Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

3/7/2017
04:00 PM
Elad Menahem
Elad Menahem
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Google’s ‘SHA-1 Countdown Clock’ Could Undermine Enterprise Security

In the wake of a recently documented 'collision' attack, Google researchers should consider delaying the release of the code behind the crack until companies can roll out adequate patches. Here's why

The recent announcement from Google that researchers documented a collision with theSecure Hash Algorithm 1 (SHA-1) cryptographic hash function has enormous implications for the IT industry.

Whether it’s file reputation and whitelisting services or browser security, SHA-1 plays a critical role in today’s IT infrastructure. The algorithm allows, for, among other things, unique identification of datasets. Many content and file whitelisting vendors rely heavily on SHA-1 to distinguish between benign and malicious content.

The same is true for file reputation services. Within storage, vendors have used the algorithm to identify duplicate files. The algorithm is also used for digital signatures and file integrity verification, which secure credit card transactions, electronic documents, GIT open-source software repositories and software distribution.

From a security perspective, having datasets hash to the same SHA-1 digest (what’s called a “collision”), undermines the safety of the algorithm. Attackers could potentially create a malicious file with the same hash as a benign file, bypassing current security measures.

Equally alarming, though, is Google’s conduct in this manner. Google researchers say that they will publish the code - not merely a paper - enabling someone to create two PDF files with identical SHA-1 hashes within 90 days in accordance with the vulnerability policy practice by Project Zero, Google’s security and vulnerability research team. They have also released a tool that checks whether a file is vulnerable for collisions.

Time is of the Essence
The scale and severity of the problem may well require more than the 90 days for most vendors to publish patches, and for customers to apply them. SHA-1 is so widely deployed that it will take far too long to make the necessary infrastructural changes across every relevant product in the network.  

Obviously, we don’t know the details of the exact code Google will release in 90 days, but we are concerned that any code could accelerate the creation of a successful SHA-1 attack. Currently, most hackers are unlikely to reproduce the attack, if only because of the significant cost of the computational power needed to crack SHA-1.

A vendor’s ability to eliminate SHA-1 support will depend on several factors, including:

  • The product architecture
  • How the vendor managed the file hash database
  • How much the vendor depends on a specific hashing algorithm
  • Whether it’s easy to make the code change

This definitely will not be a quick fix for some vendors. While service providers will not face as many challenges as appliance vendors, thanks to the speed of service updates, it is unfair to force enterprises into a race to beat a Google-created SHA-1 countdown clock.

Rather, Google should provide a paper describing the attack in 90 days, and then release the code at a later date. This deviates from Google’s normal practice, but the mere documentation of a SHA-1 collision will be sufficient to accelerate the change to a better hashing algorithm.

“Told You So” is Not the Answer
Google’s blog seems to anticipate some of these issues by pointing out that they’ve long called for the elimination of SHA-1: “For the tech community, our findings emphasize the necessity of sun setting SHA-1 usage. Google has advocated the deprecation of SHA-1 for many years, particularly when it comes to signing TLS certificates,” according to the blog.

In fact, Google is hardly unique in its wish to eliminate SHA-1. In 2005, cryptanalysts first suggested that SHA-1 may not be secure enough for ongoing use, and since 2010 many organizations have recommended its replacement by SHA-2 or SHA-3. Further, Microsoft, Apple, Mozilla and Google have all announced that their respective browsers will stop accepting SHA-1 SSL certificates by 2017.

But the business of IT has always been about prioritizing the here-and-now over tomorrow. Companies try to maximize their resources by bringing products to market - not with every possible feature, but just the right features at the right time. Until now, SHA-1’s theoretical limitations have made replacing the algorithm a “to be” feature rather than an immediate concern. There had not yet been a practical SHA-1 collision, leaving vendors to continue using the algorithm as a hashing function.

What You Can Do
CISOs and their teams should immediately ask security vendors about their plans for replacing SHA-1. They should also implement plans to patch or update their systems to the latest revision.

All network and endpoint security vendors using whitelisting mechanisms for files should rely on a more secure hashing algorithm, such as SHA-256 or SHA-3, not  SHA-1.  Vendors should align their databases with the new hashes respectively.

Finally, enterprises will want to be sure that their vendors do not work with third-party resources, such as reputation services, that rely on SHA-1 or MD5, an even older, more insecure hashing algorithm.

Google has an aggressive approach to teaching vendors about security. We've seen this in several of the latest Project Zero publications and we see it in this issue. Google has long advocated for the depreciation of SHA-1; releasing the code now will assuredly achieve that aim.

Related Content:

 

Elad Menahem is the head of security research at Cato Networks, a disruptive cloud-based enterprise platform with a mission to make networking and security simple again. Elad served in an elite tech unit in the Israel Defense Forces (IDF) Intelligence Corps, and has more than ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Shantaram
50%
50%
Shantaram,
User Rank: Ninja
3/12/2017 | 3:07:00 PM
Re: 192.168.l.l
Well-written and interesting post. Thanks
pdp11hacker01
50%
50%
pdp11hacker01,
User Rank: Apprentice
3/7/2017 | 8:44:52 PM
Publishing the code is a non-issue
Publishing the code is a non-issue.  The code can't be used directly to forge certificates--that would be a serious practical improvement over what they have done.  Anyone who can make that improvement should also be able to re-create the code based on the paper.  Looking at it a different way: the attack is estimated to cost well over $100k to execute.  Anyone who can afford to execute the attack can afford to pay a grad student to read the paper and write the code.
Navigating Security in the Cloud
Diya Jolly, Chief Product Officer, Okta,  12/4/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industry’s conventional wisdom. Here’s a look at what they’re thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-16772
PUBLISHED: 2019-12-07
The serialize-to-js NPM package before version 3.0.1 is vulnerable to Cross-site Scripting (XSS). It does not properly mitigate against unsafe characters in serialized regular expressions. This vulnerability is not affected on Node.js environment since Node.js's implementation of RegExp.prototype.to...
CVE-2019-9464
PUBLISHED: 2019-12-06
In various functions of RecentLocationApps.java, DevicePolicyManagerService.java, and RecognitionService.java, there is an incorrect warning indicating an app accessed the user's location. This could dissolve the trust in the platform's permission system, with no additional execution privileges need...
CVE-2019-2220
PUBLISHED: 2019-12-06
In checkOperation of AppOpsService.java, there is a possible bypass of user interaction requirements due to mishandling application suspend. This could lead to local information disclosure no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVers...
CVE-2019-2221
PUBLISHED: 2019-12-06
In hasActivityInVisibleTask of WindowProcessController.java there?s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction ...
CVE-2019-2222
PUBLISHED: 2019-12-06
n ihevcd_parse_slice_data of ihevcd_parse_slice.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-8.0 Android...