Why Cryptosystems Fail Ross Anderson Presented by Su Zhang 1
Main Idea Wrong assumption causes bad consequences What is the true case? – Most losses are caused by implementation errors and management failures. 2
Differences Between Cyber And Real Security Real life security: – Has strong organized learning mechanism. Governmental cryptosystem: – No such good schema because some secrecy involved. 3
How ATM Fraud Takes - Bad Insiders (dismissed employees with evil minds) – Two incidents (stealing cards and PINs ) per business day. 4
How ATM Fraud Takes - Black-hearted Outsiders Peeper Jackpotting (Intercepting pay response from ATM) ATM bug --- Believe the card inserted is the same as the previous card. 5
How ATM Fraud Takes – Exploit ATM “Vulnerabilities” Naïve offline ATMs procedure – e.g. first + third = second +fourth – Issuing only three different PINs to all users. Stupid squared cardboard – Dramatically reduced the decryption complexity (from 1/3000 to 1/8). 6
Stored Encrypted PIN in a Database Programmer can get another card’s PIN by searching his encrypted PIN in the Database. Wrote encrypted PIN into magnetic strip – Bad guys can only change their card number into the target number. – Mitigation: Encrypt the combination of account number and its PIN. 7
How ATM Encryption Works 8
Problems With Encryption Products PIN keys can be found easily. Soft/Hardware compatibility issue. Not all security products are good. Hard to get qualified maintainers. 9
Cryptanalysis Threats Need to be Considered Home-grown encryption algorithms. Weak parameters. – e.g. RSA keys are too “short” to be secure. Weak algorithms – DES. Hardware custodians could misuse it for private gain. 10
Risks From Bankers Two key components holder may conspire to steal money. Need more effort on quality control. Lack of audit processes. 11
Equipment Vendors’ Issues Specialized security expertise need to be spread. – User need to understand how to use the high level product. – Vendor should keep their eyes on all of the time. Attacks may be launched after several years “hibernate”. – Sloppy quality control. Products are not carefully examined. 12
What Required to Mitigate These Issues? Classify different levels of users – e.g. beginner, professional, expert, etc. Design an integrated application. Provide training service to client personnel. Provide their own experts for maintaining. 13
Why Provider Misjudged Users’ Ability? The networking during early days is limited. – Internal, external even abroad disputed transitions need to be considered. Human factors. – e.g. Audit department personnel dislike security group because they will “bring” them more work. – Security teams didn’t last too long. – Managers don’t like to be specialized in security for fear that will affect their career track. 14
Confirmation -Military Department is Suffering the Same Problems Most security failures are at implementation level. They are not cleverer but they are more concerned on security issues. The threat profiles developed by the NSA for its own use are classified. They put more effort on quality control. But still need more investment. 15
One Possible New Paradigm (Inspired by Safety Critical System) List all possible failure modes. Make clear preventing strategies. Explain in detail how these strategies are implemented. Make sure equipments are operated by right people. Auto process system. 16
Conclusion Why security failed? – Implementation errors. – Management errors. – System and human factors. Consequence: Security paradigms have mixed some software engineering ideas. 17