Encryption Could Make You More Vulnerable

narramissic writes "It sounds like a headline straight out of The Onion, but security researchers from IBM Internet Security Systems, Juniper, nCipher and elsewhere are warning that the use of data encryption could make organizations vulnerable to new risks and threats. There is potential for 'A new class of DoS attack,' says Richard Moulds, nCipher's product strategy EVP. 'If you can go in and revoke a key and then demand a ransom, it's a fantastic way of attacking a business.'"

It's not so much 'more vulnerable'

[KublaiKhan (522918)]

I'd call it 'differently vulnerable' rather than 'more vulnerable'--all things come with inherent risks, and the risks of any particular action must be weighed against the rewards thereof.

Encryption is necessary for many businesses, and if such attacks are truly a worry, they should be addressed in the same manner as any other risk.

Re:It's not so much 'more vulnerable'

[AndGodSed (968378)]

Yes, but splashing "MORE VULNERABLE" on a headline preys better on the fears of the uninformed than "DIFFERENTLY VULNERABLE"

We all know headlines exist solely to generate traffic...

Re:

[Megaweapon (25185)]

We all know headlines exist solely to generate traffic...

And Slashdot isn't helping any by front-paging people from these magazine sites to submit their own content, complete with misleading headlines and writeups.

Re:

[mjpaci (33725)]

If this were an Apple story, would it be "Different Vulnerable"?

Just a q.

--mike

Re:

[gwern (1017754)]

No, for an Apple story you just know someone would try to make an 'iVulerable' joke.

Re:

[sm62704 (957197)]

Not actually having RTFM (What?) but I don't see how this makes you vulnerable at all. You have your data backed up, right? Offsite and secure? How is having your hard drive unencryptable any different than a head crash or a building fire?

And as to encrypted email, you can always send it again.

Making people fear encryption because of this verges on sociopathic. BTW, BACK UPI YOUR DATA DAMMIT

-mcgrew (not the security guy)

Re:

[DdJ (10790)]

I'd call it 'differently vulnerable' rather than 'more vulnerable'--all things come with inherent risks, and the risks of any particular action must be weighed against the rewards thereof.

Yeup, it's almost exactly analogous to using locks in the real world. If your car does not use locks, someone can steal it. If your car does use locks, someone can steal your keys, and deny you access to your own car. Most people use keys anyway.

I agree, but...

[an.echte.trilingue (1063180)]

I agree, but I would go so far as to say you are less vulnerable with encryption.

The highest level of attack that the article mentions is DOS by which attackers steal your keys and ransom them back to you. Indeed, this would be a bad day for the IT department and the affected departments of the company could lose days or even a week of productivity, which is damaging indeed.

Compare this to the risks of not running encryption. A similarly motivated and skilled attacker as discussed above could easily

To sum up:

[Actually, I do RTFA (1058596)]

The threats discussed are:

1. Losing keys/passwords
2. Missing business opportunities because of the difficulty of sharing data internally (or presumably with third-parties
3. Hackers stealing your keys, deleting them, and ransoming them back to you
4. Hackers performing DOS on your authentication key-serving server./li

Re:To sum up:

[rasputin465 (1032646)]

So it's agreed then. We'll drop ssh and use telnet from now on.

Mission option for every security discussion

[wsanders (114993)]

5) Buy our stuff!

Really, I've never seen a setup where stealing ONE (or a few) keys could result in a situation where a whole enterprise gets shut down for ransom.

More likely, consider the situation where only two guys have the password to the domain name registrar's account, they get laid off, and a year later some one realizes the company domain expires in two days. Before anyone figures out how to renew it, it's in the hands of a pr0n site. There's your missing/lost key scenario, happens all the time.

Re:Mission option for every security discussion

[grassy_knoll (412409)]

More likely, consider the situation where only two guys have the password to the domain name registrar's account, they get laid off, and a year later some one realizes the company domain expires in two days. Before anyone figures out how to renew it, it's in the hands of a pr0n site. There's your missing/lost key scenario, happens all the time.

Still trying to explain that web site you "accidentally" visited, eh?

[badum-ching]

Re:

[megaditto (982598)]

If you got nothing to hide, you got nothing to fear.

And yes, I never lock my house or my car, and I have yet to have one thing stolen from me in all these years.

Remember, people who really want to get at your stuff will do so no matter how smart you think your security is. Locks are just for keeping honest people away.

Wrong

[Nursie (632944)]

They're also for keeping opportunists away. And making sure your car alarm, immobiliser etc spring into action when they're circumvented.

Re:

[Intron (870560)]

If I lived in South Africa I would have bigger things to worry about. Like figuring out a 15,000 mile commute.

revoke isn't that big

[X0563511 (793323)]

Revoking a key isn't going to harm a company. They can just issue a new key.

A revoked key can usually still be used without limitations, however a revoked key should not be trusted and should be considered exposed.

Re:

[0xygen (595606)]

I believe they are referring to keys in situations where the keys are used to encrypt / decrypt business critical data, rather than say SSL certificates.

Re:

[badfish99 (826052)]

It would still not be sufficient for the attacker to revoke the key: in order to make the data inaccessible, the attacker would have to delete the key (including deleting it from all the places where it is backed up).

Still, if you're worried, the simple solution is to buy a security product from one of the commercial sponsors of this report. Then, when you lose your key, you will be able to pay a hacker some money to recover your data using the back-door that the NSA forced them to incorporate into their pr

Re:revoke isn't that big

[Zeinfeld (263942)]

Its storage encryption keys they are talking about and nCipher makes a key management product.

This is hardly a new issue, its been a significant concern for at least a decade. One of the problems with dealling with it was that for many years the mere mention of Key Escrow had people screaming about black helicopters.

Key escrow is neither necessary nor desirable for communications security. You use session keys, preferably with a round of Diffie Hellman to provide perfect forward secrecy and protect against kelptographic attacks. But for storage encryption it is all a matter of how you keep the keys safe.

It isn't that difficult to do, you simply make sure that keys are backed up in multiple places and are governed by separation of duties and multi-party control. The VeriSign Certification Practices Statement provides a complete primer in how to do this properly.

mod parent up!

[bazorg (911295)]

+1 Cromulent!

Re:

[plover (150551)]

Revoking a key isn't going to harm a company. They can just issue a new key.

A revoked key can usually still be used without limitations, however a revoked key should not be trusted and should be considered exposed.

But how exactly would an attacker revoke a key in the first place? CRLs are supposed to be signed by the CA who issued the certificates in the first place. Are they suggesting that it's somehow easy to hack a certificate authority to revoke these keys? We're talking about a worse-than-usele

Hmm

[moogied (1175879)]

This sounds more like a problem in the encryption SYSTEM. Its kind of like saying "Encryption makes you weaker because your more likely to use passwords. Which can be brute forced!"

Re:Hmm

[DarkOx (621550)]

Yes but if encryption leads people to keep records they would not have kept or destroyed otherwise it could pose a risk if its eventually cracked.

Its like Mom always said; never write something down without expecting someone else to eventually read it. If its dangerous or hurtful information it should be destroyed. If its really important keep it in the only place its really safe your head.

Business are keeping more and more customer information. Information is leaked all the time stored encrypted or not. Encryption is likely to give an often false impression of security. People may think they are safely storing facts that will only be available to them and their organization and customers might end up really unhappy if they discover they were wrong about that some time.

Re:

[somersault (912633)]

"and what is thing that was plugged in between the keyboard and my computer?"

Beats the alternative

[192939495969798999 (58312)]

"If you can go in and revoke a key for ransom..."

that sounds a bit better than going in and just taking whatever is valuable wholesale with nothing to stop you such as... encryption?

Re:

[somersault (912633)]

"Hello. We are in your datacentre. Pay us 1 million dollars to or we will delete all of your encryption keys. Oh, and can you tell me your administrator password too, please?"

Re:

[somersault (912633)]

that was meant to say "to [insert account number here]". Stupid HTML strippers always spoiling the party.

Just another story of...

[ZonkerWilliam (953437)]

FUD, seriously a revoked certificate is just one thing, ya it can be a nuisance but a company just needs to re-issue the certificate. All stories like this is give reason to be afraid and get companies to go out and buy more stuff secure their data and in the end really not do a thing.

Revoking a key may be a red herring

[davidwr (791652)]

Traditionally, you store the data in one place and the key in another. You may even encrypt the key with a smaller key, called a password, that is stored in someone's head.

If someone tricks the key-checking mechanism into thinking a key is revoked, that's not a huge problem: All a revoked key means is that you may not be able to TRUST the key or the data it protects anymore. It doesn't mean you can't get at the data.

This is no worse than if a burglar broke into the building storing your paper forms. You can no longer automatically trust that those forms weren't tampered with. You have to either re-authenticate each of them or accept the fact that they may have been altered.

Other way to protect data: Split the data

[davidwr (791652)]

A friend taught me this years ago:

Say you have a secret. Divide the secret into 3 parts and find 3 people to hold the key. Each person holds 2 parts of the key. If any one person is unavailable, the key can still be used, but no one person can use the key alone.

This same system can work with larger numbers too. My friend used a "3 of 5" approach, which required 3 people out of 5 to use the key.

In a way, this is like RAID-5 but more general.

You can apply this to keys, to the raw unencrypted data, or to encrypted data, depending on your security needs.

Re:

[msuarezalvarez (667058)]

You can do much, much better than that: your system is not resilient to having one of the 3 parties providing wrong information intentionally, for example.

Distributed secret algorithms is a very well studied area of cryptography.

Re:

[Surt (22457)]

I'm unclear on how what you say is true. It would seem that after failing the password check with your first two people, you would switch, and if you fail again, switch once more, and then you should succeed. Such a system should be completely resilient to ANY failure of one person, whether physical or moral.

revoke isn't that new

[starfishsystems (834319)]

What's all this about "new risks and threats"? There's nothing remotely new here.

False certificate revocation is an obvious point of attack on certificate infrastructure, and has been ever since CRLs were proposed. Loss of encryption key is a new risk? Yes, to researchers who have been asleep since, oh, 1466 when Leon Battista Alberti developed key crypto.

It's not that we shouldn't pay attention to these risks and incorporate them into our security metrics. Of course we should. But it's not news.

So the point is?

[a-zarkon! (1030790)]

If you're implementing an encryption solution and don't understand the potential impacts, you probably shouldn't be implementing encryption. Encryption is great and necessary, but in the case of things like file encryption introduces another layer of complexity and point of failure into your system. Now instead of worrying about just an unrestorable backup of the data - you need to have a restorable backup AND a key recovery/additional decryption key/key escrow solution.... And for what it's worth, I'm a

Game over ...

[Sepiraph (1162995)]

If your attacker can get a hold of your key and alter it, your system is already compromised... thus it is incorrect to claim that encryption can lead to MORE vulnerability because without it you are as good as dead.

There is always a risk

[Z00L00K (682162)]

of some kind of attack regardless of your actions.

Encryption is making things harder for those that want to penetrate your business, but use it with care. Too much will do more harm than benefit. Set up boundaries in your systems and encrypt the communication. That's the reasonable way to do things.

Encryption of hard disks may be useful on laptops, but is relatively useless on stationary computers and servers, and will probably only add to the performance overhead. Just be sure that all hard disks are erased before the computers are retired and you have been saving yourself a lot of trouble.

If someone stores data encrypted anyway and the key is lost - well - tough luck unless you have a good policy where backup keys are stored in a safe place.

Only a few businesses will benefit from extreme levels of encryption, and those are mostly working in the military area. In these cases it may be better to just call it a day and consider all data where the key is missing or manhandled as compromised.

Users are always the weakest link

[Psmylie (169236)]

Where I work, we have a policy to have encryption on every laptop. It has to be minimum of 8 characters and include a mix of capital and lower case, a number and one special character. Compared to every other password requirement we have, that's relatively strong.

The problem comes in when people can't remember the encryption password. Either they lock themselves out of the laptop or they do something brilliant like write the password on a post-it and tape it to the laptop case.

No matter what strategy you have, your own customers will find a way to mess it up.

Re:

[tppublic (899574)]

No matter what strategy you have, your own customers will find a way to mess it up.

Then it is your job to either educate those users or to architect the system in such a way that those weaknesses are designed out of the system. The problem is not in the users, it is in the security guidelines you are issuing and your expectations of adherence to those guidelines.

Often, to respond to requirements like those you mention, we use things like: 1qAz@wSx

followed by 3eDc$rFv ... when the first one expires af

Re:

[Psmylie (169236)]

Yeah, we can get them back in. Not while they're traveling, though. They're kinda out of luck until they get back into the office.

People not remembering their encryption password is by far the lesser of two evils, though. I'd rather have the data be totally inaccessible than be accessed by the wrong people.

Not new or groundbreaking

[pedrop357 (681672)]

This is like saying that using locks on your car can leave you vulnerable. Sure, they keep casual thieves out and the newer systems keep go a long way towards preventing someone from hotwiring your car.

BUT, a mischevious person could put epoxy in all the keyholes, essentially revoking your keys and causing a denial-of-service.

Which is better, a small risk of being locked out of your data/car, or the larger risk of theft and/or misuse of your data/car due to lack of security?

Re:

[russotto (537200)]

With a car, if I lose my keys or someone gums up the locks, the key can be recovered or the locks fixed for a modest cost. If the keys to strongly encrypted data are lost, the data may as well be gone.

Which means that sometimes it makes a lot of sense not to encrypt. People lose and forget passwords all the time. Even if you have a system for managing the keys, it can still be screwed up accidentally or deliberately. Much of the time, keeping the data intact is more important than keeping it secure. Co

I don't see the problem.

[jd (1658)]

First, if the revocation process is insecure and unauthenticated, then don't blame the encryption. Security is holistic and is no better than the weakest link. This isn't unique to encryption. In fact, because revocation is merely altering a user's perception of trust, it can be regarded as nothing more than a social engineering attack. Those are old-hat.

Secondly, there are all sorts of potential problems with encryption: how vulnerable is the PRNG used to generate the key or key pair? Can an attacker exhaust CPU resources by forcing many expensive operations? Are people protecting their private keyrings correctly? Are command-line encryption programs exposing the encryption key on the command line? Since a virtual machine manager or hypervisor can see into a virtualized machine and therefore see the internal mechanics of encryption, are VMMs at the point where they can be used in a secure environment?

I'd consider any of these to be much more serious than a corp-to-corp key management problem which, ultimately, reduces to policy decisions on how to manage keys.

By encrypting streams

[WindBourne (631190)]

you provide a way to signal to somebody that you have something to hide. If you are an entity that is scanning all traffic, and have to decide what to look at as well as store, then the place to look is where somebody thinks that they are hidden, but where you have the ability to decrypt it. The current way to hide successfully, is to bury the stream via steganography i.e. in plain site, but with LOADS of crap.

Keeping doors unlocked is better?

[a1ok (250188)]

Whenever I leave my apartment, I'm always worried about losing my house keys and getting locked out. So I guess I should just never lock the door, since that makes me vulnerable to a DoS (can't get in) if I misplace my keys? Of course, this is a bad analogy as door locks aren't very secure; anyway this definition of 'vulnerability' is a bit strange :)
Considering this warning comes from a bunch of security companies, maybe this is some new trend of disclaimers, like anti-virus vendors warning that their product can only reduce but not eliminate attacks - in case a customer is stupid and tries to blame the encryption vendor for losing their keys, they can say 'I told you so' and point to these articles :D

Let's extend this to other common security devices

[dschl (57168)]

The use of door locks and deadbolts could make organizations vulnerable to new risks and threats, a panel of security experts warned Monday.

Many organizations are locking their doors to relieve concerns over material theft or loss - for example, U.S. break and enter statutes do not apply to unlocked doors.

However, experts from IBM Internet Security Systems, Juniper, nCipher and elsewhere said that locking doors also brings new risks, in particular via attacks - deliberate or accidental - on the key management infrastructure.

The change comes particularly with the shift from leaving doors open, as was common in the 1800's, to locking doors and securing buildings with perimeter fences - often in response to regulatory demands - said Richard Moulds, nCipher's product strategy EVP.

"Lot of organizations are new to door locks," he added. "Their only exposure to it has been with padlocks on remote sites, but that's something very few staff have to deal with, and infrequently. When you shift to locking your entire building, right down to the individual executive offices, if you lose the key you trash your access - it's a self-inflicted denial-of-service attack.

"Organizations experienced with door locks are standing back and saying this is potentially a nightmare. It is potentially bringing your business to a grinding halt."

Locking doors is also as big an interest for the bad guys as the good guys, warned Anton Grashion, European security strategist for Juniper. "As soon as you let the cat out of the bag, they'll be using it too," he said. "For example, it looks like a great opportunity to start attacking key infrastructures, as a little bit of epoxy in the keyhole, and whammo, your building is inaccessible."

"It's a new class of DoS attack," agreed Moulds. "If you can go in and damage a lock and then demand a 'protection money' so that it doesn't happen again, it's a fantastic way of attacking a business."

Another risk is that over-zealous use of door locking will damage an organization's ability to legitimately share and use critical business facilities, noted Joshua Corman, principal security strategist for IBM ISS.

"One fear I have is that we're all going to hide and lock up all of our assets such as pens, paper and coffee makers, but companies are asset-driven, so we take tactical decision and stifle ability to collaborate," he said.

"Sometimes, the result of implementing security technology is actually a net increase in risk," added Richard Reiner, chief security and technology officer at Telus Security Solutions.

"Revoked" key doesn't equal "Destroyed" key

[tcampb01 (101714)]

I'm not sure what point they're trying to make in the article other than churn up some FUD. If I encrypt a file on my computer with a password or key and then lose my key, I cannot easily decrypt that file. So poor management of my key could make me vulnerable to loss of data -- but that's not the same level of risk as theft of data (which may be worse than losing it.)

As several others have pointed out, a 'revoked' key in no way keeps you from getting at your data. In the same way that a bank can 'revoke' a credit card, the actual card itself doesn't disappear... it's just not trusted to do anything. Unlike the credit card system, most any security software that checks key revocation lists can easily be told to ignore the fact that the key is revoked. The bits needed to perform the encryption or decryption still exist -- you just get a warning that someone says you should not trust it... but that's not the same thing as saying you can not trust it.

What that really means is you just need a good key management scheme. Whereas most people would just use a single private key, in a corporate environment you've got the problem of project-related work that might be encrypted by an employee still belongs to the company. If an employee quits, is terminated, gets run over by the beer truck, etc. etc. then the company would like to have a way to get the data that they rightfully own. This is what "key escrow" systems are for. But escrowed keys would ideally be kept in a very safe place. Of course the fact that an escrowed key exists at all allows the individual to repudiate the contents of the encrypted file -- someone else could have altered it. The solution to that conundrum is to create a "signing" key which does not encrypt and which is not escrowed, and an encryption key which is not used for signing, but which is escrowed.

So back to the FUD... I suppose all these companies have an interest in creating the fear, getting the average IT person to decide to look into it, realize what they're missing, then realize that they probably need to hire a professional security business to help build a proper key distribution and escrow system.

ADK

[Aram Fingal (576822)]

This is part of the reason for the Additional Decryption Key (ADK) functionality of PGP. Individual users within the organization can encrypt and decrypt with their own keys but there is always the additional key for backup, in the possession of the organization, to decrypt data in case users' keys are lost. I don't see how someone stealing keys is likely to cause much of a DoS situation when an organization is using ADK.

Also, someone correct me if I'm wrong but I think revoking a key only affects future uses of the key for creating valid digital signatures. You can still decrypt data without a problem. Someone coming in and revoking keys on you is only a DoS attack in the sense that you need to take the time to issue new keys and fix whatever security breach allowed the attacker access to the old keys.

Huh?

[thethibs (882667)]

TFA is so much bafflegab, there's no place to get a hold of it.

Revoking a certificate would result in some inconvenience, but it couldn't provide the means to hold anything for ransom.

In a corporate environment, an encrypted file on a laptop is almost certainly duplicated somewhere—usually in clear on a server. And if I just created or modified a file and haven't yet backed it up, I had to use the password to do it, so I'm unlikely to forget it over lunch.

Add to that the fact that all the mainstream encryption products come with key management systems to help avoid even that small risk, TFA suggests that either the "experts" aren't really experts or the reporter didn't understand them.

Re:

[somersault (912633)]

I think it would be more likely that Bush would be taking up one in that case.

Re:Encrypting Data, not communications

[rampant poodle (258173)]

TrueCrypt can protect you in both of these scenarios. After setting up the encrypted volume:

1. Set an administrative passphrase/key.
2. Make volume header backup. (Must be stored/protected as you would a safe combination.)
3. Have end user set personal passphrase. (Creates a new volume header)

If the user passphrase is lost or stolen the volume can be recovered by restoring the "admin" volume header. No ransom payment to bad guys required. (Applying clue stick to user is optional.)

This does add the potential risk of someone stealing the "admin" header backups. Storing the headers in a locked container in the company safe or an off-site bank vault will bring this risk down to reasonable levels. (Storing them on a CD on someone's desk will not!)