LISTSERV - HP3000-L Archives

HP3000-L Archives

June 2002, Week 1

HP3000-L@RAVEN.UTC.EDU

	LISTSERV Archives
	HP3000-L Home
	HP3000-L June 2002, Week 1

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives
Options:	Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]
Subject:	Re: Security Note (was: Enigma and Midway)
From:	Bruce Toback <[log in to unmask]>
Reply To:	Bruce Toback <[log in to unmask]>
Date:	Thu, 6 Jun 2002 11:24:09 -0700
Content-Type:	text/plain
Parts/Attachments:	text/plain (154 lines)
Bill Brandt wrote:

>One more thing on codes and secrecy - did anyone catch the NOVA (PBS program
>in the US)  - the episode that dealt with our atomic spies and Los Alamos?
>Two things stuck with me - the FBI knew that there were another 2-3 spies
>for Stalin that were never caught because a mole in Washington tipped the
>Russians that we had broken their code.
>
>They went into detail how the Russian code worked - simple and ingenious and
>nearly unbreakable even today (with the right key)

The Russian code IS unbreakable even today: it was a one-time pad. The
attack wasn't against the cypher, which was unbreakable. It was against
the method by which it was used. The Enigma solutions, too, were greatly
aided by flaws in the method of use. I'll provide more detail below, but
for now, the take-home lesson is: don't rely on strong cryptography
without looking at the rest of your system.

The most likely security breach of this sort is caused by excessive
reliance on VPN security. If you have employees who connect from their
homes to yours system over a VPN, that prevents eavesdroppers from seeing
the content of those communications in transit. But suppose that the
employee is running a Windows machine connected to a cable modem. That
computer is likely to be compromised very quickly unless you as the
system admin have enforced a policy of requiring personal firewalls and
prompt security updates on home machines.

Once the employee's machine has been penetrated, the attacker can easily
learn the employee's passwords. But worse, the attacker can then get to
your systems via your VPN. In effect, your very secure and
well-maintained firewall isn't there at all. The attacker chose to attack
the method of use, not the encryption.

Even requiring VPN users to have firewalls on their cable modems won't
necessarily do the job. Not only are there attacks against protocols that
firewalls typically permit by default (for example, HTTP), but most users
don't know how to secure their firewalls and leave the default passwords
in place.

Similar issues can exist with public-key cryptosystems such as those used
in Secure Shell (ssh). The private key is only as secure as the the
system that holds it. Therefore, any machine relying on that private key
for authentication is also only as secure as the system holding it.

One potential security hole that hasn't received as much attention as it
should have concerns wireless (802.11) access. The so-called
"wired-equivalent privacy" (WEP) that is used by older systems is easily
broken in a few minutes by someone who can eavesdrop on the signal. That
person can be sitting in a parking lot attracting absolutely no
attention, collecting data with a laptop. Some companies have started
insisting that 802.11 networking be used only with additional security on
top of WEP, for example, a VPN. This is usually done by placing wireless
access points outside of the firewall. This is important, because once
the intruder has discovered the key being used in the wireless system,
that person is effectively on your network, and if the access point is
behind the firewall, so is the intruder.

While this last attack uses a weakness in the cryptography, it's also an
attack against the system. Even WEP will keep an unsophisticated intruder
out, but how many system administrators turn on encryption? And what
about "pseudo-admins" -- people in departments who've attached access
points to the network without thinking about the security consequences?

The attack against the Russian cypher was simple, if tedious: the
Russians didn't use one one-time pad per agent, but one per network. This
meant that some of the messages shared a key, something that is
impossible with a properly-used one-time pad system. Moreover, some
sheets in the one-time pad were sometimes re-used by the same agent.
Regularities in the cyphertexts of the various messages then provided the
hook for decryption.

Similarly, Enigma -- when properly used -- was very secure. Unassisted by
problems in usage, it took many weeks for the British to find an Enigma
key. However, there were many flaws in the way Enigma was used, some of
which are instructive.

Since having the plaintext for a given cyphertext message greatly assists
the crypanalyst in finding the key, one primary objective of a good
cryptosystem is to keep this from ever happening. The German manuals
issued to the Army instructed the cypher clerk to add a random word or
two of padding -- the manual suggested words like "water pail" and
"clothes closet" -- to the end of each message, because the start and end
of a message is often stylized and easy to guess. Many cypher clerks
obeyed this with Teutonic precision, dutifully appending either "water
pail" or "clothes closet". Of course, we're all brighter than that,
right? But one of my earliest system penetrations was of a global, public
timesharing system where the tech writer who wrote the user admin manual
had just left the test accounts s/he'd created while testing the
examples.

Another characteristic of the Enigma system was that for a long time,
German Army and Air Force cryptosystem manuals instructed the clerk to
make up a random three-letter initial key. This allowed the British to
try a bunch of keys, all of which consisted of three letters chosen in a
row or on a diagonal from the typewriter keyboard. This should sound
familiar.

But the BIG overall mistake made by the German cryptographic
establishment was the conviction that Enigma was secure, both because of
its high theoretical security and  because they couldn't break it
themselves. Even after military setbacks that could be explained in
almost no other way than codebreaking, the establishment, after genuinely
careful analysis, said "must be spies or bad luck."

David Kahn has written several books about cryptography. There's the one
that Bill mentions, _Seizing the Enigma_, which, though very good, spends
less time on the actual cryptanalysis than I'd have liked (but I'm odd
that way). The book does a nice analysis of system weaknesses, however,
and so is useful for system administrators. He also wrote a very
comprehensive book about cryptology in general, called _The
Codebreakers_. Although the technical information is somewhat dated, the
principles are as valid as ever, and it should do a good job of
disabusing the crypto tyro (among whose number I count myself) that it's
easy to construct an unbreakable cryptosystem. The _Enigma_ book is out
of print, but _Codebreakers_ was recently revised and the second edition
is available at Amazon
(<http://www.amazon.com/exec/obidos/ASIN/0684831309/opt>).

Another cryptology book of computer interest is _Alan Turing: The
Enigma_, by Andrew Hodges. This is a biography of Alan Turing, whom many
think of as the founder of computer science. But Hodges also has
extensive technical detail of Turing's theoretical and practical work,
both on the Enigma and on stored-program computers. It's amazing how much
of what we think of as "intuitively obvious" got to 2002 by a long and
winding path: Hodges' discussion of Turing's journey to the invention of
the subroutine is especially interesting in that regard. The book is
available from Amazon (also in a recently-revised edition) at
<http://www.amazon.com/exec/obidos/ASIN/0684831309/opt>.

Finally, Bruce Schneier's _Applied Cryptography_ is a must-read for
anyone who needs to set up secure data transport -- which these days, is
almost any system administrator. Even if you're not doing the
implementation yourself, Schneier's book gives you a good idea of what
questions to ask your vendor. It's available from Amazon
(<http://www.amazon.com/exec/obidos/ASIN/0471117099/opt>), but is very
popular and is probably available in any bookstore with a decent-sized
computer book selection.

-- Bruce


--------------------------------------------------------------------------
Bruce Toback    Tel: (602) 996-8601| My candle burns at both ends;
OPT, Inc.            (800) 858-4507| It will not last the night;
11801 N. Tatum Blvd. Ste. 142      | But ah, my foes, and oh, my friends -
Phoenix AZ 85028                   | It gives a lovely light.
btoback AT optc.com                |     -- Edna St. Vincent Millay
Mail sent to [log in to unmask] will be inspected for a
fee of US$250. Mailing to said address constitutes agreement to
pay, including collection costs.

* To join/leave the list, search archives, change list settings, *
* etc., please visit http://raven.utc.edu/archives/hp3000-l.html *
ATOM RSS1 RSS2
RAVEN.UTC.EDU