The US National Security Agency (NSA) has published guidelines instructing government agencies and suppliers involved in defense and national security on how to update obsolete encryption protocols.
Published on January 5, the recommendations (PDF) advise system administrators on how to detect and “replace unauthorized or deprecated TLS protocols with ones that meet current standards”, the agency said in a press release.
The advice extends to implementing a strong cipher suite and key exchange methods, plus server certificates issued by an authorized certification authority.
The NSA has also published server configurations and network signatures on its GitHub repository to help sysadmins update their network components.
TLS laggards
“Remediation is crucial to decreasing computer system and network attack surfaces and preventing unauthorized access to private data,” said the NSA.
“Obsolete TLS configurations are still in use in US Government systems” despite the NSA previously releasing urgent guidance on the issue, reads the guidance. “While the standards and most products have been updated, implementations often have not kept up.”
The guidelines are aimed at helping the Department of Defense (DoD), National Security System (agencies or contractors involved in national security), and Defense Industrial Base (weapons systems supply chain) comply with the Committee on National Security Systems Policy 15 (PDF), and guidance from the National Institute of Standards and Technology (NIST) and Committee on National Security Systems.
However, the guidelines also say: “Since these risks affect all networks, all network owners and operators should consider taking these actions to reduce their risk exposure and make their systems harder targets for malicious threat actors.”
‘Very few’ technical skills
Exploiting obsolete TLS protocol configurations requires “very few” technical skills, according to an infographic (PDF) published by the NSA to illustrate the threat.
Adversaries, say the guidelines, can use techniques such as “passive decryption and modification of traffic through man-in-the-middle attacks” (MitM) to access sensitive data such as
proprietary information, sensitive network files, HTTPS web traffic, passwords, and social security numbers.
New attack techniques for breaking TLS encryption emerge periodically.
‘A little disappointed’
Robert Merget, chair for network and data security at the Ruhr University Bochum, welcomed the guidance – but expressed reservations about certain specifics.
“Having a good TLS configuration and implementation is elemental, as it often is the first line of defense against Man-in-the-Middle attacks and mass surveillance,” he told The Daily Swig.
Government guidance is “often a major driving factor for better cryptography, not only for government services but also for the industry in general,” he added.
“Therefore, I appreciate that the NSA supports recent movements away from TLS 1.0 and 1.1 towards the more secure TLS 1.2 and 1.3.
“However, I am a little disappointed that the NSA still recommends RSA and DH(E) key exchange algorithms, as both have shown to have weaknesses and implementation pitfalls in the past.
“I was also surprised that the CBC-mode was not explicitly mentioned, as it is also a common cause for implementation errors in TLS and should be avoided if possible.”