Beyond Encryption

You wouldn't write trade secrets on a post card, and you wouldn't lock your front door but leave all of your windows wide open, so why would you do the equivalent thing on your computer? You have a right to encryption technology, just as you have a right to seal your letters and not allow them to be censored. You should consider your computer just as important to defend as your home, and digital information just as private and personal as a sealed letter.

Security is multifaceted—with the right structure, it can be as hard as a diamond, but a weak structure will cause it to crumble like fool's gold.

Encryption is one facet of practical security. If you encrypt your network traffic, but have poor physical security, someone may circumvent your strong network encryption by stealing your hard disks. If your office is physically secure, but you don't encrypt your network traffic or use weak encryption, a hacker doesn't even have to visit your location. She simply has to sniff your packets to steal every plaintext password that you use, not to mention the rest of your unencrypted data. Even worse, your site could be a base camp for the hacker's next exploit, complicating your life as the authorities scour your machines for evidence.

Bruce Schneier, CTO of Counterpane Internet Security Inc., famous for his classic crypto book, Applied Cryptography (John Wiley & Sons, Second Edition, 1995) writes in his essay "Why Cryptography is Harder than it Looks," (see Crypto Resources ), that the digital age isn't immune to human trickery and deviance. "Every form of commerce ever invented has been subject to fraud, from rigged scales in a farmers' market to counterfeit currency to phony invoices. E-commerce will also face fraud, through forgery, misrepresentation, denial of service and cheating. Computerization makes the risks even greater, by allowing attacks that are impossible against nonautomated systems … Only strong cryptography can protect against these attacks."

With the RSA algorithm released into the public domain on September 6, 2000 and the U.S. government's decision in January 2000 to lift most controls on encryption exports, strong encryption is now in the hands of anyone who wants to use it, free and without a license. But there is more to computer security than just plugging an algorithm into your software.

The Big Picture
When you're designing software that takes advantage of encryption or you're securing your data center, take a step back and see how someone may steal your information by skirting the obvious roadblocks. Some items that you should pay particular attention to are:

• Flaws in your pseudorandom number generator. Using strong encryption doesn't mean that your data is secure if you are using an unsophisticated pseudorandom number generator (PRNG). If your PRNG uses an input without sufficient entropy (a tendency toward disorder), the numbers that it generates won't be quite random. Sometimes an input that a human sees as noise is actually an organized collection of patterns. Patterns are predictable, and your cryptography can fail because of this insecure facet of the system.
• An easy guess. Don't allow users to choose passwords based on easily guessed information such as the kind of car they drive, the names of their pets or their name spelled backward. You should have a program that looks for this type of password (even crack can be effective) and advise the user to change the insecure password. Although it's more likely that someone will break into a Web site to steal your credit card information, rather than your password, you should still avoid using, say, the root password for your e-commerce server as your password for a potentially insecure system.
• Insecure storage. Carefully choose the products you use to encrypt the data on your hard drive as some products can leave unencrypted data in temporary files. A truly secure system should only save encrypted data and write nothing else to your drive.
• Physical security. If someone can steal your hard drive, they can take their time to analyze its weaknesses and figure out how to cripple the security in a way that they can't with a network connection. Physical access to a device allows a person to discover weaknesses in the security by looking at side channels such as radio emissions from the device. In the mean time, you are powerless to stop this process because you don't know where your drive is. Unless you are a paranoid, security-savvy individual, you likely have a lot of personal information on the hard drive, which can be used to the information thief's advantage.
• Social engineering. Be on alert if anyone asks for your personal information, especially your password. If you've poorly chosen your password, an information thief can figure out your password based on personal information. Few people are as security conscious about their computers as they need to be, so if you run sensitive systems, consider sending out a security advisory e-mail every month or so, explaining basic security measures.
• Dabblers denied. Unless you know what you're doing, don't try to invent your own cryptosystem and then hope that it stays safe by hiding the algorithm. A determined information thief can reverse engineer your program and then break it. Strong encryption is strong because it has undergone constant abuse from the best minds in the world. If you're afraid that someone might break your system if they know how it works (and she will probably figure out how it works), then it's probably not very good. Use a cryptosystem that is tried and tested.
• I smell packets in the air. Wireless networking can be convenient, but with your data wafting through the air like the scent of freshly baked bread, sniffing noses are sure to be lured to the source. Although most wireless networking products ship with encryption capabilities, key management and distribution can be a headache, so not everyone enables encryption for these devices. If you do this, you might as well let an ethernet cable dangle out your window since anyone nearby who has a wireless network card and a packet sniffer also has access to your network. Of course, not only plaintext passwords are visible, but all unencrypted data traveling through the airwaves.

Trust No One!
Paranoia is good, at least when it comes to security. Even though it's theoretically impossible to break a 2048-bit RSA key before the heat death of the universe, it's more than likely that there is a highly creative and intelligent individual out there whose sole aim is to break it.

According to Bruce Schneier, "One of our fundamental design principles is that sooner or later, every system will be successfully attacked, probably in a completely unexpected way and with unexpected consequences. It is important to be able to detect such an attack and then to contain the attack to ensure it does minimal damage."

Don't let cryptography give you a false sense of security. If you're conscientious about all aspects of security, you'll probably be fine, but I emphasize the word probably. Protect your information as you would protect valuable jewels. If you have highly sensitive information, put it on a system that isn't connected to the network and can only be physically accessed with proper authority or with the skill required by the characters in Mission Impossible.

It is especially not advised to trust your life to your cryptosystem, as Mary Queen of Scots so tragically learned. Her cipher gave her such a false sense of security that she uttered indiscreet information, thinking that she would be protected by the code. Instead, her cipher was broken and used to implicate her in an act of treason, punishable by hanging. Don't get hanged by a false sense of security.