How The NSA Published Vulnerability Might Work …

Overall the NSA does not have a strong track record in releasing details of zero-day threats, so when they release a crypto bug, you take…

How The NSA Published Vulnerability Might Work …

Overall the NSA does not have a strong track record in releasing details of zero-day threats, so when they release a crypto bug, you take notice!

This week, the NSA thus announced a major vulnerability within Window 10, and where users are advised to urgently patch their system:

“This month we addressed the vulnerability CVE-2020–0601 in the usermode cryptographic library, CRYPT32.DLL, that affects Windows 10 systems. This vulnerability is classed Important and we have not seen it used in active attacks.” reads a blog post published by Microsoft.

The vulnerability points to a problem with the validation of elliptic curve certificates, and where an attacker could recreate a private key from a trusted public key, and where the private key could be used to sign malicous software.

So let’s think about how this vulnerability could work? Overall with elliptic curve cryptography, we have a key pair, and which has a private key and a public key. The private key is used to sign programs on a system, and then the public key is used to prove the trustworthiness of the program. We then have distributable digital certificates which contain a public key, and which is paired with a private key for the trusted entity.

For elliptic curve methods, we have a public key and which is a point on a specific elliptic curve. This public key point is based on a base point (G) and a private key value (n), and where we add the point G, n times:

Pub= nG

For a safe curve, it is not possible for us to determine n, even if we have the base point (G) and the public key point (Pub).

For example, Curve 25519 has the following parameters [here]:

a: 486662
b: 1
G: (9, 14781619447589544791020593568409986887264606134616475288964881837755586237401L)
P: 57896044618658097711785492504343953926634992332820282019728792003956564819949

and which is takes the form of:

y²=x³+ax+b (mod P)

In this case, Curve 25519 (and which has a prime number — P — of 2²⁵⁵-19) is seen as a safe curve.

The vulnerability looks to be a problem with the checking of the curve, and where an adversory could create an unsafe curve (with G,a,b and p values). and then determine the value of n_hack which matches the curve:

Pub = n_hack x G_hack

In this case, n_hack can then be used to sign for applications.

Conclusions

It is thus possible that a hacker can create their own weak elliptic curve, and which includes the point defined by the public key of a trusted signer. The adversory then selects a base point, and can easily find the private key. This means that Microsoft Windows 10 is not checking that a valid elliptic curve is being used. Some well known ones are here:

Elliptic Curve Diffie Hellman (ECDH) with different elliptic curves
Back] Elliptic Curve Diffie Hellman (ECDH) is used to create a shared key. Overall an elliptic curve has the form of…asecuritysite.com