Abstract
The Curveball vulnerability exploits defective ECC public-key comparisons without matching domain parameters on X.509 certificates in MS Windows. Attackers can forge certificate chains that have the same public key value as a Windows-trusted certificate to establish fake HTTPS websites or sign malware binaries, which will be successfully verified without any alerts. This paper expands the Curveball attack to Elliptic-curve Qu-Vanstone implicit certificates, which are ECC-specific and have reduced certificate size and computation cost of certificate validation. We present two versions of the Curveball+ attack that target the implicit certificate validation where the verifiers are prone to the Curveball vulnerability. We discuss different types of certificate chains, implicit and hybrid, and various certificate trust list entry structures and certificate formats. We prove that verifiers that compare the final public key of implicit certificates are secure against Curveball+ version 1 attacks, but Curveball+ version 2 attacks will succeed certificates in M2M format due to the assailable standard description. Our work has preventive values for developers to avoid some of the potential implementation pitfalls.
This work was supported by the National Key R &D Program of China (Award No.2020YFB1005800). Wei Wang is the corresponding author.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The definition is also suitable for our Curveball+ v1/v2 attacks.
- 2.
For simplicity, the algorithm only displays one CTL entry but the full CTL list is used. In addition, several crucial checks are omitted, but they are irrelevant to our analysis and can be easily modified by a Curveball attacker.
- 3.
See https://github.com/tyj956413282/curveball-plus.git for source code.
- 4.
\(\lambda \) represents the bit-number of \(\#\mathbb {E}\) (the number of all EC points in \(\mathbb {E}\)).
References
CertVerifyCertificateChainPolicy function (wincrypt.h) (2021). https://docs.microsoft.com/en-us/windows/win32/api/wincrypt/nf-wincrypt-certverifycertificatechainpolicy
Certificate key matcher (unknown). https://www.sslshopper.com/certificate-key-matcher.html
Administration, C.E.: SM2 elliptic curve public key algorithms (2010)
BlackBerry: Certicom device certification authority for zigbee smart energy (nd). https://blackberry.certicom.com/en/products/managed-certificate-service/smart-energy-device-certificate-service
Brown, D.R.: SEC 2: Recommended elliptic curve domain parameters. In: Standars for Efficient Cryptography (2010)
Brown, D.R., Campagna, M.J., Vanstone, S.A.: Security of ECQV-certified ECDSA against passive adversaries. Cryptology ePrint Archive (2009)
Brown, D.R.L., Gallant, R., Vanstone, S.A.: Provably secure implicit certificate schemes. In: Syverson, P. (ed.) FC 2001. LNCS, vol. 2339, pp. 156–165. Springer, Heidelberg (2002). https://doi.org/10.1007/3-540-46088-8_15
Brubaker, C., Jana, S., Ray, B., Khurshid, S., Shmatikov, V.: Using frankencerts for automated adversarial testing of certificate validation in SSL/TLS implementations. In: 2014 IEEE Symposium on Security and Privacy, pp. 114–129. IEEE (2014)
Campagna, M.: SEC4: Elliptic curve Qu-Vanstone implicit certificates, version 1.0. Tech. rep., Standards for Efficient Cryptography (2013)
ETSI, T.: ETSI TS 103 097 v1.1.1-intelligent transport systems (ITS); security; security header and certificate formats. Standard, TC ITS (2013)
Ford, W., Poeluev, Y.: The machine-to-machine (M2M) public key certificate format. Internet-Draft draft-ford-m2mcertificate-00, IETF Secretariat (2015)
Forum, N.: Signature record type definition, technical specification, v2.0 (2014)
Georgiev, M., Iyengar, S., Jana, S., Anubhai, R., Boneh, D., Shmatikov, V.: The most dangerous code in the world: validating SSL certificates in non-browser software. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 38–49 (2012)
IEEE 1609 Working Group and others: IEEE standard for wireless access in vehicular environments-security services for applications and management messages. IEEE STD 1609(2) (2016)
Johnson, D., Menezes, A., Vanstone, S.: The elliptic curve digital signature algorithm (ECDSA). Int. J. Inf. Secur. 1(1), 36–63 (2001)
Labs, M.: What CVE-2020-0601 teaches us about Microsoft’s TLS certificate verification process (2020). https://www.mcafee.com/blogs/other-blogs/mcafee-labs/what-cve-2020-0601-teaches-us-about-microsofts-tls-certificate-verification-process/
Mavrogiannopoulos, N., Vercauteren, F., Velichkov, V., Preneel, B.: A cross-protocol attack on the TLS protocol. In: Proceedings of the 2012 ACM Conference on Computer and Communications Security, pp. 62–72 (2012)
Msahli, Cam-Winget, W.: Internet X.509 public key infrastructure certificate. Tech. rep., RFC 8902 (2020)
National Security Agency: Patch critical cryptographic vulnerability in Microsoft windows clients and servers (2020). https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF
Paganini, P.: Two PoC exploits for CVE-2020-0601 nsacrypto flaw released (2020). https://securityaffairs.co/wordpress/96486/uncategorized/cve-2020-0601-nsacrypto-exploits.html
Poeluev, Y., Ford, W.: Transport layer security (TLS) and datagram transport layer security (DTLS) authentication using m2m certificate. IETF Secretariat (2015)
Pointcheval, D., Stern, J.: Security proofs for signature schemes. In: Maurer, U. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 387–398. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68339-9_33
Polk, T., Housley, R., Bassham, L.: Algorithms and identifiers for the internet X.509 public key infrastructure certificate and certificate revocation list (CRL) profile. Tech. rep., RFC 3279 (2002)
Pollicino, F., Stabili, D., Ferretti, L., Marchetti, M.: An experimental analysis of ECQV implicit certificates performance in VANETs. In: 2020 IEEE 92nd Vehicular Technology Conference (VTC2020-Fall), pp. 1–6. IEEE (2020)
Qi’an Xin Codesafe: Detailed analysis of CVE-2020-0601 vulnerability (in Chinese) (2020). https://blog.csdn.net/smellycat000/article/details/104057852
Romailer, Y.: CVE-2020-0601: The Chainoffools/Curveball attack explained with POC (2020). https://research.kudelskisecurity.com/2020/01/15/cve-2020-0601-the-chainoffools-attack-explained-with-poc/
Schnorr, C.P.: Efficient identification and signatures for smart cards. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 239–252. Springer, New York (1990). https://doi.org/10.1007/0-387-34805-0_22
Simpson, J.: A technical analysis of Curveball (cve-2020-0601) (2020). https://www.trendmicro.com/en_us/research/20/b/an-in-depth-technical-analysis-of-curveball-cve-2020-0601.html
Wagner, D., Schneier, B., et al.: Analysis of the SSL 3.0 protocol. In: The Second USENIX Workshop on Electronic Commerce Proceedings, vol. 1, pp. 29–40 (1996)
Whyte, W., Weimerskirch, A., Kumar, V., Hehn, T.: A security credential management system for V2V communications. In: 2013 IEEE Vehicular Networking Conference, pp. 1–8. IEEE (2013)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Appendices
Appendix 1 Proofs of the Q2P Problem
The format \([m,P]\) represents the certificate \(\textsf{ICert}[P,\mathbb {E}(G)]\) in the security model, where \(m\) represents the other information of \(\textsf{ICert}\) except the EC Point \(P\), renamed as the message. The rigorous definition of Q2P is described as follows.
Definition 1
Given an Elliptic Curve \(\mathbb {E}\), a hash function \(\textrm{Hash}\) and an EC Point \(Q\), Q2P problem asks for a message \(m\) and another EC Point \(P\) such that \(Q = \textrm{Hash}(m,P) \cdot P\).
In the random oracle model, we define the game for an adversary \(\mathcal {A}\) to solve Q2P problem as \(\textrm{Game}_{\mathcal {A}}^{{{\,\textrm{Q2P}\,}}}\big (\lambda ,\mathbb {E}\big )\)Footnote 4 with a hash oracle \(\mathcal {O}_\mathcal {A}^{\textrm{Hash}}\). Note that the attacker in reality limits the \((x,y)\)-coordinates of \(G'\) in the output \(m\) (Sect. 4), more complex than Definition 1 with arbitrary \(m\).
Lemma 1
In the random oracle model, the EC-Schnorr family of signature schemes in \(\mathbb {E}(G)\) is secure if the ECDLP problem in \(\mathbb {E}(G)\) is intractable.
The variant of the Schnorr signature for a message \(m\) with the private key \(b\) can be expressed as \(\sigma :=(R,s)\) where the EC Point \(R := k \cdot G\) with random secret \(k\), and the integer \(s := b + k \cdot \textrm{Hash}(m, R)\). To verify the signature, one checks that \(s \cdot G = \textrm{Hash}(m, R) \cdot R + B\) with the public key \(B\).
Pointcheval and Stern [22] have proved Lemma 1 by constructing a reduction from ECDLP to the variant EC-Schnorr Signatures with the “forking lemma”.
Theorem 1
In the random oracle model, Q2P problem in \(\mathbb {E}\) is difficult if the Schnorr Signature Scheme in \(\mathbb {E}(G)\) is secure.
Proof
We just reveal the following experience: assuming that there exists a successful adversary \(\mathcal {A}\) solving the Q2P problem, construct a polynomial algorithm \(\mathcal {B}\) that uses \(\mathcal {A}\) as a subroutine to forgery the EC-Schnorr signature with nonnegligible probability. The game \(\textrm{Game}_{\mathcal {B}}^{{{\,\textrm{Schnorr}\,}}}\) runs as follows:
-
1.
After receiving the public key \(B\), randomly select an integer \(s\in \left[ 1,n\right) \) as a part of the output signature and calculate the final public key \(Q := s \cdot G-B\);
-
2.
To obtain the message and another part of the signature, run \(\textrm{Game}_{\mathcal {A}}^{{{\,\textrm{Q2P}\,}}}\big (\lambda ,\mathbb {E}\big )\) with \(\mathcal {O}_{\mathcal {B}}^{\textrm{Hash}}\);
-
3.
If \(\mathcal {A}\) wins with output \((m', P')\), construct and output the message with the forged signature \(\big (m',\sigma ' := (P', s)\big )\); otherwise, terminate \(\perp \).
The following two factors allow \(\mathcal {B}\) to pass the game, which proves the correctness.
-
1.
New message: \(m'\) is suitable since \(\mathcal {B}\) did not make any signature query.
-
2.
Signature verification: the verification with signature \(\sigma '\) will be passed due to \(\textrm{Hash}(m',P') \cdot P' + B = Q + B = (s\cdot G - B) + B = s \cdot G\).
If \(\mathcal {A}\) runs in polynomial time and succeeds with nonnegligible probability, so will \(\mathcal {B}\). But by hypothesis, no such \(\mathcal {B}\) can make a forged variant EC-Schnorr signature in \(\mathbb {E}(G)\). Therefore, no adversary \(\mathcal {A}\) exists in the random oracle model, and the proof of this theorem is complete.
Combing Lemma 1 and Theorem 1, we can get that the Q2P problem is based on the ECDLP problem.
Appendix 2 Rationality of the Hybrid Verifier \(\mathcal {V}_{N,P}\)
The rationality of a hybrid verifier \(\mathcal {V}_{N,P}\) is that any certificate holder, except a self-signed holder, cannot change the certificate type so that the verifier will accept it. That is, transforming an explicit certificate into implicit (E2I), and transforming an implicit certificate to explicit (I2E). The rationality of \(\mathcal {V}_{N,P}\) is based on the ECDLP assumption with two additional oracles: an ECDSA signature oracle \(\mathcal {O}^{\textrm{Sign}}\) and an ECQV certificate oracle \(\mathcal {O}^{{{\,\textrm{ECQV}\,}}}\). Both ECDSA and ECQV algorithm are also based on the ECDLP assumption [7, 15], thus our ECDLP attacker have the ability to ask \(\mathcal {O}^{\textrm{Sign}}\) and \(\mathcal {O}^{{{\,\textrm{ECQV}\,}}}\). To simplify our proofs, we use the explicit certificate as an example.
Transform Explicit Certificates. Assume that a trusted certificate chain \(\{{\textsf{ECert}}_1,\) \({\textsf{ECert}}^{{{\,\textrm{R}\,}}}_0\}\) is stored in the verifier \(\mathcal {V}_{N,P}\). We define \(\textrm{Game}^{E2I}_{\mathcal {A}, \mathcal {V}_{N,P}}(\textsf{ECert}, n)\) as follows: After receiving a certificate chain \(\big \{{\textsf{ECert}}_{1}[Q_1, \mathbb {E}(G_1); \sigma _0],{\textsf{ECert}}^{{{\,\textrm{R}\,}}}_{0}[Q_0,\) \(\mathbb {E}(G_0); \sigma ]\big \}\) with a private key \(d_1\) where \(Q_1=d_1\cdot G_1\), output a forged nonroot implicit certificate with a private key \((d', {\textsf{ICert}}_{\mathcal {A}}[P', \mathbb {E}(G_1)])\) so that the final public key satisfies \(Q' := \textrm{Hash}({\textsf{ICert}}_{\mathcal {A}}) \cdot P' + Q_0 = d' \cdot G_1\) and \(P' = Q_1\).
Theorem 2
In the random oracle model, I2E does not exist in normal \(\mathcal {V}_{N,Q}\) if the ECDLP problem is hard to solve.
Proof
We design \(\textrm{Game}^{{{\,\textrm{ECDLP}\,}}}_{\mathcal {B}}(n, \mathbb {E}(G))\) using \(\textrm{Game}^{E2I}_{\mathcal {A}, \mathcal {V}_{N,P}}\) \((\textsf{ECert}, n)\) as follows:
-
1.
After receiving the public key \(B\), randomly select \(d_1\in [1,n)\) and generate the two certificates \({\textsf{ECert}}^{{{\,\textrm{R}\,}}}_0[B,\mathbb {E}(G);\sigma ]\), \({\textsf{ECert}}_1[Q_1,\mathbb {E}(G);\sigma _0]\) where \(\sigma \) and \(\sigma _0\) are obtained by asking the signature oracle \(\mathcal {O}_{\mathcal {B}}^{\textrm{Sign}}\) and \(Q_1 := d_1 \cdot G\). Send \(\big (\{{\textsf{ECert}}_1,{\textsf{ECert}}^{{{\,\textrm{R}\,}}}_0\}, d_1\big )\) to \(\mathcal {A}\).
-
2.
Judge \(\mathcal {A}\)’s answer when \(\mathcal {A}\) outputs as \((d', {\textsf{ICert}}_{\mathcal {A}})\).
-
3.
If \(\mathcal {A}\) wins, calculate \(d_0 = d' - \textrm{Hash}({\textsf{ICert}}_{\mathcal {A}}) \cdot d_1\), and output \(b:=d_0\).
We state that \(B=b \cdot G\) for correctness, under the premise of \(Q_1=P'\) in \(\mathcal {V}_{N,P}\). We have \( B = Q' - \textrm{Hash}({\textsf{ICert}}_{\mathcal {A}}) \cdot P' = \big (\textrm{Hash}({\textsf{ICert}}_{\mathcal {A}}) \cdot d_1 + b\big ) \cdot G - \textrm{Hash}({\textsf{ICert}}_1) \cdot P' = b \cdot G \). If \(\mathcal {A}\) successfully constructs the eligible nonroot implicit certificate, \(\mathcal {B}\) is also successful in solving the ECDLP problem, proving the theorem.
Transform Implicit Certificates. Assume that a trusted certificate chain \(\big \{{\textsf{ICert}}_{1}\) \([P_1, \mathbb {E}(G)],{\textsf{ECert}}^{{{\,\textrm{R}\,}}}_{0}\) \([B, \mathbb {E}(G); \sigma ]\big \}\) is stored in the verifier \(\mathcal {V}_{N,P}\). We define \(\textrm{Game}^{I2E}_{\mathcal {A}, \mathcal {V}_{N,P}}\) \((\textsf{ICert}, n)\) as follows: After receiving \(\{{\textsf{ICert}}_1,\) \({\textsf{ECert}}^{{{\,\textrm{R}\,}}}_0\}\) and \((d_1, k')\) where \(Q_1:=\textrm{Hash}({\textsf{ICert}}_1) \cdot P_1 + Q_0 = d_1 \cdot G\text {,}\) (\(k'\) is defined in the ECQV procedure for \({\textsf{ICert}}_1\)), output a forged nonroot certificate with a private key \(\bigl (d', {\textsf{ECert}}_{\mathcal {A}}[Q', \mathbb {E}(G);\sigma _0]\bigr )\) so that \(Q' := d' \cdot G = P_1\).
Theorem 3
In the random oracle model, I2E does not exist in normal \(\mathcal {V}_{N,P}\) if the ECDLP in \(\mathbb {E}(G)\) is hard to solve.
Proof
We design \(\textrm{Game}^{{{\,\textrm{ECDLP}\,}}}_{\mathcal {B}}(n, \mathbb {E}(G))\) using \(\textrm{Game}^{I2E}_{\mathcal {A}, \mathcal {V}_{N,P}}\) \((\textsf{ECert}, n)\) as follows:
-
1.
After receiving the public key \(B\), generate \({\textsf{ECert}}^{{{\,\textrm{R}\,}}}_0\) \([B,\mathbb {E}(G);\sigma ]\) asking an ECDSA signature oracle \(\mathcal {O}^{\textrm{Sign}}_{\mathcal {B}}\) for \(\sigma \).
-
2.
Call ECQV procedure to generate \({\textsf{ICert}}_1[R,\mathbb {E}(G)]\) whose CA is \({\textsf{ECert}}^{{{\,\textrm{R}\,}}}_0\), with a median \(k_1\) and the private key \(d_1\). Noted that the public and private key reconstruction values are \((R,s)\) by a query of Schnorr signature Oracle \(\mathcal {O}^{\textrm{Sign}}_{\mathcal {B}}\) where \(m\) is defined in Appendix 1.
-
3.
Send \(\big (\{{\textsf{ICert}}_1,{\textsf{ECert}}^{{{\,\textrm{R}\,}}}_0\}, d_1\big )\) to \(\mathcal {A}\).
-
4.
Judge \(\mathcal {A}\)’s answer when \(\mathcal {A}\) outputs as \((d', {\textsf{ECert}}_{\mathcal {A}})\).
-
5.
If \(\mathcal {A}\) wins, calculate \({\textsf{ECert}}^{{{\,\textrm{R}\,}}}_0\)’s private key \(d_0 := d_1 - \textrm{Hash}({\textsf{ICert}}_{1}) \cdot d'\), and output \(b:=d_0\).
We state that \(B=b \cdot G\) for correctness, under the premise of \(P_1=Q'\) in \(\mathcal {V}_{N,P}\). We have \( B = Q_1 - \textrm{Hash}({\textsf{ICert}}_1) \cdot P_1 = \big (\textrm{Hash}({\textsf{ICert}}_1) \cdot d' + b\big ) \cdot G - \textrm{Hash}({\textsf{ICert}}_1) \cdot P_1 = b \cdot G \) If \(\mathcal {A}\) successfully constructs the eligible nonroot implicit certificate, \(\mathcal {B}\) is also successful in solving the ECDLP problem with the same probability.
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Teng, Y. et al. (2024). Curveball+: Exploring Curveball-Like Vulnerabilities of Implicit Certificate Validation. In: Tsudik, G., Conti, M., Liang, K., Smaragdakis, G. (eds) Computer Security – ESORICS 2023. ESORICS 2023. Lecture Notes in Computer Science, vol 14345. Springer, Cham. https://doi.org/10.1007/978-3-031-51476-0_11
Download citation
DOI: https://doi.org/10.1007/978-3-031-51476-0_11
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-51475-3
Online ISBN: 978-3-031-51476-0
eBook Packages: Computer ScienceComputer Science (R0)