(A Javascript-enabled browser is required to email me.)

TBTF for 1995-12-15: Timing is all; Microsoft security in the crosshairs

Keith Dawson (dawson dot tbtf at gmail dot com)
Fri, 15 Dec 1995 16:41:21 -0500

Threads Quantum computers and quantum physics
See also TBTF for
1999-10-05, 01-04, 1998-11-03, 10-27, 09-14, 03-09, 03-02, 02-23, 1997-11-24, 09-15, 05-22, more...

Fundamental vulnerability identified in many public-key cryptosystems

Paul Kocher <pck at cryptography dot com> has discovered that some implementations
of public-key cryptosystems are vulnerable to an attack based on timing en-
cryption/decryption operations. Kocher's insight was that accurate timing of
these operations might yield information about the keys being used. The at-
tack is valid in theory against most of the public-key systems in widespread
use today: RSA, DES, Diffie-Hellman, and others. Kocher has written a prelim-
inary paper which the mathematically inclined among you might want to peruse:
<http://www.cryptography.com/timingattack.html>. Here is its abstract.

> ABSTRACT. Cryptosystems often take slightly different amounts of time
> to process different messages. With network-based cryptosystems, cryp-
> tographic tokens, and many other applications, attackers can measure
> the amount of time used to complete cryptographic operations. This ab-
> stract shows that timing channels can, and often do, leak key mater-
> ial. The attacks are particularly alarming because they often require
> only known ciphertext, work even if timing measurements are somewhat
> inaccurate, are computationally easy, and are difficult to detect.
> This preliminary draft outlines attacks that can find secret exponents
> in Diffie-Hellman key exchange, factor RSA keys, and find DSS secret
> parameters. Other symmetric and asymmetric cryptographic functions are
> also at risk. A complete description of the attack will be presented
> in a full paper, to be released later. I conclude by noting that
> closing timing channels is often more difficult than might be ex-
> pected.

Kocher is cautious enough to stress that the full significance of his dis-
covery is not yet known; but reportedly everyone who has seen his paper
(including Matt Blaze, Martin Hellman, and Ron Rivest) believes it to be

You might imagine that a timing-based attack of this sort could be pre-
empted by careful design, for instance by introducing random time delays
in encryption/decryption algorithms. But existing, deployed systems are
going to be difficult to patch up. Kocher is consulting with Netscape and
others to help design defenses against the vulnerability he has discovered.

The real damage this discovery does is to the confidence we can invest in
any given approach to cryptography over the long haul. I've been expecting
a development like this ever since I heard Ron Rivest speak on the then-new
technique of public-key encryption at DEC's research labs in 1977. I can't
claim any insight or prescience as to what kind of invention might eventual-
ly undermine PK -- I would have favored someone discovering a fast way to
factor primes. But in general it's not wise to bet on long-term limits to
human inventiveness.

What can we believe in? A provably secure encryption system, if such is pos-
sible. One-time pads? A knowledgable source tells me that "every time one-
time pads are mentioned, the cypherpunks list laughs." I plan to investigate
this claim and will let you know what I find. For one such proposal see TBTF
for 1995-10-03
. Encryption based on quantum uncertainty? British Telecomm is
experimenting in this area, but practical applications, if any, are years away.

Threads Microsoft security bugs and exploits
See also TBTF for
1999-08-30, 1998-02-02, 01-26, 01-19, 1997-11-17, 11-10, 10-20, 08-11, 06-23, 05-22, 05-08, more...

Microsoft quietly patches over a security chasm

A Win95 security bug has been discussed on the Windows 95 Net Bugs newsgroup
since 11/1. At this moment news of this bug headlines the newsgroup's FAQ at
<http://www-leland.stanford.edu/~llurch/win95netbugs/faq.html>. The bug in-
volves weak protection of the password of the Windows screensaver; instruc-
tions for cracking the password were posted to the Net. Microsoft has claimed
that no customers have complained about the problem, which seems not to be
strictly true. On 12/7 (the day of the Internet strategy announcements) Mic-
rosoft quietly posted a patch, and on 12/14 moved it to an official software-
update area; see <http://www.microsoft.com/windows/software/mspwlupd.htm>.
When you see this news in print, most likely first in PC Week, they'll cite
the old URL.

Thanks to FAQ owner Rich Graves <llurch at networking dot stanford dot edu> for the heads-
up on this affair.

Note added 1997-06-06: See this table for a summary of all Microsoft security exploits covered by TBTF in 1997.

Community ConneXion strikes again

The Berkeley "Internet Privacy Provider" that offered a tee shirt for suc-
cessfully hacking Netscape (and apparently inspired Netscape's own Bugs Bounty
program -- see next item) has opened up a new competition. Hackers are now
invited to discover and document security flaws in Microsoft products. The
contest is introduced on the C2 pages <http://www.c2.org/hackmsoft/> thus:

[Warren Dent] of Microsoft said [Netscape's] security deficiencies have
tainted electronic commerce on the Internet. -- Wall Street Journal 1995-09-28

Microsoft claims to be more secure than Netscape.

They will be proved wrong.

C2 also has hack contests running for Digicash Ecash and for Sun's Java. C2
provides anonymous email accounts, an anonymous remailer, and other privacy-
related services to the Net. They accept Ecash.

Netscape Bugs Bounties claimed

Netscape awarded two $1000 prizes to the discoverers of security-related
bugs or vulnerabilities in Netscape products. One went, not surprisingly,
to Paul Kocher (see above), though Netscape is careful to stress that Kocher
did not prove that Netscape Navigator in particular could be compromised by
applying his technique. (Disingenuous, I calls it.) The other prize was
awarded to Scott Weston <scott at tripleg dot com dot au>, whose claim to it I endorsed
in TBTF for 1995-12-02. Scott discovered and publicly exposed a security flaw in
Netscape Navigator 2.0 beta 2 that allowed JavaScript to extract the history of
a user's browser session. Netscape had already fixed the vulnerability by the time
of beta 3.

Everybody's getting an Internet strategy

The week after Microsoft surprised one and all with its Internet strategy
(see TBTF for 1995-12-02) Lotus announced one too. A tight integration of
Notes with HTTP, HTML, both secure sockets and secure HTTP, and Java
marks the growing consolidation of the formerly separate markets for
groupware, messaging applications, and the Web. Lotus will bundle a browser
with the next release of Notes and in a later release include a Web server
as well. Eventually Lotus may be backed into offering most of the Notes
functionality in its Web browser, given Microsoft's intention to incorporate
its not-yet-released Exchange into its Explorer browser. Lotus's announcement
means that they (and IBM) will stay solidly in the game against Microsoft (with
Exchange) and Netscape (with Collabra).

<http://www.lotus.com/mediadv/> is the top page for coverage of the Lotus
strategy and announcements. The white paper "Lotus Notes and the Internet"
at <http://www.lotus.com/mediadv/inwhtp.htm> provides a useful overview; its
appendixes summarize the products announced.

Essential tools

Don't look now

You cast your stone upon the waters and never know how far the ripples will
spread, to thoroughly mix a metaphor (and to egregiously split an infinitive).
There aren't yet any direct subscribers to TBTF at Netscape or Sun, but these
two stories appeared in Edupage the day after TBTF for 1995-12-10 hit the wires.
a Sun spokesman using the metaphor of prevertabrate evolution; the second
cites the Netscape CEO sounding uncannily like a Muhajadhin fighter. Coinci-
dence? Perhaps.

>>From Edupage (1995-12-11):

> ...Microsoft is putting together a formidable laboratory of computer
> research stars responsible for many major advances in the past two
> decades, although skeptics such as Sun's John Gage suggest their
> future is behind them: "The computer industry is preparing for the
> new life forms to emerge. Is Microsoft going down a pathway that
> refines jellyfish when it's time to leap to vertebrates?" (New York
> Times 11 Dec 95 C3)

> Netscape has vowed to wage a "dogfight" with Microsoft in setting
> standards for Internet software. CEO James Barksdale says his company
> will continue to develop products that operate independently of any
> particular computer operating system, noting that, "We offer freedom
> to the masses. It's a tough fight -- I'll grant you that -- but we're
> brave. We're well financed. We believe that God is on our side."
> (Investor's Business Daily 11 Dec 95 A7)


>>Edupage -- mail listproc@educom.edu without subject
> and with message: subscribe edupage <your name> .

TBTF alerts you twice a week to bellwethers in computer and communications
technology, with special attention to commerce on the Internet. See the
archive at <http://www.tbtf.com/>. To subscribe send the
message "subscribe" to tbtf-request@world.std.com. Commercial use prohib-
ited. For non-commercial purposes please forward and post as you see fit.
Keith Dawson dawson dot tbtf at gmail dot com dawson@atria.com
Layer of ash separates morning and evening milk.


Copyright © 1994-2022 by Keith Dawson. Commercial use prohibited. May be excerpted, mailed, posted, or linked for non-commercial purposes.