Why Cryptosystems Fail
Ross Anderson
Presented by
Su Zhang
1
Main Idea
• Wrong assumption causes bad consequences
• What is the true case?
– Most losses are caused by implementation errors
and management failures.
2
Differences Between Cyber And Real Security
• Real life security:
– Has strong organized learning mechanism.
• Governmental cryptosystem:
– No such good schema because some secrecy
involved.
3
How ATM Fraud Takes - Bad Insiders
• (dismissed employees with evil minds)
– Two incidents (stealing cards and PINs ) per
business day.
4
How ATM Fraud Takes - Black-hearted Outsiders
• Peeper
• Jackpotting (Intercepting pay response from
ATM)
• ATM bug --- Believe the card inserted is the
same as the previous card.
5
How ATM Fraud Takes – Exploit ATM
“Vulnerabilities”
• Naïve offline ATMs procedure
– e.g. first + third = second +fourth
– Issuing only three different PINs to all users.
• Stupid squared cardboard
– Dramatically reduced the decryption complexity
(from 1/3000 to 1/8).
6
Stored Encrypted PIN in a Database
• Programmer can get another card’s PIN by
searching his encrypted PIN in the Database.
• Wrote encrypted PIN into magnetic strip
– Bad guys can only change their card number into
the target number.
– Mitigation: Encrypt the combination of account
number and its PIN.
7
How ATM Encryption Works
8
Problems With Encryption Products
• PIN keys can be found easily.
• Soft/Hardware compatibility issue.
• Not all security products are good.
• Hard to get qualified maintainers.
9
Cryptanalysis Threats Need to be Considered
• Home-grown encryption algorithms.
• Weak parameters.
– e.g. RSA keys are too “short” to be secure.
• Weak algorithms – DES.
• Hardware custodians could misuse it for
private gain.
10
Risks From Bankers
• Two key components holder may conspire to
steal money.
• Need more effort on quality control.
• Lack of audit processes.
11
Equipment Vendors’ Issues
• Specialized security expertise need to be
spread.
– User need to understand how to use the high level
product.
– Vendor should keep their eyes on all of the time.
• Attacks may be launched after several years
“hibernate”.
– Sloppy quality control.
• Products are not carefully examined.
12
What Required to Mitigate These Issues?
• Classify different levels of users
– e.g. beginner, professional, expert, etc.
• Design an integrated application.
• Provide training service to client personnel.
• Provide their own experts for maintaining.
13
Why Provider Misjudged Users’ Ability?
• The networking during early days is limited.
– Internal, external even abroad disputed transitions
need to be considered.
• Human factors.
– e.g. Audit department personnel dislike security
group because they will “bring” them more work.
– Security teams didn’t last too long.
– Managers don’t like to be specialized in security
for fear that will affect their career track.
14
Confirmation -Military Department is
Suffering the Same Problems
• Most security failures are at implementation level.
• They are not cleverer but they are more concerned
on security issues.
• The threat profiles developed by the NSA for its
own use are classified .
• They put more effort on quality control. But still
need more investment.
15
One Possible New Paradigm (Inspired
by Safety Critical System)
• List all possible failure modes.
• Make clear preventing strategies.
• Explain in detail how these strategies are implemented.
• Make sure equipments are operated by right people.
• Auto process system.
16
Conclusion
• Why security failed?
– Implementation errors.
– Management errors.
– System and human factors.
• Consequence: Security paradigms have mixed
some software engineering ideas.
17