Heartbleed, OpenSSL and stolen keys – the attack keeps on giving
Once again the importance of sound key management has been brought into sharp focus. The Heartbleed bug found in OpenSSL, one of the most common means of encrypting data on the internet and internal networks, provides a way for attackers to potentially access private keys. In the context of SSL/TLS, stealing the private key enables the attacker to decrypt traffic or spoof the site and yet seem legitimate. In this case, attackers could have been doing this since 2011 and can continue to do it until the software is patched and keys and certs are remediated. Unfortunately replacing keys and certificates is expensive and time consuming but even when it’s done we still need to address the question of how can we stop this from happening again?
Before getting into solutions it’s important to understand what we’re dealing with. I’m biased, but keys really are special. They maybe just ones and zeros but they’re not just regular data. Keys represent trust and their secrecy and integrity determine whether that trust can be relied upon. Think of keys as the anchor points for reputation, confidence and value and if those anchors prove to be weak the implications can be enormous. Now, most people tend to think about keys and cryptography as being very logical, very binary – data is either encrypted or it is not, digital signatures either validate or they do not and certificates can be trusted or not, there’s no middle ground. That’s why encryption is such a convenient, and therefore common, safe harbor in data breach disclosure laws – if the data is encrypted it doesn’t matter that it was lost. But in reality this is a dangerous simplification. There are many shades of grey when it comes to crypto and most of them revolve around key management.
Attacks against keys are some of the most insidious attacks there are and the impact can be devastating. Key theft, such as that made possible by Heartbleed may go undetected for months or years and allow attackers to exploit keys at their leisure to unpick historic as well as future data until those keys are replaced. If stealing data such as credit card details or passwords is the equivalent of stealing money, stealing keys is the equivalent of stealing the machine that makes the money. Stealing keys is quite literally the attack that keeps on giving. And, it’s not just a concern over data loss. The theft, or even suspected theft of keys used as part of a trust infrastructure, for example a PKI, has immediate and painful implications. Attacks against root keys, the keys used to issue employee smart cards, application ID certificates and device credentials bring the trustworthiness of the entire system into doubt and may force all credentials to be replaced taking the systems and devices that rely on them offline until the process is completed.
The demonstration how to steal the private key from OpenSSL with heartbleed attack:
The good news is that protecting keys from theft is a solvable problem, in fact if you have a smart phone or laptop you already carry around technology that was designed to do just that. What started as a technology to protect keys in ATMs and retail point of sale devices as well as military encryption systems is well established as a way to harden crypto systems in general. By adding layers of protection to prevent physical tampering and to insulate against attack by malicious software or even unscrupulous insiders the keys and the software processes that use them (like encryption) can be made considerably more secure.
Of course, protecting phones and laptops is important but servers are where the money is. Whether we’re talking about eCommerce web sites, payment processing services, data analytics, records management, PKI or a host of other services these server based applications need protection. And, as a result thousands of organizations already take the step of using crypto devices known hardware security modules (HSMs) to deliver higher levels of assurance and trust. Devices such as the Thales nShield and payShield HSMs protect keys and ensure that they can’t be easily stolen, modified or misused even if the attacker has access to the host machine. In some industries the use of HSMs is a hard mandate for establishing the necessary levels of trust and in others it is rapidly becoming a well-established best practice. In fact, research firm Gartner* recently gave this advice to organizations considering either deploying or revamping their PKI certificate authority (CA) “Key management and storage for the CA itself should be implemented using an HSM capable of protecting against logical and physical attacks on the key store. Such devices should be appropriately accredited to standards such as FIPS 140-2 or other national equivalent.”
Attacks such as Heartbleed and recent disclosures by Edward Snowden have caused some to question the value of encryption as a core technology. Nothing could be further from the truth. Cryptography is the mainstay of trust in a digital world and without it privacy and our journey to the cloud would be nothing more than pipedreams. In reality, what we are witnessing is the exploitation of poor implementations of crypto systems and weak key management rather than the discovery of fundamental flaws. To combat these increasingly sophisticated attacks and to build confidence in their key management systems all organizations should strongly consider using hardened and independently certified key management devices such as HSMs to protect their most value data and critical security infrastructure.
To learn more about how to integrate Apache HTTP Server (using OpenSSL) with nShield to protect the SSL private key, download a copy of the Thales integration guide below:
*“Decision Point for Public-Key Infrastructure” – Gartner, July 2012