Forgot your password?
typodupeerror
Security Encryption IT

Encryption Could Make You More Vulnerable 126

Posted by CmdrTaco
from the also-condoms-give-you-aids dept.
narramissic writes "It sounds like a headline straight out of The Onion, but security researchers from IBM Internet Security Systems, Juniper, nCipher and elsewhere are warning that the use of data encryption could make organizations vulnerable to new risks and threats. There is potential for 'A new class of DoS attack,' says Richard Moulds, nCipher's product strategy EVP. 'If you can go in and revoke a key and then demand a ransom, it's a fantastic way of attacking a business.'"
This discussion has been archived. No new comments can be posted.

Encryption Could Make You More Vulnerable

Comments Filter:
  • by KublaiKhan (522918) on Monday February 11, 2008 @01:22PM (#22380670) Homepage Journal
    I'd call it 'differently vulnerable' rather than 'more vulnerable'--all things come with inherent risks, and the risks of any particular action must be weighed against the rewards thereof.

    Encryption is necessary for many businesses, and if such attacks are truly a worry, they should be addressed in the same manner as any other risk.
    • by AndGodSed (968378) on Monday February 11, 2008 @01:30PM (#22380756) Homepage Journal
      Yes, but splashing "MORE VULNERABLE" on a headline preys better on the fears of the uninformed than "DIFFERENTLY VULNERABLE"

      We all know headlines exist solely to generate traffic...
      • by Megaweapon (25185)
        We all know headlines exist solely to generate traffic...

        And Slashdot isn't helping any by front-paging people from these magazine sites to submit their own content, complete with misleading headlines and writeups.
      • Re: (Score:3, Funny)

        by mjpaci (33725) *
        If this were an Apple story, would it be "Different Vulnerable"?

        Just a q.

        --mike
        • Re: (Score:3, Funny)

          by gwern (1017754)
          No, for an Apple story you just know someone would try to make an 'iVulerable' joke.
        • Conversely, imagine if Apple's ad campaign was "Think More"...not a bad principle, but hardly a slogan to sell more computers.
    • Re: (Score:3, Insightful)

      by sm62704 (957197)
      Not actually having RTFM (What?) but I don't see how this makes you vulnerable at all. You have your data backed up, right? Offsite and secure? How is having your hard drive unencryptable any different than a head crash or a building fire?

      And as to encrypted email, you can always send it again.

      Making people fear encryption because of this verges on sociopathic. BTW, BACK UPI YOUR DATA DAMMIT

      -mcgrew (not the security guy)
    • Re: (Score:3, Insightful)

      by DdJ (10790)

      I'd call it 'differently vulnerable' rather than 'more vulnerable'--all things come with inherent risks, and the risks of any particular action must be weighed against the rewards thereof.
      Yeup, it's almost exactly analogous to using locks in the real world. If your car does not use locks, someone can steal it. If your car does use locks, someone can steal your keys, and deny you access to your own car. Most people use keys anyway.
    • I agree, but I would go so far as to say you are less vulnerable with encryption.

      The highest level of attack that the article mentions is DOS by which attackers steal your keys and ransom them back to you. Indeed, this would be a bad day for the IT department and the affected departments of the company could lose days or even a week of productivity, which is damaging indeed.

      Compare this to the risks of not running encryption. A similarly motivated and skilled attacker as discussed above could easily
    • Your data may be valuable to an attacker, but it's probably even more valuable to you. This type of attack makes a company vulnerable rather than their customers for example. Steal (copy) a few customers identities and most companies won't care. Steal (as in take away) all our customer data and most will be really concerned.
    • Is that like "differently abled"?
  • To sum up: (Score:5, Informative)

    by Actually, I do RTFA (1058596) on Monday February 11, 2008 @01:22PM (#22380676)

    The threats discussed are:

    1. Losing keys/passwords
    2. Missing business opportunities because of the difficulty of sharing data internally (or presumably with third-parties
    3. Hackers stealing your keys, deleting them, and ransoming them back to you
    4. Hackers performing DOS on your authentication key-serving server./li
    • by rasputin465 (1032646) on Monday February 11, 2008 @01:33PM (#22380784)
      So it's agreed then. We'll drop ssh and use telnet from now on.

    • by wsanders (114993) on Monday February 11, 2008 @01:39PM (#22380860) Homepage
      5) Buy our stuff!

      Really, I've never seen a setup where stealing ONE (or a few) keys could result in a situation where a whole enterprise gets shut down for ransom.

      More likely, consider the situation where only two guys have the password to the domain name registrar's account, they get laid off, and a year later some one realizes the company domain expires in two days. Before anyone figures out how to renew it, it's in the hands of a pr0n site. There's your missing/lost key scenario, happens all the time.
      • by grassy_knoll (412409) on Monday February 11, 2008 @01:50PM (#22380980) Homepage

        More likely, consider the situation where only two guys have the password to the domain name registrar's account, they get laid off, and a year later some one realizes the company domain expires in two days. Before anyone figures out how to renew it, it's in the hands of a pr0n site. There's your missing/lost key scenario, happens all the time.


        Still trying to explain that web site you "accidentally" visited, eh?

        [badum-ching]
        • by sm62704 (957197)
          No, that was me. Only I let it lapse because I was tired of it.

          Honest,
        • by Jesus_666 (702802)
          But it looked just like a regular business website! It was only after I subscribed with my credit card information and completed a wget -m on the site that I noticed I had been forwarded to latexgirlswithwhippedcream.com!
      • Before anyone figures out how to renew it, it's in the hands of a pr0n site
        what if it is a pr0n site? does it end up in the hands of disney or something?
    • Those are their reasons!?!

      In which case, if encryption makes you more vulnerable to hackers, then surely no encryption makes you safer. By the same reasoning we should get rid of every kind of security. Why lock doors since you may lose the key? What if someone else gets your keys, breaks in and changes your locks? So we should all stop locking things away since that actually makes them less safe.

      No passwords to forget/steal/target != safe.
      • by megaditto (982598)
        If you got nothing to hide, you got nothing to fear.

        And yes, I never lock my house or my car, and I have yet to have one thing stolen from me in all these years.

        Remember, people who really want to get at your stuff will do so no matter how smart you think your security is. Locks are just for keeping honest people away.
        • by Nursie (632944)
          They're also for keeping opportunists away. And making sure your car alarm, immobiliser etc spring into action when they're circumvented.
        • If you got nothing to hide, you got nothing to fear.

          And if you have got something to hide (as the targets of this article do), lock it up!!

          You would feel safe knowing that the bank you keep all your money at just left it's vault unlocked? Or the government databases that hold all of your personal information were freely available to all?

          Just because somebody wants to commit crime doesn't mean you should put absolutely no obstacles in their way and make it easier for them.

        • I'm guessing you don't live in a country like South Africa? You park a locked or unlocked car on the side of the road in some suburbs and you'll wake up to no car. You don't install electric fences, burglar alarms, and burglar bars then you are more likely to be robbed since your house is the easier target. People can get at your stuff if they're sufficiently motivated, obviously, but given the choice between going for the unlocked house and the locked house, which one do you think they'll choose?
          • Re: (Score:3, Funny)

            by Intron (870560)
            If I lived in South Africa I would have bigger things to worry about. Like figuring out a 15,000 mile commute.
          • by gallwapa (909389)
            so its OT but I saw a 20/20 report a few years back where people were getting all up in arms because people were installing flamethrowers on the cars underneath the doors in order to deter car thieves. Others were adding small landmines to their already-barbed-wire 10' fences. I shook my head and just said "Damn, they've got some bad crime there. Scratch that off the tourist list"

            This was specifically about Johannesburg
        • And yes, I never lock my house or my car, and I have yet to have one thing stolen from me in all these years.

          Really? What's your address?
        • by misleb (129952)

          Remember, people who really want to get at your stuff will do so no matter how smart you think your security is. Locks are just for keeping honest people away.

          No kidding. I've had my car broken into 3 times now. Every single time they just smashed the window to get in. Funny thing is that I am pretty sure that one of those times I had left the door unlocked. If hadn't lost my car stereo and had to pay for a new window, it might be funny. F'ing meth addicts....

          -matthew

        • Re: (Score:2, Insightful)

          by Dan541 (1032000)

          Remember, people who really want to get at your stuff will do so no matter how smart you think your security is. Locks are just for keeping honest people away.
          Sorry but thats just absurd.

          There are hundreds and thousands of case's where security has stopped crimminals in their tracks. Most people cant get past a $30 lock.

          ~Dan

    • 1. Losing keys/passwords
      - Welcome to computers.

      2. Missing business opportunities because of the difficulty of sharing data internally (or presumably with third-parties.
      - Welcome to businesses where people have to use computers.

      3. Hackers stealing your keys, deleting them, and ransoming them back to you
      - Or they could just grab chunks of the data like always, and sell it to the highest bidder, without you ever knowing. Ransom is dumb, because it gets the authorities on your tail and
    • by toadlife (301863)

      1) Losing keys/passwords
      3) Hackers stealing your keys, deleting them, and ransoming them back to you
      In this case, just grab the CEO's laptop. They all store all the valuable company data in their My Documents folder unencrypted.
  • by X0563511 (793323) on Monday February 11, 2008 @01:23PM (#22380684) Homepage Journal
    Revoking a key isn't going to harm a company. They can just issue a new key.

    A revoked key can usually still be used without limitations, however a revoked key should not be trusted and should be considered exposed.
    • Re: (Score:3, Insightful)

      by 0xygen (595606)
      I believe they are referring to keys in situations where the keys are used to encrypt / decrypt business critical data, rather than say SSL certificates.
      • by badfish99 (826052)
        It would still not be sufficient for the attacker to revoke the key: in order to make the data inaccessible, the attacker would have to delete the key (including deleting it from all the places where it is backed up).

        Still, if you're worried, the simple solution is to buy a security product from one of the commercial sponsors of this report. Then, when you lose your key, you will be able to pay a hacker some money to recover your data using the back-door that the NSA forced them to incorporate into their pr
      • by Zeinfeld (263942) on Monday February 11, 2008 @01:55PM (#22381038) Homepage
        Its storage encryption keys they are talking about and nCipher makes a key management product.

        This is hardly a new issue, its been a significant concern for at least a decade. One of the problems with dealling with it was that for many years the mere mention of Key Escrow had people screaming about black helicopters.

        Key escrow is neither necessary nor desirable for communications security. You use session keys, preferably with a round of Diffie Hellman to provide perfect forward secrecy and protect against kelptographic attacks. But for storage encryption it is all a matter of how you keep the keys safe.

        It isn't that difficult to do, you simply make sure that keys are backed up in multiple places and are governed by separation of duties and multi-party control. The VeriSign Certification Practices Statement provides a complete primer in how to do this properly.

        • mod parent up! (Score:3, Insightful)

          by bazorg (911295)
          +1 Cromulent!
        • by 0xygen (595606)

          I believe the revocation threat is against keys used to interact with other organisations, if you gain access to the revocation certs for public keys used to perform eg inter-bank transactions, once those revocation certificates are issued to whichever authority is controlling the key infrastructure (normally only done in the case of a compromised key) then the required level of trust is no longer present, leading to failed transactions whilst we race around trying to inform everyone the revocation is false

    • by plover (150551) *

      Revoking a key isn't going to harm a company. They can just issue a new key.

      A revoked key can usually still be used without limitations, however a revoked key should not be trusted and should be considered exposed.

      But how exactly would an attacker revoke a key in the first place? CRLs are supposed to be signed by the CA who issued the certificates in the first place. Are they suggesting that it's somehow easy to hack a certificate authority to revoke these keys? We're talking about a worse-than-usele

      • by X0563511 (793323)
        The revocation certificate is (should) usually be stored separate from the rest of the keys, to guard against loss/theft. The backside of that means one can steal the revocation certificates, which would probably be less noticeable.
        • by plover (150551) *
          Please define "revocation certificate". As far as I know, X.509 [ietf.org] only defines a Certificate Revocation List (CRL) which is a list of certificates that are revoked and is usually signed by the Certificate Authority (CA) that issued them. (In some installations another system may be granted the authority to serve as an "indirect CRL".)

          But I am unaware of any mechanism to produce a "revocation certificate" or how or why you would issue one in advance of a certificate being revoked. Without the signature of

  • Hmm (Score:5, Insightful)

    by moogied (1175879) on Monday February 11, 2008 @01:27PM (#22380716)
    This sounds more like a problem in the encryption SYSTEM. Its kind of like saying "Encryption makes you weaker because your more likely to use passwords. Which can be brute forced!"
    • I don't really see the problem here. Any form of NOT leaving important/sensitive/etc... data wide open and freely readable is better than none at all.

      It's sort of backward logic to say it's bad because CAN be forced.

      Revoked keys do not (normally) your data hold hostage.

      Though in my experiance, the password cracking is more of a problem.

      Users really do need education on stronger passwords that are still usable, which they will promptly forget or write on the bottom of their keyboards therefore pulling the PS
      • Re:Hmm (Score:5, Insightful)

        by DarkOx (621550) on Monday February 11, 2008 @01:52PM (#22381004) Journal
        Yes but if encryption leads people to keep records they would not have kept or destroyed otherwise it could pose a risk if its eventually cracked.

        Its like Mom always said; never write something down without expecting someone else to eventually read it. If its dangerous or hurtful information it should be destroyed. If its really important keep it in the only place its really safe your head.

        Business are keeping more and more customer information. Information is leaked all the time stored encrypted or not. Encryption is likely to give an often false impression of security. People may think they are safely storing facts that will only be available to them and their organization and customers might end up really unhappy if they discover they were wrong about that some time.
        • To the untrained eye, it seems as if you just downplayed backups at first, however, I get your drift. Information will always be kept and usually kept long, LONG after it SHOULD have been destroyed. This is an inevitable fact, and as I said initially, leaving it open to any set of prying eyes is BAD. About half the problems highlighted in the article are not as much of a problem if you keep regular and up-to-date backups (You DO right?) Some full disk encryption schemes even support a "user" key and a "a
      • "and what is thing that was plugged in between the keyboard and my computer?"
  • "If you can go in and revoke a key for ransom..."

    that sounds a bit better than going in and just taking whatever is valuable wholesale with nothing to stop you such as... encryption?
    • "Hello. We are in your datacentre. Pay us 1 million dollars to or we will delete all of your encryption keys. Oh, and can you tell me your administrator password too, please?"
      • that was meant to say "to [insert account number here]". Stupid HTML strippers always spoiling the party.
  • FUD, seriously a revoked certificate is just one thing, ya it can be a nuisance but a company just needs to re-issue the certificate. All stories like this is give reason to be afraid and get companies to go out and buy more stuff secure their data and in the end really not do a thing.
  • by davidwr (791652) on Monday February 11, 2008 @01:41PM (#22380902) Homepage Journal
    Traditionally, you store the data in one place and the key in another. You may even encrypt the key with a smaller key, called a password, that is stored in someone's head.

    If someone tricks the key-checking mechanism into thinking a key is revoked, that's not a huge problem: All a revoked key means is that you may not be able to TRUST the key or the data it protects anymore. It doesn't mean you can't get at the data.

    This is no worse than if a burglar broke into the building storing your paper forms. You can no longer automatically trust that those forms weren't tampered with. You have to either re-authenticate each of them or accept the fact that they may have been altered.
  • by davidwr (791652) on Monday February 11, 2008 @01:45PM (#22380928) Homepage Journal
    A friend taught me this years ago:

    Say you have a secret. Divide the secret into 3 parts and find 3 people to hold the key. Each person holds 2 parts of the key. If any one person is unavailable, the key can still be used, but no one person can use the key alone.

    This same system can work with larger numbers too. My friend used a "3 of 5" approach, which required 3 people out of 5 to use the key.

    In a way, this is like RAID-5 but more general.

    You can apply this to keys, to the raw unencrypted data, or to encrypted data, depending on your security needs.
    • You can do much, much better than that: your system is not resilient to having one of the 3 parties providing wrong information intentionally, for example.

      Distributed secret algorithms is a very well studied area of cryptography.

      • by Surt (22457)
        I'm unclear on how what you say is true. It would seem that after failing the password check with your first two people, you would switch, and if you fail again, switch once more, and then you should succeed. Such a system should be completely resilient to ANY failure of one person, whether physical or moral.
    • by avatar4d (192234)
      I don't understand how Hugh, er... "3 of 5" [wikipedia.org] can assist with this, but resistance is futile.
    • by rjhubs (929158)
      Distributed key algorithms do exist, but there is a problem with them. The security of the system depends on the key holders having high levels of distrust for one another. It is very easy to imagine many corporate environments where keys will be shared with another out of convenience which then makes the system essentially a single key system.
    • Re: (Score:2, Funny)

      by ffflala (793437)
      Say you have a secret. Divide the secret into 3 parts and find 3 people to hold the key. Each person holds 2 parts of the key. If any one person is unavailable, the key can still be used, but no one person can use the key alone.

      If you or your friend had played enough Oblivion you'd recognize the inherent weakness in this idea: one of the three can frame the other two as a vampire, claim to be a vampire hunter, safely dispatch them in the open and then possess all 3 keys.

      http://www.uesp.net/wiki/Oblivion:A_B [uesp.net]
  • What's all this about "new risks and threats"? There's nothing remotely new here.

    False certificate revocation is an obvious point of attack on certificate infrastructure, and has been ever since CRLs were proposed. Loss of encryption key is a new risk? Yes, to researchers who have been asleep since, oh, 1466 when Leon Battista Alberti developed key crypto.

    It's not that we shouldn't pay attention to these risks and incorporate them into our security metrics. Of course we should. But it's not news.

  • So the point is? (Score:2, Insightful)

    by a-zarkon! (1030790)
    If you're implementing an encryption solution and don't understand the potential impacts, you probably shouldn't be implementing encryption. Encryption is great and necessary, but in the case of things like file encryption introduces another layer of complexity and point of failure into your system. Now instead of worrying about just an unrestorable backup of the data - you need to have a restorable backup AND a key recovery/additional decryption key/key escrow solution.... And for what it's worth, I'm a
  • Game over ... (Score:3, Insightful)

    by Sepiraph (1162995) on Monday February 11, 2008 @01:52PM (#22380998)
    If your attacker can get a hold of your key and alter it, your system is already compromised... thus it is incorrect to claim that encryption can lead to MORE vulnerability because without it you are as good as dead.
  • by Z00L00K (682162) on Monday February 11, 2008 @01:56PM (#22381052) Homepage
    of some kind of attack regardless of your actions.

    Encryption is making things harder for those that want to penetrate your business, but use it with care. Too much will do more harm than benefit. Set up boundaries in your systems and encrypt the communication. That's the reasonable way to do things.

    Encryption of hard disks may be useful on laptops, but is relatively useless on stationary computers and servers, and will probably only add to the performance overhead. Just be sure that all hard disks are erased before the computers are retired and you have been saving yourself a lot of trouble.

    If someone stores data encrypted anyway and the key is lost - well - tough luck unless you have a good policy where backup keys are stored in a safe place.

    Only a few businesses will benefit from extreme levels of encryption, and those are mostly working in the military area. In these cases it may be better to just call it a day and consider all data where the key is missing or manhandled as compromised.

  • by Psmylie (169236) * on Monday February 11, 2008 @01:56PM (#22381054) Homepage
    Where I work, we have a policy to have encryption on every laptop. It has to be minimum of 8 characters and include a mix of capital and lower case, a number and one special character. Compared to every other password requirement we have, that's relatively strong.

    The problem comes in when people can't remember the encryption password. Either they lock themselves out of the laptop or they do something brilliant like write the password on a post-it and tape it to the laptop case.

    No matter what strategy you have, your own customers will find a way to mess it up.

    • Re: (Score:3, Interesting)

      by tppublic (899574)
      No matter what strategy you have, your own customers will find a way to mess it up.

      Then it is your job to either educate those users or to architect the system in such a way that those weaknesses are designed out of the system. The problem is not in the users, it is in the security guidelines you are issuing and your expectations of adherence to those guidelines.

      Often, to respond to requirements like those you mention, we use things like: 1qAz@wSx

      followed by 3eDc$rFv ... when the first one expires af

      • by Psmylie (169236) *
        Oh, I agree. Having strong password requirements is only good if people can remember their password. And, it's not like I've never forgotten passwords of my own :)

        However, anyone should know that you don't tape your password to the device that it goes to. That's like locking your front door and leaving the key in the lock so you don't have to bother looking for it when you get home.

        We do tell people not to do that, when we set them up with a laptop and encryption. I also tell them to have the password in

        • Create a fake person in your address book, on your phone, etc. Encode the password into their name, address and telephone number using a rule that's easy to remember. Or choose something else ; put it into a very boring looking TPS report, whatever. It's important you don't make a policy out of WHAT gets used, because then it's easier to crack. Let people choose what makes most sense to them.

          Voicemail is a bad idea, because voicemail is notoriously easy to crack.
  • by pedrop357 (681672) on Monday February 11, 2008 @01:59PM (#22381080)
    This is like saying that using locks on your car can leave you vulnerable. Sure, they keep casual thieves out and the newer systems keep go a long way towards preventing someone from hotwiring your car.

    BUT, a mischevious person could put epoxy in all the keyholes, essentially revoking your keys and causing a denial-of-service.

    Which is better, a small risk of being locked out of your data/car, or the larger risk of theft and/or misuse of your data/car due to lack of security?
    • by russotto (537200)
      With a car, if I lose my keys or someone gums up the locks, the key can be recovered or the locks fixed for a modest cost. If the keys to strongly encrypted data are lost, the data may as well be gone.

      Which means that sometimes it makes a lot of sense not to encrypt. People lose and forget passwords all the time. Even if you have a system for managing the keys, it can still be screwed up accidentally or deliberately. Much of the time, keeping the data intact is more important than keeping it secure. Co
  • by jd (1658) <<moc.oohay> <ta> <kapimi>> on Monday February 11, 2008 @02:04PM (#22381140) Homepage Journal
    First, if the revocation process is insecure and unauthenticated, then don't blame the encryption. Security is holistic and is no better than the weakest link. This isn't unique to encryption. In fact, because revocation is merely altering a user's perception of trust, it can be regarded as nothing more than a social engineering attack. Those are old-hat.

    Secondly, there are all sorts of potential problems with encryption: how vulnerable is the PRNG used to generate the key or key pair? Can an attacker exhaust CPU resources by forcing many expensive operations? Are people protecting their private keyrings correctly? Are command-line encryption programs exposing the encryption key on the command line? Since a virtual machine manager or hypervisor can see into a virtualized machine and therefore see the internal mechanics of encryption, are VMMs at the point where they can be used in a secure environment?

    I'd consider any of these to be much more serious than a corp-to-corp key management problem which, ultimately, reduces to policy decisions on how to manage keys.

  • you provide a way to signal to somebody that you have something to hide. If you are an entity that is scanning all traffic, and have to decide what to look at as well as store, then the place to look is where somebody thinks that they are hidden, but where you have the ability to decrypt it. The current way to hide successfully, is to bury the stream via steganography i.e. in plain site, but with LOADS of crap.
    • by mlts (1038732) *
      The trick to this is to encrypt everything. Then, an eavesdropper that sees the cyphertext streams will end up having to store everything, both relevant and irrelevant because he or she doesn't know what is actual valid data, and what is random chaff. By selectively encrypting only the "juicy" stuff, it makes it more of a target.

      Of course, the usual analogy: You have a bunch of file cabinets. You could buy one heavy duty, fireproof vault with a X-08 lock on it to store the contents of the one cabinet th
  • by a1ok (250188) on Monday February 11, 2008 @02:19PM (#22381322) Journal
    Whenever I leave my apartment, I'm always worried about losing my house keys and getting locked out. So I guess I should just never lock the door, since that makes me vulnerable to a DoS (can't get in) if I misplace my keys? Of course, this is a bad analogy as door locks aren't very secure; anyway this definition of 'vulnerability' is a bit strange :)
    Considering this warning comes from a bunch of security companies, maybe this is some new trend of disclaimers, like anti-virus vendors warning that their product can only reduce but not eliminate attacks - in case a customer is stupid and tries to blame the encryption vendor for losing their keys, they can say 'I told you so' and point to these articles :D
  • If I replace my locks with a deadbolt, it is more secure, yes?

    Now, I am more vulnerable to being locked out if my wife leaves the house and I forgot my keys, or if the lock breaks. So just because the slogan, "American express, I can't get into my home without it" is no longer true, should I not use it?

    Security is an art. No one way is right, nor perfect. It is all acceptable risk. Personally, I have a feeling all IDS systems will migrate to host based systems because the majority of the traffic will be
  • by dschl (57168) on Monday February 11, 2008 @02:22PM (#22381364) Homepage
    The use of door locks and deadbolts could make organizations vulnerable to new risks and threats, a panel of security experts warned Monday.

    Many organizations are locking their doors to relieve concerns over material theft or loss - for example, U.S. break and enter statutes do not apply to unlocked doors.

    However, experts from IBM Internet Security Systems, Juniper, nCipher and elsewhere said that locking doors also brings new risks, in particular via attacks - deliberate or accidental - on the key management infrastructure.

    The change comes particularly with the shift from leaving doors open, as was common in the 1800's, to locking doors and securing buildings with perimeter fences - often in response to regulatory demands - said Richard Moulds, nCipher's product strategy EVP.

    "Lot of organizations are new to door locks," he added. "Their only exposure to it has been with padlocks on remote sites, but that's something very few staff have to deal with, and infrequently. When you shift to locking your entire building, right down to the individual executive offices, if you lose the key you trash your access - it's a self-inflicted denial-of-service attack.

    "Organizations experienced with door locks are standing back and saying this is potentially a nightmare. It is potentially bringing your business to a grinding halt."

    Locking doors is also as big an interest for the bad guys as the good guys, warned Anton Grashion, European security strategist for Juniper. "As soon as you let the cat out of the bag, they'll be using it too," he said. "For example, it looks like a great opportunity to start attacking key infrastructures, as a little bit of epoxy in the keyhole, and whammo, your building is inaccessible."

    "It's a new class of DoS attack," agreed Moulds. "If you can go in and damage a lock and then demand a 'protection money' so that it doesn't happen again, it's a fantastic way of attacking a business."

    Another risk is that over-zealous use of door locking will damage an organization's ability to legitimately share and use critical business facilities, noted Joshua Corman, principal security strategist for IBM ISS.

    "One fear I have is that we're all going to hide and lock up all of our assets such as pens, paper and coffee makers, but companies are asset-driven, so we take tactical decision and stifle ability to collaborate," he said.

    "Sometimes, the result of implementing security technology is actually a net increase in risk," added Richard Reiner, chief security and technology officer at Telus Security Solutions.
  • Keep spreading the truth people, encryption can make you safer and even if you have nothing to hide, it is still your nothing to hide. If they don't like you hiding your nothing, then that only tells you the truth: the powers that be and the powers that would be don't trust the people in any way and any form of governance which will not trust its people cannot be trusted by its people. Therefore, hide your nothing. Hide it all, jealously guard your privacy and keep on at it until they go into paroxysms of f
  • by Anonymous Coward
    An "attack" like this could also originate from the inside, where an employee is terminated, etc., and refuses to give up the keys.

    Just like a lock on a door, if properly implemented, in PKI keys can be replaced. Every organization that is serious about implementing a PKI should be just as serious about about key management as it is a massively important component.

    http://csrc.nist.gov/publications/nistpubs/800-57/SP800-57-Part1.pdf [nist.gov]
  • by tcampb01 (101714) on Monday February 11, 2008 @02:49PM (#22381654)
    I'm not sure what point they're trying to make in the article other than churn up some FUD. If I encrypt a file on my computer with a password or key and then lose my key, I cannot easily decrypt that file. So poor management of my key could make me vulnerable to loss of data -- but that's not the same level of risk as theft of data (which may be worse than losing it.)

    As several others have pointed out, a 'revoked' key in no way keeps you from getting at your data. In the same way that a bank can 'revoke' a credit card, the actual card itself doesn't disappear... it's just not trusted to do anything. Unlike the credit card system, most any security software that checks key revocation lists can easily be told to ignore the fact that the key is revoked. The bits needed to perform the encryption or decryption still exist -- you just get a warning that someone says you should not trust it... but that's not the same thing as saying you can not trust it.

    What that really means is you just need a good key management scheme. Whereas most people would just use a single private key, in a corporate environment you've got the problem of project-related work that might be encrypted by an employee still belongs to the company. If an employee quits, is terminated, gets run over by the beer truck, etc. etc. then the company would like to have a way to get the data that they rightfully own. This is what "key escrow" systems are for. But escrowed keys would ideally be kept in a very safe place. Of course the fact that an escrowed key exists at all allows the individual to repudiate the contents of the encrypted file -- someone else could have altered it. The solution to that conundrum is to create a "signing" key which does not encrypt and which is not escrowed, and an encryption key which is not used for signing, but which is escrowed.

    So back to the FUD... I suppose all these companies have an interest in creating the fear, getting the average IT person to decide to look into it, realize what they're missing, then realize that they probably need to hire a professional security business to help build a proper key distribution and escrow system.

  • ADK (Score:3, Informative)

    by Aram Fingal (576822) on Monday February 11, 2008 @02:58PM (#22381788)
    This is part of the reason for the Additional Decryption Key (ADK) functionality of PGP. Individual users within the organization can encrypt and decrypt with their own keys but there is always the additional key for backup, in the possession of the organization, to decrypt data in case users' keys are lost. I don't see how someone stealing keys is likely to cause much of a DoS situation when an organization is using ADK.

    Also, someone correct me if I'm wrong but I think revoking a key only affects future uses of the key for creating valid digital signatures. You can still decrypt data without a problem. Someone coming in and revoking keys on you is only a DoS attack in the sense that you need to take the time to issue new keys and fix whatever security breach allowed the attacker access to the old keys.
  • What the article is talking about has nothing to do with web servers or the internet, it has to do with confidential data stored on private/internal file servers and database servers. It also has to do with data that "walks" out of the corporation on laptops and PDAs.

    When you encrypt this data with a key and you lose the key, you LOSE the data... period. You NEED the key to recover the data... THAT is the risk they are talking about. Now extend that risk from losing the key, to someone stealing it and

    • by rampant poodle (258173) on Monday February 11, 2008 @04:01PM (#22382604) Homepage
      TrueCrypt can protect you in both of these scenarios. After setting up the encrypted volume:

      1. Set an administrative passphrase/key.
      2. Make volume header backup. (Must be stored/protected as you would a safe combination.)
      3. Have end user set personal passphrase. (Creates a new volume header)

      If the user passphrase is lost or stolen the volume can be recovered by restoring the "admin" volume header. No ransom payment to bad guys required. (Applying clue stick to user is optional.)

      This does add the potential risk of someone stealing the "admin" header backups. Storing the headers in a locked container in the company safe or an off-site bank vault will bring this risk down to reasonable levels. (Storing them on a CD on someone's desk will not!)
      • I think the article is about hacking an enterprise authentication/key server, and not local volumes with local key storage, but the same applies: Backup your keys.
  • Variations on this theme are considered in the book "Malicious Cryptography: Exposing Cryptovirology" by authors Adam Young and Moti Yung. To quote from a famous online book site: Hackers have uncovered the dark side of cryptography--that device developed to defeat Trojan horses, viruses, password theft, and other cyber-crime. It's called cryptovirology, the art of turning the very methods designed to protect your data into a means of subverting it. In this fascinating, disturbing volume, the experts who
  • Some one might extort money from you by threatening to set them off.
  • This is not a new problem. There are viruses, for example, that encrypt a file system and demand a ransom for the key.

    Gpcode-AI [viruslist.com] is one example.
  • This is why backups exist. Unless of course someone gets their hands on the mass disk eraser...
  • 'If you can go in and revoke a _child_ and then demand a ransom, it's a fantastic way of attacking a business.'
  • "When you shift to data at rest and encrypt your laptop, if you lose the key you trash your data - it's a self-inflicted denial-of-service attack."

    What???
  • Huh? (Score:3, Interesting)

    by thethibs (882667) on Monday February 11, 2008 @06:01PM (#22383972) Homepage

    TFA is so much bafflegab, there's no place to get a hold of it.

    Revoking a certificate would result in some inconvenience, but it couldn't provide the means to hold anything for ransom.

    In a corporate environment, an encrypted file on a laptop is almost certainly duplicated somewhere—usually in clear on a server. And if I just created or modified a file and haven't yet backed it up, I had to use the password to do it, so I'm unlikely to forget it over lunch.

    Add to that the fact that all the mainstream encryption products come with key management systems to help avoid even that small risk, TFA suggests that either the "experts" aren't really experts or the reporter didn't understand them.

  • I use rot26 encryption on all of my files

    Including this message.

    If it's not Consolidated Lint it's just fuzz!

FORTRAN is a good example of a language which is easier to parse using ad hoc techniques. -- D. Gries [What's good about it? Ed.]

Working...