Tuesday, July 16, 2013

Fact or Fiction: Encryption Prevents Digital Eavesdropping: Scientific American

Fact or Fiction: Encryption Prevents Digital Eavesdropping

This is a great article and starts out with a premise that if you are in the business says it all.

"There are effective ways to encrypt data, whether it is in transit or in storage, but if that data is left in the clear at any point along its path, it is vulnerable to theft or tampering" 

There are also some other problems with encryption, one is that somehow the decryption pass word must be known by the person receiving the encrypted file.  There are passwords that use a  mathematics capability to allow the receiver to get the key to the password in the clear, per say.  So in this case you can attack the encryption, or you can attack the encryption key, sort of a two chance play.

As the premise starts with if the file sits anywhere in a decrypted form, which it must a some point so you can write the message or the other person can read the message.  So if you follow some intelligence agencies game plan, you look for very well encrypted data streams coming by in the big internet pipe of the world.  Once you see one that looks very hard to decrypt, you find out where it started, and you find out where it stopped.  Now you have even more ways to get at the data.  Give the encrypted data to the decryption guys, if they send a coded password give that to another team to beat.  While at the same time send in teams to break into the original computer where the message was written, and another team to the point where it was read.  Now the race is on who will break the message first.

So once the message is in the targets building or control, they often they send clear copies to people in the building,  Back where the message was developed, there often are people that have helped developed the message and have it or even parts of it in clear form. 

Ok, now the teams attacking have even more computers they can attempt to break into, or even if they get only a part of the message, they can give that to the decryption teams, which will allow them to break the code even faster. 

Now lets look at another attack, most encryption programs are fairly well known, and have formatting that tend to let the decryption attack teams know which one is being used.   Now part of a good encryption program is that you only get three attempts at the password and then the program shuts down.  That would make attacks on the passwords very slow, so most attack teams have either altered the encryption programs to by pass the three attempts and you are out part of the program, or buy an already altered program from the same vendor you used.  Now, you use a very very fast computer to do nothing but run passwords at the file till they gain access to the message.  So if you use a 4 digit or letter or symbol password, it will take x amount of time to run virtually any combination of symbols at the password, if you use 6 it take x plus a little more time to break the password.

Now you see why we used to use all letter passwords, which meant the password breakers only had to run letters against the password.  Then you had to run letters and numbers, which upped the amount of possible passwords taking longer to break them.  Add capital letters and symbols and you add even more possible passwords to the ones the attacker must try.   The amount of time to beat these is still pretty quick, since we have some pretty fast computers. 

Ok, but at the same time we have attackers hitting the places the message started and landed.  We have folks that have put malware out there that inserted code that will allow them into your computer, we have other folks that installed bogus computer chips out there in routers and other points that will allow them into your computer.  So part of our team is looking to see if any of those little trapdoors into your computer exist.  Experts say that is a very large number of computer or networks that have these trapdoors into your computer, and these are just sitting there waiting for the time they need to get into your computer. 

The Chinese went to IPV6 long before the rest of the world and made a lot of routers that could handle both the normal IPv4 to the IPv6 and go both ways thru the router or other device.  There are a number of paths or attacks that just exploit the difference in security protocols between the IPv4 and IPv6 standards. 

To just make sure that they have some access the Chinese also made a lot of counterfeit routers from some of the worlds main vendors.  In one case they used a Chinese mole or spy to take in the routers on the west coast, and his brother on the east coast.  When, say the US Air Force needed to by routers, they put it out for bid, and the west coast brother would put in a low bid, and order them from his source his brother who was in the US, and so it was a US vendor selling to a US vendor, and passed all the security checks.  If the brother on the east coast saw a bid come up, he would low price the bid and get them from his brother on the west coast, once again bypassing all the security checks again.  The only way they where found was by very sophisticated checking of the chips.  Since the Chinese were not always sure which router would end up in a good place for spying, they just made all of them with the bypass in them.

If you take it the next step, you low price the computer chips that go into routers made in the US, so they are built using Chinese chips with the same security problem in them.

In a little while you have a lot of compromised routers and other network equipment out there.   In fact more that you can really do much about.

Let's back up to software, and do the same thing.  Let's put a little bit of code in a lot of software that is cheap out there that allows us access to the persons network.  We are not sure what we may need to infect, so lets hit as many as we can, and they can just sit there till we need to use them.

This is all very problematic, but if you take it to the next step, which many have said has been done years ago, you compromise some of the leading software makers, or their employee's who write the code, and now you are into most of the systems out there with your own little trap doors, just waiting to be used.

So back to the title, Encryption Prevents Digital Eavesdropping,,,, Fact or Fiction.

No comments:

Post a Comment