Appropriate Encryption

24 March 2011
I've recently been plowing my way through Crypto, by Steven Levy. Crypto follows the exploits, trials, and tribulations of the researchers, academics, and industry professionals who pioneered the field of cryptography outside of the the government. Although light on the specific mathematical implementations of cryptographic formulas the book is a fascinating overview of the history and development of modern cryptographic standards and protocols used in computer science. I recently finished Kingpin by Kevin Poulson. Kingpin is an examination of the exploits of Max Vision, a one time white hat security researcher turned criminal hacker and carder. The book is an exciting narrative that follows Max's entry into and exploits within the criminal underground. The book is a fascinating look into the underground economy that underpins much of the malicious activity on the internet. The two books carry an interesting parallel - the development and use of cryptography. In Kingpin, two of the main characters use whole disk encryption technology, in one case to foil law enforcement, and in another ineffectively. There were several interesting lessons I took away from the two incidents. In the first of the book, a foreign carder is vacationing in Dubai and law enforcement gets authorization for a "sneak and peek," meaning they get permission to enter the carder's hotel room and go through his things. Unfortunately for law enforcement the carder was using whole disk encryption on his laptop and the authorities failed to retrieve any incriminating evidence. In the second case, Max Vision himself was using whole disk encryption on his hard disks at the time of his arrest. Unfortunately for Max, the authorities captured him and found his machines still powered on. When whole disk encryption is utilized it only protects data when it is "at rest" and not being actively used by the machine. Also, many whole disk encryption tools store the password used to encrypt and decrypt data in system memory, and if a computer can be accessed while the power is on and the whole disk encryption tool is in use, experts can copy the active memory and search through it for the passwords. This is what happened to Max, and his disk encryption was quickly defeated once the authorities had his pass phrase. It was also notable that in both cases the disk encryption was not the popular PGP whole disk encryption, but an Israeli developed piece of software. There has long been suspicion that government agencies possess ways to backdoor, or gain access, to whole disk encryption by working with the software manufacturers. It is conceivable that by using a software product produced outside of the US that one could avoid this risk. This suspicion, Levy shows in Crypto, goes back to the 1970's during the development of DES, the Digital Encryption Standard, at which time the NSA was suspected of introducing a backdoor to DES in the form of mysterious S-boxes (which were in fact designed to defeat differential cryptoanalysis and weren't backdoors). Examining the two stories in Kingpin demonstrates the fundamental power, and weakness, of encryption. It also shows that like computer defense, to be effective encryption has to be used properly 100% of the time. If you slip up just once, you may defeat all prior and future attempts to use cryptography effectively. The stories clearly demonstrate the fundamental weakness of all encryption - that somewhere there must be a key to unlock secrets. If an organization, be it law enforcement, government agencies, or snoops, can get a hold of the secret keys then encryption fails. If a user of encryption is subjected to torture they may reveal passwords used to break encryption. Similarly, the input of a password into a computer can expose the key. Adversaries with resources to surreptitiously access a machine and install a hardware keylogger, sniff bluetooth communication with a wireless keyboard, or simply to trick a user, can defeat encryption. There is very little an individual can do in the face of such an adversary. I have heard of some pretty creative ways to attempt this (such as in Little Brother by Cory Doctorow where the hero uses a laptop that he constructed, which has very tight hardware tolerances and very little spare space so that he notices a change in the machine's appearance when a hardware keystroke logger is installed), but ultimately all would be defeated by an adversary with sufficient resources, such as a law enforcement agency. One might conclude that there is no use for encryption given this situation. On the contrary, however, each news day brings more evidence of very effective, and appropriate, circumstances in which to use encryption. Take, for example, the recent computer intrusion of HBGary Federal where e-mail of company employees was stolen and published online. If that e-mail had been encrypted (for instance, using a scheme where after the e-mail was received it was encrypted using the recipient's public key so that it remained encrypted on the mail server, but was rendered in plain text by the user's mail client) the theft would have been fairly innocuous. Sure e-mail headers might be exposed, but the fiasco that resulted from news reporters reading details of negotiations between HBGary Federal and government agencies, would not have ensued. In conclusion, encryption is an invaluable tool for specific purposes, from secure web shopping to SSH access to remote servers. It can be used to protect sensitive data but is subject to certain limitations. Recognizing these limitations is critical to determining appropriate encryption strategies. If data needs to be protected from adversaries with resources to coerce or intimidate secret holders, to seize hardware, or to gain surreptitious physical access then a very measured and considered approach needs to be taken, recognizing that mainstream encryption solutions might not actually prove useful in thwarting such an attacker.