Researchers from several universities have unveiled new weaknesses in the way Diffie-Hellman key exchange has been deployed in TLS implementations.
The Diffie-Hellman key exchange is a highly used cryptographic algorithm that enables two parties to agree on a shared key in a secure manner. It is used in several protocols (e.g. HTTPS, SSH, SMTPS etc.)
The researchers have published a technical report that details how Diffie-Hellman fails in practice. According to the report, implementations that deploy TLS with DHE_EXPORT ciphers are susceptible to this flaw.
Since Incapsula doesn’t support DHE ciphers nor does it support export-grade ciphers, customers using Incapsula are protected from this vulnerability.
This weakness, named ‘Logjam’, allows downgrading vulnerable TLS connections using Man-in-the-Middle (MitM) attacks to a 512-bit export-grade cryptography. This could allow perpetrators to hijack seemingly secured TLS connections.
The attack is similar to the recently published FREAK attack, as both exploit the TLS downgrade feature. However, Logjam attacks the Diffie-Hellman key exchange, while FREAK targets RSA key exchange.
To initiate the attack, the researchers precomputed two popular sets of weak Diffie-Hellman parameters, which enabled them to break any Diffie-Hellman key exchange. These parameters are used in DHE_EXPORT ciphers in order to support past regulations.
While they used 512-bit DH keys in their research, the researchers implied that nation-level agencies may attack a wider range of targets by precomputing stronger, more popular 1024-bit DH keys.
Below is a MitM attack leveraging Logjam, as demonstrated by the researchers (Source):
From the figure it is evident that the attack targets clients and servers using DHE ciphers.
Logjam puts many TLS-dependent services that support DHE_EXPORT ciphers at risk. The research also conducted a wide scan on the Alexa HTTPS Top 1M Websites that found that 8.6% of them are vulnerable to Logjam using 512-bit keys. The scan also found that with nation-level resources, 18% of the websites may be susceptible to the flaw.
Microsoft has already released a patch that resolves this vulnerability in different products, MS15-055 (CVE-2015-1716).
Incapsula, as a reverse proxy, terminates SSL/TLS connections, thus, mitigating the attack as it doesn’t reach the origin server.