openPR Logo
Press release

Logjam Attack: No Risk for ViPNet VPN Encryption

08-18-2015 12:11 PM CET | IT, New Media & Software

Press release from: Infotecs GmbH

Berlin, June 8, 2015 – Thousands of mail, web, SSH, and VPN servers are vulnerable to a new attack (called Logjam) that affects Diffie-Hellman key exchange. The Internet key exchange (IKE) protocol that uses the Diffie-Hellman algorithm is widely implemented in data encryption (for example, by SSL/TLS). ViPNet technology by Infotecs is essentially resistant to man-in-the-middle attacks. ViPNet does not use the IKE, because secure ViPNet communication does not require exchanging keys over the Internet.

On May 20, 2015, a team of several security researchers from US announced a weakness in Diffie-Hellman key exchange exploited by so-called “Logjam attack”. The weakness is caused by a fault in TLS protocol that is used for HTTP, SSH, and VPN connection encryption. It can be exploited by man-in-the-middle attacks (MITM). Cyber criminals can monitor or even manipulate the data traffic between two or more communication parties. The actual weakness is in the TLS handshake procedure, during which the attacker offers insecure export key exchange instead of the normal Diffie-Hellman key exchange. In response the server continues exchanging insecure but valid 512-bit key. According to the security researches, since cyber criminals have precalculated discrete logarithms, an attack can happen within minutes [1] [2] [3].

Generally, the Logjam attack puts at risk all encryption methods that use Diffie-Hellman algorithm and key exchange over the Internet (IKE). As already mentioned, these include the TLS protocol and its predecessor SSL that are widely used for SSH, mail, web, and VPN connection encryption.

The ViPNet VPN encryption solution by Infotecs is not affected by the Logjam attack. ViPNet does not require exchanging keys using Diffie-Hellman algorithm. All initial keys will be distributed and installed on the clients once and immediately during their deployment. As a result, all clients have the relevant keys before the connection between them can be established. Thus, the clients do not need to exchange keys once again right before the data exchange with each other. ViPNet VPN uses symmetric key management that is considered to be highly secure and is used by the military. MITM attacks against ViPNet technology are essentially impossible. Cyber criminals cannot exploit key exchange over the Internet, because it is not used to provide secure communication.

Furthermore, every IP packet in a ViPNet network is encrypted using a derivative of a key. Even if an attacker intercepts and analyses an IP packet, it will be completely ineffective, because any other IP packet is encrypted using another key.

You can download a trial version of ViPNet VPN security solution (allows you to create 2 coordinators and 10 clients) at www.infotecs.biz/download/.

Further information
[1] Background information about Logjam attack from WeakDH.org (Logjam discoverers, group of computer scientists), 20.05.2015
https://weakdh.org/
[2] „Logjam security flaw leaves top HTTPS websites, mail servers vulnerable“, ZDNet.com, 20.05.2015
http://www.zdnet.com/article/logjam-security-flaw-leaves-tens-of-thousands-of-https-websites-vulnerable/
[3] „Logjam-Angriff: Schwäche im TLS-Verfahren gefährdet Zehntausende Webseiten“, Golem.de, 20.05.2015
http://www.golem.de/news/logjam-angriff-schwaeche-im-tls-verfahren-gefaehrdet-zehtausende-webseiten-1505-114161.html

About Infotecs
Infotecs has provided advanced network communications, information security software and hardware solutions since 1991. A pioneer of software-based VPN solutions, Infotecs developed its next generation ViPNet technology to deliver greater security, flexibility, and throughput than IPSec and other standard-based VPN products. ViPNet is the only VPN solution that supports true end-to-end, client-to-client security, and is unique in offering secure peer-to-peer communications. More than 1,000,000 clients, offices, and servers have been securely connected with ViPNet products backed up by an unparalleled world-class support, development, and technical team. Our solutions are designed to solve the toughest security challenges by providing superior protection that is flexible and effective. Additional information on the company is available at visit: www.infotecs.biz.

Contact
Infotecs GmbH
Anja Mueller
Marketing & Communications
Oberwallstr. 24
10117 Berlin, Germany
Phone: +49 30 206 43 66-52
Fax: +49 30 206 43 66-66
anja.mueller@infotecs.biz

Twitter: twitter.com/InfotecsEnglish
Facebook: www.facebook.com/pages/Infotecs-Gmbh_english/400720220013566

This release was published on openPR.

Permanent link to this press release:

Copy
Please set a link in the press area of your homepage to this press release on openPR. openPR disclaims liability for any content contained in this release.

You can edit or delete your press release Logjam Attack: No Risk for ViPNet VPN Encryption here

News-ID: 311123 • Views:

More Releases from Infotecs GmbH

Infosecurity Europe: Security Solutions for IIoT (Industrial Internet of Things) …
Infotecs, the international cybersecurity and threat intelligence provider, announced today that it is participating in Infosecurity Europe on 04.06-06.06.2019 in London with www.lech-tec.de. The companies are presenting solutions for encrypting video from drones via a mobile data network and for secure access to industrial systems. Drones are increasingly used in areas, such as agriculture, industry, and security & surveillance systems to inspect damage, transport packages or monitor specific locations. Video observation
Hannover Messe 2019 Overview: Secure Remote Predictive/Preventive Maintenance Ac …
Berlin, April 25, 2019 – Infotecs, the cybersecurity and threat intelligence expert, has been presenting its ViPNet Coordinator for MICA security solution from April 01 to April 05, 2019 at the HANNOVER MESSE fair. Production facilities and industrial infrastructures are among common targets of cyberattacks. That's why these sensible systems need to be protected against cybercriminals. Many critical infrastructures include industrial process control and automation systems, which are particularly hard to
ViPNet Technology Progresses to the Evaluation Stage of Germany’s BSI Certific …
Berlin, June 28, 2018 – Having already successfully achieved FIPS Certification in the US, the ViPNet encryption technology, developed by Infotecs, the international cyber security and threat intelligence provider, has now progressed to the evaluation stage of the certification process of the German Federal Office for Information Security (BSI). ViPNet Crypto Core, the module being certified, is the main encryption component for protecting communications and a core element of the
Infotecs At The Forefront Of Quantum Cryptography
Infotecs, an internationally known IT security and threat intelligence provider, is developing quantum encryption technology to exchange encryption keys at very high data volumes. Quantum computing has the potential to revolutionize modern computing by attaining computing speeds previously thought impossible. However, computing that is significantly faster would also make it easy to break many of today’s encryption techniques. One reason for this is that if encryption keys are used too frequently,

All 4 Releases


More Releases for ViPNet

ViPNet Technology Progresses to the Evaluation Stage of Germany’s BSI Certific …
Berlin, June 28, 2018 – Having already successfully achieved FIPS Certification in the US, the ViPNet encryption technology, developed by Infotecs, the international cyber security and threat intelligence provider, has now progressed to the evaluation stage of the certification process of the German Federal Office for Information Security (BSI). ViPNet Crypto Core, the module being certified, is the main encryption component for protecting communications and a core element of the
The ViPNet Mobile Security Suite is now available in Google Play
Berlin, September 14, 2016 – Infotecs, a leading international Cyber Security and Threat Intelligence Platform provider, announced that the mobile applications ViPNet Client for Android and ViPNet Connect – the two main components of the secure mobile solution ViPNet Mobile Security Suite – are now available in Google Play, Google's official store and portal for Android apps. ViPNet Client for Android protects corporate workers with Android-based mobile devices from
Mobile Security: Official Version of ViPNet Client for Android Released
Berlin, October 29, 2015 – Infotecs, the international provider of IT security solutions, released the official version of ViPNet Client for Android. This mobile application is a part of the ViPNet Mobile Security solution and provides protection for sensitive business communication on Android-based mobile devices. Starting from November 2015, the ViPNet Client for Android app will be available on Google Play. Business communication with mobile devices is now broadly used by
ViPNet VPN as the Encryption Solution for IP Video Surveillance
• Distribution contract between BKVideo and Infotecs • BKVideo is known as an experienced system house in the area of video technology • BKVideo is now an authorized reseller of the ViPNet VPN solution developed by Infotecs Berlin, Germany, January 20, 2014 – Infotecs GmbH, a global provider of IT-security solutions, announced that it has signed a distribution contract with BKVideo, the video technology distributor. BKVideo has added the ViPNet VPN encryption solution
ViPNet OFFICE 4.0 Becomes ViPNet VPN 4.2 – Renaming and Upgrade of the Encrypt …
• Name change of the IT security solution • Upgrade to version 4.2 • Better usability for the administrators and end-users • Available for certain Samsung devices Berlin, January 03, 2014 – With the new version 4.2 of the certified IT security solution, ViPNet VPN, the internationally active high-security specialist, Infotecs GmbH, announces numerous improvements in terms of user-friendliness. In addition, the encryption solution appears under the new name, ViPNet VPN, effective immediately. The new version 4.2 of
Create secure passwords with ViPNet Password Generator
Berlin, 2013-12-03 – Infotecs, the international High Security expert, introduces ViPNet Password Generator designed for generating random passwords based on passphrases and random numeric passwords. A system is as secure as its weakest link. Quite often, this weakest link is password authentication. There are numerous recommendations regarding the length, content, and lifetime of passwords. Such recommendations are intended for use in the password policies development. Ideally, users should create their own