Slashdot Mirror

← Back to Stories (view on slashdot.org)

Encryption Could Make You More Vulnerable

Posted by CmdrTaco on from the also-condoms-give-you-aids dept.

narramissic writes "It sounds like a headline straight out of The Onion, but security researchers from IBM Internet Security Systems, Juniper, nCipher and elsewhere are warning that the use of data encryption could make organizations vulnerable to new risks and threats. There is potential for 'A new class of DoS attack,' says Richard Moulds, nCipher's product strategy EVP. 'If you can go in and revoke a key and then demand a ransom, it's a fantastic way of attacking a business.'"

2 of 126 comments (clear)

  1. Other way to protect data: Split the data by davidwr · · Score: 5, Interesting

    A friend taught me this years ago:

    Say you have a secret. Divide the secret into 3 parts and find 3 people to hold the key. Each person holds 2 parts of the key. If any one person is unavailable, the key can still be used, but no one person can use the key alone.

    This same system can work with larger numbers too. My friend used a "3 of 5" approach, which required 3 people out of 5 to use the key.

    In a way, this is like RAID-5 but more general.

    You can apply this to keys, to the raw unencrypted data, or to encrypted data, depending on your security needs.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  2. "Revoked" key doesn't equal "Destroyed" key by tcampb01 · · Score: 5, Interesting

    I'm not sure what point they're trying to make in the article other than churn up some FUD. If I encrypt a file on my computer with a password or key and then lose my key, I cannot easily decrypt that file. So poor management of my key could make me vulnerable to loss of data -- but that's not the same level of risk as theft of data (which may be worse than losing it.)

    As several others have pointed out, a 'revoked' key in no way keeps you from getting at your data. In the same way that a bank can 'revoke' a credit card, the actual card itself doesn't disappear... it's just not trusted to do anything. Unlike the credit card system, most any security software that checks key revocation lists can easily be told to ignore the fact that the key is revoked. The bits needed to perform the encryption or decryption still exist -- you just get a warning that someone says you should not trust it... but that's not the same thing as saying you can not trust it.

    What that really means is you just need a good key management scheme. Whereas most people would just use a single private key, in a corporate environment you've got the problem of project-related work that might be encrypted by an employee still belongs to the company. If an employee quits, is terminated, gets run over by the beer truck, etc. etc. then the company would like to have a way to get the data that they rightfully own. This is what "key escrow" systems are for. But escrowed keys would ideally be kept in a very safe place. Of course the fact that an escrowed key exists at all allows the individual to repudiate the contents of the encrypted file -- someone else could have altered it. The solution to that conundrum is to create a "signing" key which does not encrypt and which is not escrowed, and an encryption key which is not used for signing, but which is escrowed.

    So back to the FUD... I suppose all these companies have an interest in creating the fear, getting the average IT person to decide to look into it, realize what they're missing, then realize that they probably need to hire a professional security business to help build a proper key distribution and escrow system.