ENCRYPTION: A MIXED BLESSING?
                       by Eugene Volokh, VESOFT
           Published by HP PROFESSIONAL Magazine, May 1988.


   At  first glance, encryption programs (several are available on the
Contributed  Library) seem to be powerful security tools.   Encryption
is    the  only  fairly  foolproof  way  of  protecting  data  against
unauthorized  reading, both  by  outsiders  and  insiders.   Even  the
system  manager, to whom MPE gives unlimited access rights to any file
in   the  system, can't read a personal document that you've encrypted
with your own secret key.

   In  fact, whenever any of our customers called and asked  us  about
read-protecting    files,   we  recommended  one  of  the  contributed
encryption  programs.  Actually, we  first  advised  them  to  protect
their  files with MPE's file security, which worked quite admirably as
a   defense  against  anybody  except  a  console  operator  or system
manager;  however, if they didn't want even their system manager to be
able  to read the files (or were afraid that some operator might  pick
them up off a backup tape), encryption seemed to be the way to go.

   Then,  in   spring  of  1987,  we got a call from one of our users.
They  had just fired one of their programmers and two days later found
that  their system was aborting!  Sure enough, there was a  time  bomb
in  their software (I had to find it in the object code since they had
lost  the source code!) and I had to defuse it by patching the program
file.    In  fact,  I  had to come back six months later to defuse yet
another  time bomb in the same program, and at that time found a third
bomb that was set to "explode" a month later.

   Shortly  after I got rid of the first time  bomb,  they  called  us
again.    Apparently, some months before being fired, the saboteur had
encrypted  the source code of  another  of  their  systems!   Tens  of
thousands    of   dollars   worth   of  software  was  now  completely
inaccessible, the key known only to the departed programmer.

   This,  of course, is the "mixed blessing" that I allude to  in  the
title   of  the paper.  This company actually had NO NEED for any kind
of  source code encryption.  Although some sites may have  a  use  for
encryption  (mostly of their data and, say, management memos, letters,
etc.),  this site did not; certainly, it derived no benefit from being
able to encrypt its source code, since it wasn't in any way secret.

   In  any event, somebody must have pulled the encryption program off
a   contributed  library  tape,  and our hero decided to "protect" the
company's  source code.  He may have done this maliciously, or perhaps
he  may have been the kind of person who impulsively  protects  things
even  though they really require no protection.  (Naturally, being the
vendors   of  a  security  package,  we  encourage  people  to  "think
security"  -- however, encrypting source files is usually going a  bit
too  far; much better to be concerned with things like logon security,
embedded   passwords,  periodic password changes, etc.).  What matters
is  that he was gone and the  source  code  was  unreadable  --  which
meant,   as  I mentioned, a loss of tens of thousands of dollars worth
of software investment.

   When  our customer first mentioned this to us, our first suggestion
was,  of course, to ask the culprit.  Bribe  him,  threaten  him  with
lawsuit,  threaten him with criminal prosecution (the time bomb itself
was   almost  certainly  a  crime,  perhaps  a  felony) -- even if you
couldn't  get a conviction, you should be able to  frighten  him  into
giving   you  the key, which, after all, would be the easiest thing in
the world for him.

   Unfortunately  (I say  "unfortunately"  because  I  think  the  guy
should  have had the book thrown at him -- he's a menace), the company
wanted  nothing whatsoever to do with the man again.  They are a large
enterprise,    with   a   large  enterprise's  distaste  for  negative
publicity;  management would rather lose thousands than  get  involved
in   a  "Goliath vs. David" sort of case where they (although they are
in  reality the innocent party) might be portrayed  as  big  bad  guys
trying to "get" a poor helpless ex-employee.

   Instead,  they  asked me whether there was anything I could do.  At
first  glance, I thought that this was impossible --  after  all,  any
good  encryption system that uses an encryption key is (theoretically)
almost   unbreakable;  you  can try to decrypt the encrypted file, but
unless  you stumble across the right key, all you'll get  is  garbage.
I'm  sure that some National Security Agency cryptographers armed with
Crays   could  do it in a jiffy, but I have neither their hardware nor
their  sophisticated algorithms (in fact, much  advanced  cryptography
is classified as government secret).

   Fortunately, I got an idea.  If

   SOURCE FILE + KEY yields ENCRYPTED FILE (encryption)

and

   ENCRYPTED FILE + KEY yields SOURCE FILE (decryption)

then it stands to reason that

   SOURCE FILE + ENCRYPTED FILE yields KEY

In  other   words,  if  they  had  an  unencrypted  copy of one of the
encrypted  files, then with luck I might be able  to  deduce  the  key
with   which  the file was encrypted, and then decrypt the rest of the
files with that key (if they were all encrypted with the same key).

   I  asked the author of the encryption program for its  source  code
and   got  to  work.  A couple of days later (and a couple of thousand
dollars  later for our client), I worked out a solution.  Essentially,
I  reduced the problem to a system of 64 equations with  64  unknowns,
where    the   operators   were   Circular  Shift  and  Exclusive  OR.
Unfortunately,  I knew of no way to solve it algorithmically; instead,
I  wrote a PASCAL program.  This program made assumptions  about  each
unknown   (each  unknown's  value  could  be  0 or 1, and it made each
assumption  in  turn)  until  it  got  enough  data  to  start  making
deductions.   Then it would deduce as many values as possible until it
either   figured every value out (a solution), got a contradiction (in
which  case it would forget the last assumption it made and assume the
opposite),  or found that it could make no more deductions  (and  thus
had to make some more assumptions).

   Finally,  after   about an hour's computer time, I got 256 possible
solutions.   It turns out that because of the nature of the algorithm,
any  of them would work to decrypt the files, but  only  one  actually
represented   a  sequence of printable ASCII characters -- this turned
out to be the key that the culprit actually used.

   Curiously  enough, the key was the name of the group in  which  the
files   were  stored.  If the customer (or, for that matter, I myself)
tried it in the first place, we'd have saved a lot of time.

   Thus,  this case turned out better than expected -- the company got
their  source code back (although they had to pay some consulting fees
to do this).

   At  first, we thought that this was an isolated incident.  Then,  a
few   months later, I was scanning through a bulletin board when I ran
into  a message from somebody else complaining  of  exactly  the  same
thing!    A  programmer  had encrypted some files and then left on bad
terms.   In this case, the company wasn't so  lucky  (I  believe  they
didn't   have  any  unencrypted source code to work out the key from).
Three  months later, we got a call from another person -- exactly  the
same  thing had happened again (again, we couldn't do anything to save
their   files).   Fortunately,  this  last  person  was  going  to  do
something  about it  --  threaten  some  sort  of  civil  or  criminal
prosecution of the wrongdoer.

   Thus,  it  appears that misuse of encryption software is not such a
rare   circumstance  at  all.   In  fact,  I  suspect  that  ABUSE  of
encryption   is  more  frequent  than  PROPER  USE  (especially if you
include  the accidental  cases,  where  some  over-zealous  programmer
encrypts   his  sources  and forgets his key!).  By and large, there's
very  little data -- especially data stored in non-database  files  --
that   really  needs  encrypting;  an adequate file security system is
usually  quite sufficient.  Certainly nobody except software suppliers
really needs to encrypt source code.

   Thus, our recommendation to HP users is:

   *  DON'T  PUT FILE ENCRYPTION PROGRAMS ON YOUR SYSTEM UNLESS YOU'RE
     CONVINCED  THAT YOU HAVE SOME FILES  THAT  YOU  *REALLY  NEED  TO
     ENCRYPT*.

     In  other   words, don't encrypt just for "general principles" --
     think  whether you really need to (especially  in  light  of  the
     fact   that  most  valuable  data  is  usually  stored  in  IMAGE
     databases, which most encryption programs don't handle).

   As  sometimes happens, what at first glance seems  to  be  a  great
idea   can  actually  do  more  harm  than  good.   Security is a very
important  issue, and you should think about it seriously; however, as
you  see, you could face serious problems  if  you  choose  the  wrong
security solution.

   What  if  you've already fallen guilty to a cryptographic saboteur?
Trying  to decrypt  your  programs  with  a  method  like  the  one  I
mentioned   should  be  your  last  try,  not your first -- it's quite
expensive,  time-consuming, and uncertain (since if you don't have the
EXACT original source code, you're in trouble).

   As  in all cases of computer crime (or of crime  in  general),  the
best   solution  is  to  bring in the law.  Though I'm certainly not a
lawyer,  as I see it, you have two possible approaches: the civil  and
the  criminal.  You can sue (or, more to the point, threaten to sue if
he   doesn't  give  you  the  key)  for  damages,  alleging  that  his
intentional  act (or even his negligence) has deprived you of the  use
of   your  software,  in  which you've invested a great deal of money.
Or,  you may try to  prosecute  on  some  sort  of  criminal  sabotage
charge,  again alleging that the person intentionally acted to deprive
you of what was rightfully yours.

   I've  heard different opinions on the criminal matter -- one person
(a   policeman  experienced in computer crime investigation) mentioned
that  it may be impossible to prosecute unless you can prove that  the
initial   encryption  was  malicious;  if  the  person  claims that he
encrypted  the software legitimately, out of a desire to "secure"  his
employer's  system, it may be very hard to prove otherwise, even if he
refuses  to decrypt the software after he's fired.  On the other hand,
a   computer  lawyer I talked to said that prosecution may not be that
difficult;  you probably  want  to  get  in  touch  with  your  police
department  to find out (many big police departments by now have a lot
of experience in computer crime investigation).

   In  any case, the mere threat of criminal or even civil prosecution
can   make the culprit come around -- after all, all he needs to do is
tell  you the key (unless he's forgotten it!), and then he's  off  the
hook.    Even if he thinks he'd win in a legal case in the long run, I
strongly doubt that he'd be willing to chance it.

   What's  more, by taking stern action against this sort of  computer
crime   (and in all three cases I mentioned, and in several other ones
that  I  know  of,  crime  is  EXACTLY  what's  involved),  you'll  be
preventing   such  things  in  the  future,  both  on  the part of the
particular  wrongdoer involved and by any  of  your  other  employees.
Just   like  drunk  driving  and shoplifting a decade or two ago, many
people  see computer crime (especially  sabotage)  as  nothing  really
serious,   just  a  "harmless  prank" or a test of programmer skill --
it's time that this attitude was changed, and changed radically.

Go to Adager's index of technical papers