1

I heard that ASN.1, which is part of browser SSL libraries, introduces the potential risk of compromise our system even if we use no-script. but what is ASN.1 exactly doing? Why do we need to use something like ASN.1 to encode/decode data (such as text or images or binary) for encryption/decryption that put our computer in risk? because SSL is a protocol for encrypting data and sending it over internet.


Comment by user20883: in Wikipedia about ASN.1 says : If we want to transmit this :

myQuestion FooQuestion ::= {
trackingNumber     5,
question           "Anybody there?"

We change it to this :

30 — type tag indicating SEQUENCE
13 — length in octets of value that follows
   02 — type tag indicating INTEGER
   01 — length in octets of value that follows
      05 — value (5)
   16 — type tag indicating IA5String 
        (IA5 means the full 7-bit ISO 646 set, 
        including variants, but is generally US-ASCII)
   0e — length in octets of value that follows
      41 6e 79 62 6f 64 79 20 74 68 65 72 65 3f 
         — value ("Anybody there?")

to make this and send over TCP :

30 13 02 01 05 16 0e 41 6e 79 62 6f 64 79 20 74 68 65 72 65 3f

But I say if we want send that message we can simply use UTF-8 or just binary encoding to encrypt that message instead of changing message to a software !!!

We can simply do this to make message ready for AES encryption :

myQuestion(space character}FooQuestion(space character}::=(space character}trackingNumber(space character}(space character}5,question(space character}(space character}"Anybody there?"

Update: now we have a simple block of dara to encrypt with AES directly and we don't need to make our message as a shell code !!! its just a message we like other messages we encrypt always and there is no need any encoding or exploit ...

user20883
  • 21
  • 1
  • 3
  • 2
    I don't think I understand your question. Your link doesn't seem to support the content of your question. Can you edit the question to clarify what your problem is. Sorting out capitals, grammar and sentences would also be useful. – Rory Alsop Feb 17 '13 at 21:30
  • question edited. its about ASN.1, i asked in recent question even when we use noscript to block everything still is that possible our system compromise by visiting pages and he said yes ANS can make it happen. why we use ANS for AES/RSA encryption? – user20883 Feb 17 '13 at 21:39
  • 2
    It is called ASN.1, not ANS. – Thomas Pornin Feb 17 '13 at 21:40
  • The risks of you writing insecure AES code are much larger than the risks from ASN.1 parsing bugs. – CodesInChaos Feb 28 '13 at 20:50

2 Answers2

8

It is ASN.1. ASN.1 is a generic syntax for describing structured data types, coupled with some encoding rules which tell how such data values are to be encoded as sequence of bytes, and decoded back. X.509 certificates are specified to use ASN.1 with the "DER" encoding rules.

ASN.1 is quite complex, and quite more complex than it should be, because of a long history of committee-driven development. In particular, it includes a lot of distinct character string types for no apparent reasons, and its types to encode dates are remarkably inefficient and hard to handle (and one of them is subject to Y2K issues, currently scheduled for 2050). Faced with this complexity, developers often found attractive the idea of doing specialized decoding "just for certificates", in order to avoid the daunting task of implementing a generic and systematic decoder (in particular, it is possible but inconvenient to implement a full-featured generic ASN.1 decoder in languages such as C which lack automatic memory management, e.g. garbage collectors).

Doing specialized code "by hand", to avoid the overhead of a systematic approach, means that the developer will need to think a lot more about possible issues when presented with "abnormal" data. This is a fertile ground for vulnerabilities (developers are only human, after all) and this is precisely what happened in OpenSSL.

(Other libraries may be impacted as well. I am using OpenSSL as an example because it is very widespread, and also because it is written in C, making consequences of buffer overflows and use-after-free bugs much more dangerous, up to and including arbitrary code execution. In libraries in more controlled languages, which check array boundaries and use a GC, will get less dire effects: a buffer overflow triggers an exception, which is inconvenient but less so than a remote shell for an attacker.)

Tom Leek
  • 170,038
  • 29
  • 342
  • 480
  • we use SSL protocol to encrypt webpages with AES and session key with RSA. i don't understand why we should use ASN.1 in here that make us problems ? AES can't encrypt a page by itself ? and what is session key's relation we encrypt with RSA with ASN.1 ? because a web page is a block of data we can easily encrypt decrypt , there is no need any complex decoding here .. ? – user20883 Feb 17 '13 at 21:53
  • 1
    @user - please read the ASN description Tom linked to. This will help you immensely in understanding what is going on. – Rory Alsop Feb 17 '13 at 21:58
  • 1
    @user20883, ASN.1 is used for encoding the certificate. It doesn't have much to do with the way the rest of the TLS connection works. The main issues with ASN.1 are about implementation bugs regarding the certificate verification (and host name verification). For the rest about SSL/TLS, you should read [this question](http://security.stackexchange.com/q/20803/2435). In short, the usage of ASN.1 is part of the server authentication, which is essential for securing the connection. Using just encryption isn't enough. Btw, the pre master key is encrypted with RSA, not the session keys. – Bruno Mar 15 '13 at 20:14
  • It is also annoying that OpenSSL adds some nested ASN.1 headers where real ASN.1 libraries do not which makes the certs look strange (or fail) when using certain actual ASN.1 libraries to read them. That said, the subset of ASN.1 functionality that OpenSSL actually uses is fairly straightforward and comprises a teeny tiny fraction of the actual standard (that said, the only part of ASN.1 that I've ever seen any project actually use is the 10% that make it a well-typed, compact, safe serialization format). The protocol bits are madness, and generally go unused. – zxq9 Jun 25 '15 at 12:58
1

So, from your updated question, it looks like you are asking:

Why would I use the existing encoding structure when I can design my own?

The simple answer is that despite ASN.1 having some issues, as @Tom pointed out, it is still going to be much better than designing your own, unless you really know what you are doing, as you are more than likely to implement vulnerabilities when designing your own code.

Rory Alsop
  • 61,474
  • 12
  • 117
  • 321
  • no i don't want design my own encoding. why should i use any encoding scheme ?! when you want use an AES tool to encrypt some data (such as text and images) why should we convert data into a software that make problem for us ? Why not encrypting and decrypting the data directly ? because on that example i said there was some text characters some space (space is a character as well). we just encrypt that message directly and don't use any thing else for nothing. Why not ? – user20883 Feb 18 '13 at 11:25
  • 1
    Like I said before - you really do need to read and understand the ASN.1 article Tom linked to. Encoding is **not** encryption! You are not converting data into software. What you have described **is** an encoding mechanism. – Rory Alsop Feb 18 '13 at 12:53
  • the point of an encoding scheme is to accurately and distinctively encode ideas as a string of bits. Computers only handle bits, humans think in more abstract terms and we need some defined way of mapping between our human ideas and computer bits. Ascii is an encoding scheme, so is utf-8, xml, csv or ASN.1. Some are bad, some are good, all have strengths and weaknesses. The question "why should I use any encoding scheme" really doesn't make any sense, you cannot represent anything as a string of bits without an encoding scheme. – Rolf Rander Feb 28 '13 at 23:03