Abstract | ||
---|---|---|
We investigate the security of Diffie-Hellman key exchange as used in popular Internet protocols and find it to be less secure than widely believed. First, we present Logjam, a novel flaw in TLS that lets a man-in-the-middle downgrade connections to \"export-grade\" Diffie-Hellman. To carry out this attack, we implement the number field sieve discrete log algorithm. After a week-long precomputation for a specified 512-bit group, we can compute arbitrary discrete logs in that group in about a minute. We find that 82% of vulnerable servers use a single 512-bit group, allowing us to compromise connections to 7% of Alexa Top Million HTTPS sites. In response, major browsers are being changed to reject short groups. We go on to consider Diffie-Hellman with 768- and 1024-bit groups. We estimate that even in the 1024-bit case, the computations are plausible given nation-state resources. A small number of fixed or standardized groups are used by millions of servers; performing precomputation for a single 1024-bit group would allow passive eavesdropping on 18% of popular HTTPS sites, and a second group would allow decryption of traffic to 66% of IPsec VPNs and 26% of SSH servers. A close reading of published NSA leaks shows that the agency's attacks on VPNs are consistent with having achieved such a break. We conclude that moving to stronger key exchange methods should be a priority for the Internet community. |
Year | DOI | Venue |
---|---|---|
2015 | 10.1145/2810103.2813707 | ACM Conference on Computer and Communications Security |
Field | DocType | Volume |
IPsec,Internet privacy,Eavesdropping,Precomputation,Key exchange,Computer science,Computer security,Server,Forward secrecy,Discrete logarithm,Diffie–Hellman key exchange | Conference | 62 |
Issue | Citations | PageRank |
1 | 80 | 2.82 |
References | Authors | |
26 | 14 |
Name | Order | Citations | PageRank |
---|---|---|---|
David Adrian | 1 | 222 | 11.07 |
Karthikeyan Bhargavan | 2 | 1325 | 76.07 |
Zakir Durumeric | 3 | 935 | 48.86 |
Pierrick Gaudry | 4 | 983 | 71.39 |
Matthew Green | 5 | 2007 | 114.98 |
J. Alex Halderman | 6 | 2301 | 149.67 |
Nadia Heninger | 7 | 885 | 50.78 |
Drew Springall | 8 | 140 | 5.82 |
Emmanuel Thomé | 9 | 480 | 33.41 |
Luke Valenta | 10 | 152 | 8.96 |
Benjamin VanderSloot | 11 | 100 | 4.96 |
Eric Wustrow | 12 | 564 | 37.93 |
Santiago Zanella Beguelin | 13 | 6073 | 475.81 |
PAUL ZIMMERMANN | 14 | 524 | 34.13 |