CryptoUsageRisks

Foreword to "Risks of using cryptographic
software and possible ways of data leaks"

How well, do you think, your data is protected from an unauthorized
access?

It is likely, that many will answer on that question with the confidence
about the safety of their data. The general assumption is, that the use
of cryptographic software makes your data safe. People who have only a
superficial knowledge about the information security, presume however,
that if your information would be sought after by a resourceful
adversary, like a government agency, then any encryption would be
broken. People versed a little bit more in the information security,
often ridicule that presumption, however. But let us deliberate and
think this through, who is indeed right?

In this article I will try to explain about the risks of using
cryptographic software, and about the ways of gaining access to the
encrypted data. The article is based on a common knowledge, and you will
find no secrets there. However, if you would give some thought to the
information conveyed here, you may grasp how fragile your security might
be, and how something perceived by many to be indestructible, can easily
be broken. Well then, let us briefly examine the main types of attacks
on the encrypted information.

Breaking into cryptoalgorithms,
or thssssssssssse brute force attack

It is accepted knowledge, that there are no absolutely strong
algorithms, except for one-time
pad
. All known
cryptoalgorithms are not based on knowledge, but rather on the lack of
it. The strength of any cipher has yet to be mathematically proven, but
on the other hand, weaknesses of most of the invented ciphers are
already established. Therefore, a strong cipher is considered to be one
for which there exists no practical method of breaking it. However, if
there is no method at the moment, it does not mean that it will never be
devised, though, when speaking in regards to the well studied ciphers
(AES, Twofish, Serpent), there is very little chance that they will be
broken in the next 10 years. There exists a view that NSA/CSS employs
cryptanalytic methods which are not known to the public. That, however,
is no more than a rumor as there are no facts proving it to be
otherwise. Still, one must remember not to assume that the data
encrypted with a cipher considered to be strong by the current
standards, will remain safe forever. In my opinion, the maximum term for
which the data can be considered to be safe, when encrypted by a recent
strong cipher, is 10 to 20 years. That should always be kept in mind.

Currently, the only plausible attack on strong cryptoalgorithms, is
going through all the possible key combinations. At the current stage of
technical progress, it is possible to pick the 64-bit key, and
theoretically the 70-bit key. The 80-bit key is the minimum, which is
considered to be safe. In the future, when a quantum computer will
become a reality, the length of the key for the symmetric ciphers would
have to be doubled to achieve the same level of safety. This means that,
theoretically, 128-bit keys can be broken on a quantum computer. The
256-bit keys, however, will never be broken by the brute force attack as
working through the entire number of possible keys will come against the
limits set by the law of physics. Taking all that into consideration it
should not be forgotten, that your password ought to have the same
strength as the key space of the encryption algorithm you are using,
otherwise your encrypted data will be accessed by picking up the
password.

By summarizing the aforementioned, we conclude that the successful brute
force attacks are a highly unlikely occurrence, nevertheless, they
should not be disregarded completely. Also, cryptoalgorithms with less
than a 256-bit key should not be used though longer keys make no real
sense either.

Faulty implementation of
cryptographic software

Even the strongest of the encryption algorithms can be defenseless, if
it is implemented with errors, or used inappropriately, and that is the
illness of the proprietary software. Microsoft is especially infamous
for that, as virtually each of its cryptographic solutions had serious
vulnerabilities, often breakable in a trivial manner. One need not
venture far for the examples, - Kerberos, encryption of Microsoft Office
documents, PPTP VPN, NTLM authentication protocol, SysKey, EFS
encryption in Windows 2000, RNG implementations in Windows
2000/XP/Vista. As history shows, that company is unable to learn on its
own mistakes, therefore it is better to use anything, but the
Microsoft's cryptography, since, even if you would want to, you will
find no worse reputation, than the one enjoyed by the Microsoft.

Besides containing errors, proprietary software and cryptographic
hardware devices, can also have intentional backdoors, existence of
which can be lied about by the producer. As an example, we can look at
the Drecom hard drives with hardware data encryption, manufacturer of
which has announced encryption to be done using AES, but actually it
turned out to be simple and easy to break XOR cipher. If you would like
to find more about that, please read this
article
.
Thence we can conclude, that the promises of the producers can never be
trusted, and one should always demand the proof of the claims made by
the manufacturer. Any such proof should always be thoroughly examined,
and if there is not enough qualification for the verification process,
then seeking a professional opinion is strongly recommended.

Malware

When using impeccable quality cryptographic software, there is no danger
of falling a victim to the above mentioned issues, still however, that
does not rule out the other possible threats. One of the most serious
risks, is for the trojan horse program to get a foothold in your system,
which then may intercept entered passwords, encryption keys, or even
transmit the data that your are protecting, itself.

Protection from malware is one separate and large theme, and it will not
be discussed in this article. There is one thing you should remember,
though, - no malicious software must ever infiltrate your computer
system. Otherwise, there is no point in data encryption. In case, when
handling truly important data, for which it is absolutely unacceptable
for anyone to get an unauthorized access to, then it is advisable for
such a system not to be connected to the internet, and it also should
have only the bare minimum of required software installed.

Physical attacks

Physical attacks are always involved with the possibility of direct
physical access to the system, or with the opportunity to observe it,
which may be associated with the remote monitoring or using the bugging
technology. There are the TEMPEST techniques, allowing for the image
from a monitor to be read from a distance of a hundred meters, by
capturing and analyzing electromagnetic (EM) radiation emitted from a
display. The text entered on the keyboard, can be acquired by capturing,
with a bug or a laser microphone, and examining the sounds that the keys
make when being pressed. An adversary, who can come into direct contact
with your system, may implant it with the software contaminant or with
the hardware keylogger. The encryption keys and the confidential data,
can be obtained from the computer memory by freezing and transferring
the memory chips
, or by
connecting a scanner/reader device to the computer buses. The contents
of the memory can also be accessed through some external ports, for
example via FireWire, without the
help from any special technology, and using only a notebook computer.

Software-induced data leaks

With reference to the disk encryption, in certain cases it is possible
to reveal the encrypted data even without the use of trojan software or
having a physical access to the live system. The fault of that, are the
leaks of confidential data into a number of non-encrypted system files.
The most critical, in this regard, files on the Windows systems are the
following: registry, swap, crash dump and hibernation file
(hiberfil.sys). For the most part, the user mode application memory
space, which contains the confidential data that applications process,
is being paged to hard disk drive. DiskCryptor, however, prevents the
keys and passwords from getting into the swap space, as it stores them
in the non-swap memory. In addition, the passwords and keys are not
being stored for longer than it is necessary to process them, and
afterwards the memory that has been occupied by this sensitive data, is
nulled.

This kind of security measure exists in all adequate open source
cryptographic software, but that is not always sufficient to reduce the
data leaks risk to zero. The most dangerous are the data leaks into
hiberfil.sys and crash dumps, as the whole contents of memory,
including its non-swap regions, is being stored on the disk in this
case. This situation is essentially complicated with the fact, that the
mechanism how the dumps and hiberfil.sys are being written, is not
documented at all, and therefore, the most present-day disk encryption
software cannot encrypt these files, and they are being written in
non-encrypted way to disk sectors! Old DriveCrypt Plus Pack versions
and even TrueCrypt 5.1, had such kind of vulnerabilities. The
consequences of that are catastrophic, as saving of the memory dump in
open manner, definitely opens up the possibility to reveal all encrypted
information in a matter of few minutes.

The guys from Microsoft did such a dirty job, that there is even no need
to devise any backdoors in the cryptographic software. Most probably,
that security-related government agencies can make use of this Windows's
feature, and this is what has led some people to believe, that the
government can break any encryption. The simplest solution for this
issue, is to disable memory dump file generation and hibernation mode,
which is recommended in the TrueCrypt's documentation as well (when
system encryption is not used). The problem is, though, that most users
do not read documentation, and have little awareness about the important
factors that play role in the system's safety, and thus users get an
illusion of security, instead of the real protection. DiskCryptor,
starting from version 0.2.5, has extra measures in place to prevent
leaks of the sensitive data:

  • When the system partition is encrypted, then memory dump and
    hibernation files are already protected (by default Windows is
    configured to write these files to the system partition).
  • If the system partition is not encrypted, and when there are mounted
    encrypted disks present in the system, then the use of hibernation
    mode and saving of memory dump (on system crash) are blocked, and in
    case if there are no mounted encrypted disks present, then before
    commencing hibernation or writing memory dump, the password cache is
    being automatically cleared from memory.

That way, the program does not let the sensitive data to be written to
disk in a non-encrypted way.

Nonetheless, please bear in mind, that there is always a chance for the
data leaks to occur because of a third-party application. For example,
if there is a software on your system, that intercepts keyboard input
(it can be a language translation tool, an automatic keyboard layout
changer, or a keylogger), or if you use the clipboard to copy passwords,
then in such cases, passwords may be stored in a memory region that
DiskCryptor has no control of, and where the data leaks can be taking
place. In order to safeguard yourself from these kind of data leaks to
be used against your system's security, - it is sufficient to encrypt
all the disk partitions, where this important data can be written onto.
If your system is connected to a network or the internet, please make
sure, that no unauthorized transmissions of the sensitive data are
taking place, as keyloggers, besides saving their log on a local disk,
can also transmit what they capture over your network/internet
connection. But then again, you must not let any malicious software to
get into your system, in the first place.

Conclusion

As you can see, there are many ways which can lead for the encrypted
confidential data to become exposed, and this is by no means a
comprehensive overview of all the possible ways to achieve that. In
particular, there has been no mention of either rubber-hose
cryptanalysis, nor possible risks involving the human factor, or social
engineering manipulation. The more we know about the information
security, the more aware we become of our defenselessness.

So that is why you should always remember, - confidential data
protection must not be limited to encryption only, and it is
all-important to take very seriously the arrangement of physical
security structure, as well. In no way however, what has just been put
forward, diminishes the necessity to use encryption, and it still
remains a formidable obstacle for an adversary to overcome.