Crypto won't save you
- 30 May, 2014 13:35
Peter Gutmann is a researcher in the Department of Computer Science at the University of Auckland working on design and analysis of cryptographic security architectures and security usability. Having been part of the team that wrote the popular PGP encryption package, you'd expect that he'd put a lot of trust crypto.
But like cryptographer Adi Shamir, the 'S' in RSA, who once said "cryptography is bypassed, not penetrated", Gutmann used his presentation at AusCert 2014 to highlight the inherent weakness in how we treat security. Cryptography is often seen as a silver bullet solution but is has failed.
During his talk, Gutmann looked at ten years of trying to secure things with crypto that ultimately failed. And, even though is some cases the crypto was so weak that it could be easily beaten, it was much easier to just bypass it.
As did many of the presenters at AusCert 2014, Gutmann started with some references to Edward Snowden, the poster boy for data theft or information liberation depending on your point of view. Among the documents exposed by Snowden was information pertaining to Project BULLRUN. Funded to the tune to of between $250M to $300M, this is a US government initiative designed to develop "capabilities against a technology".
BULLRUN has developed capabilities against TLS/SSL, HTTPS, SSH, VPNs, VoIP and webmail according the documents Snowden leaked.
As Gutmann puts it "You're not paranoid, they really are out to get you".
Gutmann's presentation delivered a history of how sophisticated cryptography has been overcome. For example, he described how most of the major gaming consoles use crypto as a way of securing systems and limiting access to user data. However, all have been hacked to some degree.
"In none of the cases was it necessary to break the cryptography," said Gutmann.
The same went with smartphones with a common method being a hack of firmware to simply bypass any embedded crypto or recovery of private keys from supposedly secured storage.
By the end of this part of Gutmann's presentation there was probably no one in the audience who wasn't carrying a device that hadn’t ben compromised.
Some research in 2012 looked at a number of about 12000 very large organisations including Amazon, Apple, Dell, eBay, HP, HSBC, LinkedIn, Paypal and Twitter. A third of the companies were using keys "so weak that an individual attacker could have broken them," said Gutmann.
However, in none of the case did anyone bother as it was unneccesary in order to compromise systems. In other words:
- Number of attacks that broke the crypto: 0
- Number of attacks that bypassed the crypto: All the rest
"No matter how strong the crypto was, or how large the keys were, the attackers walked around it," he added.
Gutmann took a long, hard look at IPsec, the protocols used to secure IP communications. He pointed out that it has a number of errors and is not as secure as many believe. The NSA contributed to development of the IPsec standard with Gutmann citing information from Niels Ferguson and Bruce Schneier's "A Cryptographic Evaluation of IPsec" saying " the ISAKMP specifications [the NSA’s main overt contribution to IPsec] contain numerous errors, essential explanations are missing, and the document contradicts itself in various places".
Despite this, Gutmann did stop short of saying that IPsec was deliberately sabotaged saying " Never attribute to malice what is adequately explained by a committee".
The lesson from all of this is that you need to secure every part of the system and not just throw crypto at one bit and assume that you'll be safe. It's not enough to simply rely on standards and to follow the crowd. Understanding security, not just from an appliance and software solution point of view is not enough.
Security professionals have said for many years that good security is based on layers. That remains true but putting too much trust in one layer, like crypto, can leave you vulnerable in other places.
