MLMUG: Journal
[ home | newsletter | past | join | listserve | shareware | directory | links | md9 ]

iThink This About That
By Stan Horwitz

Princeton Encryption Hack

As has been mentioned on the MLMUG's mailing list, a team of Princeton researchers cracked a particular form of hardware-based data encryption.

This news raises several questions: What is encryption? Who should encrypt and why?

Encryption converts information into a format that only those who have permission can interpret. For example, if I wanted to post this article on the MLMUG web site, but allow only you to read it, I have two options. First, I could password protect it and give you the password; however, passwords that are sent across a network are not secure (i.e., they can easily be seen or intercepted by others) unless they are also encrypted. Second, I could encrypt this document in a form only you would know how to decrypt.

Encrypting information is a process that goes back many years, long before the advent of digital computers. The military encrypted information on paper during World War II. The information was all on paper or broadcast over the air at the time, without benefit of computers.

We all use computers to work with data, some of which may be highly confidential. For example, a psychologist might maintain a list of schizophrenic patients and their social security numbers. A physician might maintain a list of diabetic patients and their insurance information. A banker might maintain a list of customers' net worth and bank account information.

All of these types of data are highly sensitive and need to be kept away from prying eyes. Clearly, the unauthorized release of personal information could harm the individual whose privacy has been violated. Workplace discrimination and identity theft are two such possibilities. Further, releasing confidential information to unauthorized people is a violation of state and federal laws, including the recently enacted HIPPA regulations designed to protect the privacy of health information. An onslaught of civil litigation can result when confidential information is accidentally disclosed to inappropriate parties.

One way to mitigate the risk of accidental disclosure is to encrypt confidential information. Unfortunately, encryption carries with it two problems. First, in order to encrypt information, you need to set up what is referred to as an encryption key. This key is typically a phrase such as "Mares eat oats and does eat d0ugh" which you can remember, but which cannot be guessed by a human or derived through computer hacking. Only those people who are authorized to access the information are given the key to decrypt the data. These keys are typically stored somewhere, but the location depends on the type of encryption involved. Some encryption schemes require two keys, some only one. The big problem here is that if an encryption key is lost, then the data can never be decrypted.

The second problem is that encrypted data cannot be compressed. The reason encrypted data cannot be compressed is because it is in a format that data compression algorithms cannot take advantage of. This is not an issue for small amounts of data, but when you are responsible for terabytes or petabytes worth of data, as I am, then the ability to compress data is extremely important. Data compression is far more important than encryption in many situations because the ability to compress data saves organizations a huge amount of money on disk storage and greatly increases the ability to transfer large amounts of data over corporate networks.

I run a large user group of approximately 1,500 data protection specialists. The job of a data protection specialist is to mitigate our employer's risk of going out of business due to lost data. In other words, we are the backup guys. In that capacity, I keep in close touch with my counterparts at some of the world's largest corporations. None of the IT people I know are comfortable with the idea of encrypting corporate data because we do not have a cost-effective way to manage encryption keys. In a large enterprise, key management is essential if you encrypt data

The hack by the Princeton researchers is of minor consequence in the long run because it is easily prevented. All you need to do to ensure that your computer isn't handled during the first few minutes after you finish working with encrypted data. In addition, shut down your computer, don't just put it to sleep, when you finish working with encrypted data, or at least, open a bogus encrypted file encrypted with a key that cannot access any important data. This way, the encryption key in memory can only decrypt unimportant data.

My concern with the revelation that some Princeton researchers found a way to get encryption keys for a type of hardware encryption isn't that they did it, it is that the Department of Homeland Security, and who knows whom else, will no doubt be spurred to try hacking other forms of encryption. Privacy is a fundamental human right and the fact that our government is seeking to invade privacy does not sit well with me at all, even though I recognize it may have some good reasons for doing so. I am not an anti-government person, but I believe the government should be subject to some very strict boundaries, one of which is not being able to invade our privacy without very close oversight.

— Stan Horwitz

[ home | newsletter | past | join | listserve | shareware | directory | links | md9 ]

© 2008 Stan Horwitz and MLMUG
Posted 02/05/08
Updated 02/05/08