New NSA docs about VPNs

[dwright 25]

The following slides were published by The Intercept about exploiting VPN and VoIP protocols:

 

https://www.documentcloud.org/documents/1076868-vpn-and-voip-exploitation-with-hammerchant-and.html#document/p1

 

I cannot understand them well. Can anyone here infer whether the OpenVPN protocol as implemented by Air (or in any form) may be vulnerable?

[Staff 9971]

Hello!

 

The short answer is no, because according to the document the exploit, in order to succeed to decrypt Data Channel of the VPN users, needs old IKE (as it is in IPsec basic implementation), or at least a VPN which implements a static key which is also used as the key to encrypt the Data Channel (without PFS). While these conditions can be met by several VPN services for consumers or even companies VPNs around the world, it's not our case.

 

It's even easier in case of VoIP based on H.323, according to a comment to an article here https://www.schneier.com/blog/archives/2014/03/how_the_nsa_exp.html#comments :

 

H.323 traffic can easily be decrypted when you act as a man-in-the-middle as the HAMMERSTEIN component does on page 4 of the slides. Its because virtually all vendors skip the (TLS) encryption of the signaling channel and the Diffie-Helmann keys are unprotected.

See my analysis of H.323 encryption on http://www.gnugk.org/h323-encryption.html

 

To say the same with different words, according to the document it seems that the attack can hope to succeed only if non ephemeral key exchange is employed by the VPN, which is not the case for a correctly configured OpenVPN system.

 

However we are looking forward to more analysis from security teams around the world, there are some vague steps in the document which need to be explained/interpreted.

 

Kind regards