To: Cypherpunks: The following is unofficially extracted from the Infosecurity News, May/June 1994. * Please forward this on to EFF and CPSR, * * but please strip out all info remaining to me * (I don't want to lose my subscription. Know thy enemy and all that.) Avoid Encryption Anarchy =======================Tim: like the title? -NS BY DONN B. PARKER Encryption is a powerful tool for protecting data stored in workstations, LANs and mainframe systems and in transit between systems. In fact, it is so powerful that its misuse may cause great damage to tomorrow's informa- tion owners and users. Unfortunately, this "en- cryption anarchy" may come very soon if work- station and network encrYPtion is allowed to proliferate unchecked in its present form. What is encryption anarchy and how might it happen in your organization? Here are some examples: Hidden by voice encryp- tion, an employee could leak valuable information over phone lines, without worry- ing about wire taps or call monitoring/recording. Also, Privacy-Enhanced Mail is increasing on the Internet. But its encryption-based cer- tificates protect individual end-users by shielding their activities from managers. En- cryption technologies such as these could reduce or elimi- nate management control over voice and data communi- cations with the outside world. Large amounts of worksta- tion, LAN and mainframe in- formation may be lost if it is encrypted incorrectly, if de- cryption fails or if encryption keys are lost. As a result, many users may adopt less- secure practices. These in- clude backing up copies of files in cleartext or storing encryption keys where they can be compromised. Both practices can result in more exposure of information to unauthorized parties. Corporate deception also could become easier. If false information is given to audi- tors, for example, the true data could be hidden behind an encryption barricade. In one company, an ex-execu- tive's alleged theft of trade se- crets only after the company reviewed his e-mail. The executive's actions might never have been known if he had encrypted his e-mail and kept the key. An employee could leave a company and take copies of valuable data. If no one else knows the encryption keys, the remaining en- crypted data will be lost. As international companies turn to en- cryption to protect communications with trading partners, sup- pliers, contractors and customers in different countries, it will be- come increasingly diffi- cult to manage and control the many dif- ferent algorithms and keys that will be used in the organizations' workstations, LANs and mainframe sys- tems. Countries'differ- ing import/export controls, encryption laws and restrictions on data exchange will cre- ate both operational and man agement headaches. Without centralized, en- forced encryption standards, workstations, LANs and wide- area networks will include varying products,technolo- gies and key-management ap- proaches. Today's transitory data will be encrypted in dif- ferent ways, as will critical databack-ups and archives. Years from now, however, these files could become unavailable if encryption algorithms and key changes are not carefully tracked and controlled. A matter of control. These examples reveal that encryption anarchy may occur when the people who control and use information are not accountable for it or have no jurisdiction over it, or when people who rightfully own in- formation lose control over it. Encryption anarchy may also occur through the indiscrimi- nate use of encryption without standardized key manage- ment or managerial oversight. But even the proper use of encryption could, in the future, create unan- ticipated technical problems in network settings. For example, LAN maintenance and diagnosis often requires that information be checked for authentici- ty and integrity. This is done by comparing in- formation sent with in- formation received. If ny a this is done in real time on an encrypted net- work, special testing systems and additional network encryption/de- cryption operations may be required. Similarly, LAN managers may have to install special back-up and recovery products tabdlty as LANs become in- creasingly encrypted. These could add unexpected operat- ing costs, and the additional key management may intro- duce new security exposures. How can infosecurity man- agers avoid encryption anar- chy in the coming years? First, make sure that information (whether encrypted or not) re- mains accessible to all man- agers, boards of directors, reg llators and auditors who are held accountable for it or have jurisdiction over it. No one person should possess ex- clusive encrypted access to an information asset. Encryption also should be managed using a hierarchy of override decryption keys cor- responding to information ownership and accountability in the organization. This over- ride hierarchy should extend beyond the organization-- under careful control--to any government or regulatory body overseeing the enter- prise The U.S. government's Clipper escrowed-key propos- al, although a step in that di- rection, does not go far enough in providing these hi- erarchical override capabili- ties. Encryption keys must be escrowed in business organiza- tions as well. Infosecurity managers also could avoid encryption anar- chy by enforcing related poli- cies and standards, choosing technologies with assured Iongevity and training users to handle encryption properly. When not to encrypt. In some cases, encryption may even be inadvisable. Much business information may be adequately protected with commercially available data- compression utilities, and not full-fledged encryption. Other information may be accessed so often that encryption or compression is imprac- tical due to its cost, in- convenience and processing time. If in- formation is ubiquitous, it makes no sense to protect it in one place and not in another. There also may be valid business reasons to not encrypt. A newspa- per, for example, may deliberately exchange cleartext messages with correspondents in a for- eign country, to avoid any impression that these individuals are spying or otherwise working against the country. Even if encryption is im- plemented and managed properly, infosecurity man- agers should assume that their adversaries--industrial spies, thieves, burglars and even kid- nappers and murderers-- will try to obtain information through the easiest possible route. If they encounter en- cryption, an easier route may be through inside informants, human engineering or dump- ster diving. In fact, interviews with more than 200 computer criminals reveal that the most vulnerable form of information is spoken, followed by printed/ dlsplayed, removable media, and finally information that is communicated elec- tronically or stored in computers. In the coming years, do not overlook the many such ways in which information can be compromised. Donn B. Parker is senior consultant for SRI inter- national, Menlo Park, Calif. He can be reached at Internet ad- dress dparker@sri.com. Also by the author: Which crypto to use? Most encryption products using the Data Encryption Standard (DES) will be acceptable for at least thc next five years. After that time, DES will be discontinued as a U.S. federal standard and will no longer have the same strong due-care status it enjoys today. This is because increasing computing speeds will make the algorithm too weak for some applications. Many claim that DES and Rivest- Shamir-Adleman (RSA) algorithms will remain acceptable indefinitely. New encryption products and technologies, however, probably will encour- age a migration to new algorithms beyond the next five years. For example, in spite of recent protests, Clipper/Skipjack, Digital Signature Algorithm and their hardware implementations will see greater acceptance, but only in the U.S. govern- ment and among government Contractors. Other methods, such as DES triple encryption, will provide alternatives in commercial settings. However, international acceptance of Clipper/Skipjack may take longer, due to various countries' import export restrictions and U.S. control of the technology's algorithm and es- crowed keys. The underlying purpose of this control is not just to facilitate court-approved wire taps, but also to discourage criminals and foreign entities from using Clipper/Skipjack technology. This control mechanism would force them to use other, less powerful, algorithms and key management. Over time, the effectiveness, change frequency and management of encryption keys probably will prove more important than the specific algorithms chosen. New encryption products that automate these activities and make them transparent to users may help strengthen encryption management, even though fhey may introduce more opportunities for technical compromise. Infosecurity managers would be wise to delay the use of any of these new encryption technologies. This would allow time for products to fully develop and early adopters to report their experiences. Donn B. Parker. dparker@sri.com