Microsoft’s CryptoAPI flaw/CurveBall: a teaser of the quantum threat

By Mike Brown, CTO & Co-founder, ISARA Corporation

Published on January 17, 2020

The National Security Agency recently discovered a major cryptographic flaw in Microsoft’s low-level code within their operating system. This flaw, now known as CurveBall, was found within Windows CryptoAPI and effects the way Elliptic Curve Cryptography (ECC) x.509 certificates are validated, giving attackers the ability to “undermine how Windows verifies cryptographic trust,” as stated in the NSA’s Cybersecurity Advisory on this issue.

On 14th January 2020, Microsoft released a software update to fix this serious security vulnerability. Yet, due to the potentially severe nature of this vulnerability, they first made the patch available to the US government, military and “other high-value customers/targets that manage key Internet infrastructure.” If exploited by attackers, it would give them the ability to spoof digital signatures, essential for digital security and trust.

Initially reported by Brian Krebs at KrebsOnSecurity, this story has since made headlines in major news outlets, such as the Washington Post, Tech Crunch, and Wired, all of which include public comments from Anne Neuberger, director of the NSA’s Cybersecurity Directorate.

The effect of trust vulnerabilities in a digital world

The data breaches we hear about in the news frequently do not involve issues with low-level code in the application stack. For example, the Capital One breach in August 2019 was due to an insider threat. But when vulnerabilities do occur in the foundational layer of a system, the impact can be severe.

If an attacker were to exploit CurveBall flaw successfully, they could essentially appear as a legitimate entity “to defeat trusted network connections and deliver executable code.”

The attacker could then:

  • Remotely install malware on a system to take over devices
  • Present content as if it was from a legitimate, trusted source

For a sophisticated attacker, spoofing a generic software update could be as easy as these five steps.

However, spoofing a Windows Update would be challenging in practice due to additional protective mechanisms, such as Certificate Pinning. Certificate Pinning is used to protect against impersonation attempts by associating a specific host with a specific certificate or public key so that if an attacker attempts to use something different, an error message is displayed.

At the time of publishing, Crowdstrike and Windows Defender Antivirus are both updated to detect the CurveBall flaw.

While this doesn’t minimize the severity, it simply means that to design a secure system, you need to focus on placing security controls throughout a system instead of relying solely on cryptography to do the job. This concept is commonly referred to as “defence in depth.”

A teaser of the more significant “quantum threat”, and the one big difference

Quantum computing’s effect on public-key cryptography will result in similar vulnerabilities but on a much broader scale. Almost everything that securely connects uses public-key cryptography for authentication, which is at risk due to the quantum threat. (Need to get up-to-speed on the quantum threat in under 30 minutes? Watch our on-demand webinar “Quantum Computing and its Threat to Cybersecurity.”)

The critical difference between a quantum-enabled spoofing attack is gaining control by exploiting weaknesses in the underlying math, whereas the CurveBall flaw is about exploiting a cryptographic implementation issue, to spoof the identity of a legitimate source. In both cases, the effect is the same and is a telling example of what could happen in the future where a large-scale quantum computer exists.

The solution will require more than a patch

Another equally important difference between the quantum threat and the Microsoft CryptoAPI vulnerability is how to protect against the threat.

Microsoft urgently issued a patch, and now Microsoft system administrators are left with the task of ensuring their systems are updated (likely for weeks and months to come.) Protecting against the quantum threat is much more complex.

Everything that securely connects using RSA or ECC will need to be updated with quantum-safe cryptographic algorithms. This will impact everything from low-bandwidth devices to securely browsing the Internet. As previously mentioned, cryptography is deeply embedded in the application stack, and that is what makes it challenging to switch out easily and quickly. For example, SHA-1 was deprecated in 2004, yet it took over a decade to transition to SHA-2 and this transition is still ongoing within the federal government and countless enterprises.

The most urgent cases to address today are where cryptography is physically embedded into devices as a root of trust and it needs to be changed in order for end-user devices and applications can use quantum-safe security. For high-value, long-lived assets out in the field, such as satellites, military devices, implanted medical devices, connected vehicles, transitioning to quantum-safe cryptography will be both a financial and logistical challenge. This transition will take several years or more, and with large-scale quantum computing on the horizon (experts estimate within 7-15 years), waiting to start planning unnecessarily puts organizations at risk.

Getting started now

ISARA was founded with the vision of creating a quantum-safe world where the possibilities and benefits of quantum computing can be realized without giving up digital trust and privacy.

To move the industry forward and to make this vision a reality, we help security solution providers and OEMs understand the quantum threat, prioritize the products that need to transition now, and ultimately bring the world’s first quantum-safe, standards-based and backward compatible products to market.

Our technology partners include leading security solution providers such as Thales, DigiCert, BlackBerry and Utimaco. They’ve seamlessly integrated our crypto-agile technologies and quantum-safe algorithms into core security products today, helping industries with long-lived connected devices and sensitive communications start transitioning today.

If your hardware or software security products rely on public-key cryptography for security, get in touch with us and we can help you get started with crypto-agility and quantum-safe security today.