Dutch Fiasco Demonstrates Futility Of Security Through Obscurity
from the no-secret-algorithms dept
Recent research on the security vulnerabilities of a new Dutch fare card system offers important lessons for computer security. The Dutch government spent $2 billion on the system, which has now been demonstrated to have fatal flaws. The researchers disassembled the smart cards used by the system and took high-resolution photographs of the circuitry. This allowed them to reverse-engineer the encryption algorithms being used by the system. As Felten points out, this wouldn’t have been a problem if the Dutch had used an open crypto algorithm that has been widely tested and found to be secure. But because the system relied on algorithmic secrecy for security, this could be catastrophic. The algorithm uses a relatively short 48-bit key. This means that once the algorithm is known, it becomes possible to perform a brute-force attack, simply trying all 281 trillion possible keys in parallel until the correct one is found. That requires a non-trivial amount of computing power, but it’s well within the capabilities of modern computer hardware. Indeed, this is precisely the approach taken by a Johns Hopkins research group three years ago when they cracked the encryption on the Exxon Mobil Speedpass, which used a 40-bit key. Brute forcing the 40-bit algorithm reportedly took the Hopkins team about 20 minutes, which suggests that — even ignoring improvements in hardware — it should be possible to brute force a 48-bit key in under a week. Since they’re just deploying the system now and are presumably planning to use it for a decade or more, 48 bits is woefully inadequate. They ought to have used a standard, widely-tested cryptographic algorithm with a significantly longer key size, in order to make brute force attacks impractical.
Comments on “Dutch Fiasco Demonstrates Futility Of Security Through Obscurity”
Yes, they should have. But that’s how governments the world over work. The real experts tend to want better pay than a government job, or more freedom than a government job allows.
People aren’t willing to treat government agencies like real businesses. They view it as something sacred. To me, sure the government shouldn’t be arbitrarily changed. But you’re talking about the AGENCIES and stuff that aren’t stipulated in the Constitution. Which is why you get redundant crap like “Homeland Security”.
But all well, I’ve become cynical enough to just give up on humanity at this point.
Re: Re:
“The real experts tend to want better pay than a government job, or more freedom than a government job allows.”
The thing is they have the money to pay permanent staff however in my experience they’d much rather piss that money away on overpaid contractors and consultants.
The reality is paying £900 per day for someone won’t guarantee they’re actually any good at their job and in many cases they may even be a graduate with little to ZERO experience. I know when I graduated and worked for a large IT consultancy on massive public sector projects my charge out rate was nearly £700 per day!
It'd be worse if...
…a country actually made this same, classic mistake while trying to implement a system to do something critically important, like, oh…hmmm…let me think…voting?
Why amateurs should not do crypto.
Your premise is not supported by the facts in the story. You claim that not using a known secure algorithm is folly, because the algorithm is discoverable, whereas a published, widely known, algorithm that doesn’t need to be reverse engineered is better. You go on to cite a successful BRUTE FORCE attack on a known algorithm as proof that a proprietary algorithm is less secure than a publicly vetted one. You base that claim on the fact that once an algorithm is known, a brute force attack is possible. You don’t seem to acknowledge that the open crypto algorithms you tout are ALREADY subject to such attacks, no reverse engineering required.
Maybe the point you were trying to make is simply that the Dutch used a key that was too small. Perhaps, you meant that they thought they could get away with a shorter key because they thought their algorithm was secret, but you didn’t make that point.
The rational argument against a proprietary crypto algorithm is that absent expert peer review of the details, it is likely that the algorithm can be broken without having to do a brute force attack.
Re: Why amateurs should not do crypto.
Sorry, I guess I wasn’t as clear as I could have been. My point was that relying on the secrecy of the algorithm is a bad idea, and that I suspect the government officials in this case assumed that the relatively short key wasn’t an issue because the secrecy of the algorithm gave them extra protection. It’s true that the ultimate problem is the longer key size, but I suspect that if they’d been more open when they were developing the algorithm, someone probably would have pointed out that a 48-bit key is too short.