The Nature of Cryptography and Security

The major focus of this book is on the theory and practice of .NET cryptography and security. But when you are in the thick of it, it is easy to lose sight of the following two fundamental questions regarding the basic nature of cryptography and security:

• Why are cryptography and security important?

• What can and cannot be done with cryptography and security?

The first question considers why we would want to use it, and the second question considers what we actually accomplish by using it. Let's take a moment now, before we get into all of the technical details in the upcoming chapters, to consider these two fundamental questions in some detail. Then, as you read through the remainder of this book, you might want to keep these two questions in the back of your mind.

Why Cryptography and Security Are Important

Why are cryptography and security important? We have all heard of many examples in business, warfare , and maybe sometimes even personal life where a bit more secrecy could have helped avoid costly problems. In many other cases, severe embarrassment and humiliation could have been avoided with the application of just a bit more discretion. Of course, encryption can help you be much more secure and discrete, ^[4] at least when the information is in digital form.

^[4] It is obviously illegal in most countries to conceal or destroy evidence that is relevant to a crime or requested by court order, so caution should be exercised where appropriate. Discretion is one thing, but obstruction of justice is another.

There are four main aspects of security that typically present themselves : secrecy, authentication, integrity, and nonrepudiation . Obviously, secrecy can be very important in many contexts. Of course, secrecy is important whenever sensitive information must be protected from being known by your adversaries. You can also imagine how important it can sometimes be to know exactly whom you are communicating with, which is a problem known as authentication. It can be equally important at times to know that the communicated information you send or receive cannot be somehow manipulated or corrupted during transit or after receipt, which is a problem known as integrity. You may also be concerned with the possibility of someone reneging on an agreement that you have already made with him or her, which is the dastardly act known as repudiation . Security protocols may be devised using digital signatures and digital certificates, as well as symmetric algorithms, cryptographic hashes, and Message Authentication Codes (MACs) that can be used to avoid all of these problems of secrecy, authenticity, integrity, and nonrepudiation.

WHY WORRY IF YOU HAVE NOTHING TO HIDE?

Why should you worry about privacy if you have nothing to hide? This rhetorical question is sometimes posed by people who naively assume that privacy is of interest only to criminals, subversives, and deviants with dirty little secrets to hide. The fallacious argument is that fine upstanding folks should not need much privacy and that aggressively pursuing privacy is evidence of criminality or depravity. It is important to recognize that strong privacy really is a legitimate concern of all good law- abiding citizens . This is especially true if the authorities that you must deal with are less than perfect.

To shed some light on this question, consider how you would react if you were not permitted any privacy. For example, how would you feel if your government passed legislation that nobody is permitted to enclose postal letters in envelopes and that all medical and banking records must be made publicly open in a national database? How would you feel if you were not permitted to protect your personal information from being hijacked by criminals for fraudulent purposes? How would you like it if all Internet email messages and all Web page access histories were archived in a publicly searchable database hosted by www.google.com? Surely, the vast majority of honest and ethical people must agree that privacy is honorable and legitimate, and privacy should be recognized as a fundamental and inalienable human right.

CATEGORIES OF SECURITY ISSUES

There are many examples of specific cases that could be listed, but to avoid going overboard with naming names , let's look instead at some of the broad categories of security issues that have proved to be the downfall of many hapless unfortunates in the past. For each of these, you might be able to think of specific examples that you have heard about in the news or maybe even know about personally .

• Leaks of intellectual property, merger and acquisition plans, and contracts

• Malicious code, such as evil email scripts, logic time bombs , viruses, and trojans

• Unauthorized access programming techniques, such as buffer overrun attacks

• Bogus messages from masqueraders ^[5]

  ^[5] Bogus messages can take on several forms. One example is the man-in-the-middle attack (also known as TCP hijacking) in which an attacker pulls packets from the network and modifies them in some nefarious way, such as changing an account number or a dollar amount, and then reinserts them back onto the network. Another example is IP spoofing: The attacker forges a bogus source IP address in each packet to impersonate someone else and then sends the spoofed packets over the network. In its crudest and simplest form, a human readable message, such as a fraudulent email, may be sent to swindle an unsuspecting victim in some way.

• Contractual agreement repudiation

• Bugs that corrupt code or data

When properly planned and applied, .NET cryptography and security features go a long way to help avoid all of these issues.

What Cryptography and Security Can and Cannot Do

Now for the second question: What can and cannot be done with cryptography and security? Although cryptography and security are very important tools, they are not a panacea for all security problems. Knowing what is possible and what is beyond the reach of cryptography and security is important to being able to apply solutions to real-world problems. Let's first look at what cryptography and security can do.

WHAT CRYPTOGRAPHY AND SECURITY CAN DO

Cryptography and security technology can help deal only with risks that relate to software design, not with issues that relate to human character. Just as human error appears to be the most frequent point of failure in traditional tragedies, such as automobile and aircraft accidents, it is the programmer or end user who tends to be the frequent source of security failure in the computing world. Some of the protections that the .NET platform and .NET Security Framework classes can provide include

• Privacy of information

• Authentication of users

• Integrity of information

• Nonrepudiation of agreement

• Access control of resources

• Availability of service

Information privacy can be used to limit access to authorized users by means of encryption. User authentication can be used to ensure that users are who they claim to be by means of password hash comparison or digital signature verification. Information integrity can be used to ensure that only authorized users can create or modify information based on digital signature verification. Nonrepudiation can be used to ensure that the author of a message cannot, after the fact, deny the existence of the message or abrogate an agreement defined in the message that he or she has digitally signed. Access control can be used to ensure that access to information resources are limited in specified ways to authorized users only. Availability of service relates to how available a given server application is when needed. Availability is closely related to issues of reliability (i.e., uptime). It is also related to quota management, which is used to foil denial-of-service (DOS) attacks. Although quota management, which is usually programmatically built into server applications, is not directly supported by any specific .NET feature at the current time, the enhanced reliability made possible by the .NET runtime does help a great deal in improving availability of service.

WHAT CRYPTOGRAPHY AND SECURITY CANNOT DO

Commonly used cryptographic algorithms have been thoroughly analyzed and have stood up rather well in a mathematical sense for their intended purposes over the years . However, real cryptography is done in the real world, not just in a mathematician 's head. In the real world, we have a very lovable weak link, affectionately referred to as the user, ^[6] who is, after all, just a human being. All the cryptography and security that mathematicians, programmers, and administrators can muster cannot protect against the user's human frailties. It is a fact that many security programmers and administrators ”who are themselves only human ”make the mistake of focusing far too much on the security of this algorithm or that protocol, but the most frequent point of failure results from the imperfections of ordinary folks much like you and me. For example, you can use the strongest cipher ever designed in your application, but if the user writes his or her password on a sticky note attached to the side of a display screen, the battle is lost. Here are some of the types of risk that pertain to human imperfections rather than to the strength of any algorithm design or cryptographic theory.

^[6] Some rather unkind programmers have a cruel habit of pronouncing the word user with an additional leading l . We do not condone this arrogant practice, since, after all, if it were not for the user, we programmers would not be paid for our efforts.

• Lack of training, diligence, and discipline

• Carelessness, such as exposing keys, poor choice of password, or not encrypting data,

• Inexperience, gullibility, and misplaced trust

• Social engineering attacks and con-artistry

• Bribery, intimidation , and blackmail

• Poor software design and coding bugs

Cryptography and security are like seatbelts. What is the use of having fancy protection if it is not used properly and consistently? Obviously, unencrypted data is not kept secret, and unsigned data can be easily tampered with and repudiated. And what is the point of using a password-protected application if the password is easy to guess? Effective security requires vigilance and discipline. Another concern is misplaced trust. For example, firewalls may not be able to protect against a trusted but disgruntled employee. Proper security policies and procedures as well as effective user training and management are very important for keeping confidential information private.

Social engineering attacks apply psychological or emotional tricks and lies on trusted users to gain access to secure systems. In general, you should be extremely skeptical of anyone who says, "You can trust me," since the people you can really trust rarely need to tell you so. One aspect of this type of attack that makes it hard to address after the fact is that victims of con-artistry have a hard time admitting that the compromise happened . Denial is attractive ”after all, who wants to admit that he or she has been foolish or gullible? So, never let your guard down, and if you do, then don't let your pride get in the way of dealing with the result effectively.

Bribery, intimidation, blackmail, and (heaven forbid ) torture is like a social engineering attack on steroids, but on an entirely more evil and illegal level. You may think that this sort of thing doesn't happen except in movies; unfortunately , it also happens in reality if the stakes are high and the participants are vicious. When you think about the economics of cipher cracking, you can see why. Let's say that it would cost $50,000 over three months of CPU time on a multimillion-dollar supercomputer to crack a key for a given cipher. And let's say that it costs only $2,000 to contract a gangster to apply his own persuasive methods to get the same result in a couple of hours. Now, assuming that you have no moral compunctions whatsoever (and such people do exist), which option would you take? Of course, you should stay within the law, watch the company that you keep, and avoid accepting or giving bribes. But as for the more violent possibilities, probably no advice can help you once you are there. Fortunately, torture seems to be exceedingly rare in most democracies, but it is unfortunately a serious human rights problem in many countries around the world. ^[7]

^[7] For more details on this gruesome problem, you might want to visit http://www.amnesty.org/.

Of course, we cannot blame everything on the user. There are a few security issues that cryptography and security cannot deal with that are also completely beyond the control of the user. These are physical security and side-channel leakage risks. Physical security pertains to things like how heavy the door is, how big the lock is, how thick the walls are, and the caliber of rifle used. Side-channel leakage relates to any form of information that is unintentionally leaked from the computing premises, which can then be detected and interpreted in exceedingly clever ways.

Physical attacks, such as break-ins, theft, and vandalism, cannot be prevented by any cryptographic algorithm, and it is obviously asking too much of a typical user to mount any defense. Obviously, physical problems need physical solutions. You may not have the same security needs as the NORAD Air Defense Center in the Cheyenne Mountain Complex. But virtually everyone has at least some physical security requirements. Do you care if all your email is read by your babysitter ? If nothing else, would you at least be interested in protecting the replacement value of your PC? Probably everyone should have at least password protection and a lockable door between the PC and the outside world.

When contemplating protection against physical attacks, keep in mind that theft and vandalism do not come only from perpetrators on the outside. Internal security can be just as important as external security. You should protect your computing facilities according to the value of the resource and the potential threats that you perceive.

Side-channel leakage is a problem where physical side effects of computing may leak sensitive information. Side-channel leakage can come in many surprising forms. For example, what happens to sensitive plaintext data that is left in a swap file or made available as a result of a system crash memory dump? If you are not careful, it is there for the taking. Side-channel leakage can also result from the radio frequency information that computers naturally emanate, which is the focus of Tempest ^[8] technologies. When you consider the millions of digital switches that are turning on and off within a computer every few microseconds, it is astonishing that anyone can gather any intelligible information in this way. However, it has been demonstrated that data displayed on one computer screen can be replicated on another specialized device based entirely on the emitted electromagnetic radiation. In one widely published case of side-channel leakage, infrared signal crosstalk accidentally shared information between two competing companies via cordless keyboards and PCs in adjacent buildings .

^[8] Tempest, which stands for Transient Electromagnetic Pulse Emanation Standard, refers to a set of classified technologies developed by the U.S. military for analyzing emitted electromagnetic radiation (EMR) produced by analog and digital equipment.

Side-channel leakage also has been shown to occur whenever a computing device encrypts data. Specifically, the execution timings of the cryptographic operations can leak information in some cases. Additionally, power consumption measurements can reveal subtle details about the operations that a computing device performs , right down to the precise sequence of microprocessor instructions being executed! By analyzing these timing and power consumption measurements, an adversary may be able to obtain some critical information about the plaintext being encrypted. Each of these detective techniques is a spectacular example of how incredibly clever and resourceful researchers in this industry can be.

Yet another variety of side-channel leakage occurs in usage and message traffic patterns. Even if you are careful to hide the contents of your sensitive messages, the fact that you are communicating in the first place coupled with the identity of the persons with whom you are communicating may be enough to get you into trouble. Although this is less of a concern in most democratic countries, it can occasionally be relevant even to law-abiding citizens in respectable jurisdictions. If someone wants badly enough to know what you are doing and has substantial resources at her disposal, then you may have a very hard time preventing her from getting that information. In fact, attempting too strenuously to prevent it may itself work against you! ^[9] If you are concerned about side-channel leakage, you should take the necessary steps to block the leaks. A wire mesh cage can be used to shield emanating radio frequency energy, power line filtering can help hide variations in power consumption, and so on. ^[10] But then your attempts at shielding will probably be detectable. Internet traffic patterns can to some extent be hidden behind services such as anonymous remailers, but such services cannot guarantee absolute anonymity.

^[9] Do you remember hearing about the McCarthy era in your high school history class?

^[10] These precautions require the skills of a professional electrical engineer with appropriate experience to be done properly.

We have considered several categories of risk and remedy with the implied assumption that nothing illegal was being committed. however, if crimes have been committed, then the following possibilities may arise. Naturally, there is nothing that cryptography or security can do to help you if you come to this point.

• Testimonial evidence from witnesses or spies

• Behavioral evidence, such as suspicious travel and extravagant lifestyle

• Physical evidence, such as fingerprints , photographs, financial records, and paper trails

• Government investigation ^[11]

  ^[11] We are the Borg. Resistance is futile. Many governments have computer surveillance tools at their disposal for collecting evidence on criminal and subversive activity. According to numerous reports , the FBI's Carnivore project enables the recording of targeted email messages via a cooperating ISP, and the Magic Lantern project enables inserting a virus onto a suspect's computer to obtain encryption keys used to hide criminal evidence.