the weakness/vulnerability in the MD5 algorithm, it plans to alter the signature algorithm used in digital certificates and modify the methods utilized in creation of CA and endpoint certificates. They will address this in Cisco Bug ID: CSCsw88068. For the Cisco IOS CA, it has been announced that the device can be reconfigured to utilize a more secure hashing algorithm. Cisco plans to address this in the Cisco Bug ID: CSCsw90626 . When dealing with this type of weakness/vulnerability it will not be easy to replace the cryptosystem. Since all cryptosystems use MD5 algorithm by default, if the system were to be replaced with a different one, the new system would still be using MD5 until it was reconfigured to use a more secure setting and there is no guarantee that the new system would have that ability. Also, even with replacing the system, each signing certification would need to be manually inspected to make sure that is it not infected and there is still a high risk that some may get through.