Schneier on Security
A blog covering security and security technology.
« Hundreds of Thousands of Laptops Lost at U.S. Airports Annually |
| Time Bomb Neckties »
July 4, 2008
The UK is learning:
The Scottish Ambulance Service confirmed today that a package containing contact information from its Paisley Emergency Medical Dispatch Centre (EMDC) has been lost by the courier, TNT, while in transit to one of its IT suppliers.
The portable data disk contained a copy of records of 894,629 calls to the ambulance service's Paisley EMDC since February 2006. It was fully encrypted and password protected and includes the addresses of incidents, some phone numbers and some patient names. Given the security measures and the complex structure of the database it would be extremely difficult to gain access to any meaningful information.
News story here.
That's what you want to do. There is no problem if encrypted disks are lost. You can mail them directly to your worst enemy and there's no problem. Well, assuming you've implemented the encryption properly and chosen a good key.
This is much better than what the HM Revenue & Customs office did in November.
I wrote about disk and laptop encryption previously.
Posted on July 4, 2008 at 1:10 PM
• 33 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
As long as they are not using Microsoft Word's password protection or other useless scheme, thinking it's encrypted....
Let us hope that the security system is up to the job but I have a nasty feeling it may not.
Most of these disks go missing from the hands of contractors or other outsourced employee.
The one thing that most of these outsourcing companies in the UK appear to have in common is failier to act in what many would regard as a common sense manner.
The main cause of this appears to be the original outsourcing agrement and the clauses that the companies use to basicaly hold the UK agencies over the proverbial.
It is not uncommon to see news headlines about the cost of changing a light bulb in an organisation which has outsourced costing not a lot short of a thousand pounds.
In that sort of culture where profit has to over ride common sense what sort of security system is likley to be implemented? Odds on it is one at the lowest possible price...
The UK Government realy should use some of it's crypto and security expertese to come up with practical and functional security systems and insist on there use for personal data that is being sent outside of agencies.
But with the state of the UK Gov financies it is very unlikley to happen any time soon...
Yes. TrueCrypt 5.1a is more then good enough and more then fast enough for laptops and S1/S3 suspend mods.
And for container to burn on DVDs.
TEST IT! http://www.truecrypt.org/
Dont test sec suites with tons of MBs with stupid n00b features.
This is really nice! It seems like they've implemented sensible policies (which, honestly, you'd almost not expect them to do). This show the power and usability of software like TrueCrypt. It's very easy to use, it's free, it's relatively easy to implement across many computers, and ridiculously secure. Looks like people are learning!
Would like to know a little more about the encryption before I say "good job chaps".
But the password was abc123.
Agreed with everyone here. I've worked at places which have used weak crypto, or weak keys, or both to transmit sensitive information.
What's really needed is for organisations like this to publish their policies for data encryption (including how those policies are enforced).
I wonder, have they heard of ssh?
If they used this new encryption scheme, there would be no need for physical transportation of data.
Often the bandwidth of a hard disk in a vehicle exceeds the bandwidth of an office connection. SSH might be too slow, or it might tie up needed resources.
Besides, if your data is securely encrypted, what's wrong with using physical transportation, carrier pigeons, or smoke signals? It's just a transport layer.
SSH itself was vulnerable on Debian Etch (and "unstable" since 2006) prior to the middle of May. All data transferred via the internet encrypted using those weak keys is almost as endangered as if it had been lost in the post on unencrypted disks.
It's not just the crypto that is important, it's the whole system that has to be secure.
As an example I make a random key (using dice and a char grid) encrypt my data using an appropriatly strong crypto alg and put the result onto the optical media...
So far so good.
Now what do I do I have my disks and a piece of paper with my random key written on it how do I send them to the other party?
At this point it can go bad very bad if there are not the appropriate procedures in place.
If I just give the disks and piece of paper to an admin assistant to send what are they going to do?
Probably just put the disks and the piece of paper in the same package and post it (it's what they do with just about everything else).
Key managment has several stages in this case,
Of which only the first appears easy (it's not due to preventing key reuse).
As with all security the devil is in the details and the worlds strongest crypto is of no use if there is no equivelent security on the KeyMat.
Of course. My point was just that *if* the data is securely encrypted, then it can be transmitted however you like. Encryption allows the data transport to be abstracted away and implemented pretty much however you like (you do need error-correction if that isn't done already at a higher level).
Transport of the key is, as you point out, another matter. For this purpose I'd suggest that phoning the recipient and asking for a public key fingerprint would be sufficient. To be honest, phoning the recipient and giving them a symmetric key would probably be fine too in this case: the chance of an attacker intercepting both the phone call and the shipment is minimal.
Key management is really hard in general, but in a lot of particular cases it's pretty easy.
Frankly, at this point in time the degree of crypto strength is irrelevant.
If people don't understand the value of the information asset, they won't think about how they need to protect it.
People think file confidentiality is worthless, until they loose them - or it's their own DPA/Id data that's under discussion.....
DomDeVitto, the postman dont need understand the value of information asset. trainee on the wy to UPS always not. the advisor save the data crypted unknowingly (!)
You think govs assign idiots with security questions? Either these make nothing or these buy spezialists.
This gobshite discussion about keys and policies is piddling.
Yes, press officers are learning. They have learned to *say* that lost data is encrypted. It may or may not be encrypted.
"""... assuming you've implemented the encryption properly and chosen a good key."""
That's an awfully big assumption....
And as Clive pointed out, choosing a good key is only the start of key management.
On the other hand, we have this:
"Daily Mail publisher Associated Newspapers has admitted that a laptop containing financial and personal details of thousands of staff, suppliers and contributors has been stolen."
But don't worry, it was 'password protected'!
Keeping too much data in one place seems dumb. Thousands of records on a laptop? A DVD hold a good bit and is easier to secure and harder to steal. Destruction is easier when the data goes stale.
"Each licence bought will entitle one entry into the Million Dollar Challenge. But only true cynics and non-believers need enter. As we have stated already, no-one will ever be able to decipher text or files encrypted with PP. However, there are always people who think they know better, which is why we are offering $1,000,000 to anyone who can decrypt our cyphertext.
If you can identify the correct plain text, you will need to show us exactly how you arrived at the correct solution. (Hacking our systems or any kind of subterfuge will disqualify you). If successful, $1,000,000 is yours."
All this encryption talk is the same. Over and over again, and now another challenge to anyone to conduct a frontal assault against ANOTHER encryption algorithm. Reminds me of when I was a small boy and I tried to catch a bird, with a box. I put the box out on the ground, and somehow expected the bird to just step into the box so I could run up and put the lid on before he escaped.
And more TrueCrypt advertisements. Over and over again, like a broken record. I think the reason everyone carries on the way they do is simply because encryption is all they know. It's a paradigm. And consequently they overlook all the disadvantages and users are expected to just deal with them as a matter of course.
Imagine going back in time to the 60's or the 70's and trying to tell the auto mfr's what is wrong, before the Japanese invasion began. They would throw you out - "no one knows more about auto design than we do" and "how dare you question our expertise in manufacturing cars" and "if there was something wrong with American cars, than why do people keep buying them". That's what you would hear, just before they threw you out.
And quite honestly, the encryption paradigm reminds me of the Maginot Line.
Delivered by TNT? I can't imagine delivery by explosives would be very efficient or reliable.
"Over and over again, like a broken record. I think the reason everyone carries on the way they do is simply because encryption is all they know."
Simple solution-ignore it and read what you want to know about instead of bitchin' about what others know.
This smells funny.
The data described sounds like 911-call type data. Most 911 data is public. You can find it in most daily community papers.
Are they bragging that they protected information that didn't need to be protected? Or was there really personal information here?
Sounds to me like it might be PR ploy.
On the other hand, maybe in the UK 911 calls aren't played on the news every night.
It's very easy to do this the wrong way. We have some kind of full-disk encryption being promulgated at my work here which does not require the entry of an encryption key to boot the machine... the key must necessarily be stored on the disk next to the encrypted data or in non-volatile memory somewhere. Similarly, once the machine is up the disk device is "transparently encrypted" which means, as a mounted filesystem, it can be leaked or transmitted by a system intruder or malware as normal.
I'm sure there are better schemes out there but people thing "encryption" is some kind of magic dust they can sprinkle on information to make it secure.
Finally, someone reporting the data breach that wasn't. Great example of why encryption is so necessary when it comes to the storage and transmission of personal data.
And yes, encryption does have to be done correctly. Though even bad encryption is better than no encryption (unless it gives you a false sense of security).
@s - looks like you hit a raw nerve with the Permanent Privacy guys in the UK.
I just wanted to point out that I use the "magic dust" analogy freely and repeatedly, so freely and repeatedly that I forgot what a recent re-reading of Practical Cryptography confirms: I probably got it from Bruce Schneier. Credit where it's due.
"Delivered by TNT? I can't imagine delivery by explosives would be very efficient or reliable."
TNT appear to belive they are the great rivals to UPS...
I'm not sure of what the TNT initials stand for officialy but a friend of mine after having repeated failiers by them and many explosive phone calls with their various (supposed) managers assumed they stood for "Total numpty transporting"...
My only memorable experiance of them is receiving a package that looked as though it might well have been rolled up and blasted out of a gun by TNT so you might be wrong ;)
Kudos to them for thinking to encrypt it (or at least thinking to CLAIM they did in the post-incident-spin).
Hopefully they did not use Rot-13 or write the key on the disk with a Sharpie.
Of course, even if they did it right; in view of Moore's law, what is the half-life of good encryption by today's standards?
Is there a "Schneier's law" for that? How much of encrypted data will still have value when it becomes a mere training exercise to brute force it with the 4THz 256-bit 17-concurrent-CPU (one as a master/scheduler) 32GB cache chips with built in integer factoring or whatever the processor du joure is a couple of years down the road?
"what is the half-life of good encryption by today's standards?"
It's a difficult question to answer due to the way the encryption is used the quantity and type of data encrypted and the method by which the key is selected and used (or unfortunatly re-used).
A simpler way to look at it is with the following two questions,
1. How long is the data going to be sensitive?
2, Is this time considerably less than the expected life of the security system used?
In the case of the data concerned it is very unclear as to what is actualy contained. The BBC artical indicates it may contain peoples names, home addressess and possibly telephone numbers as well. However the quotes from other individuals given within the artical indicates there may be other posibly identifying or sensitive data.
Currently in the UK people are expected to live to around 80years (less in Scotland's Cities), move house about every 10years and change their phone numbers about every 3 years.
Also children apparently leave home before they are thirty (just ;) so the address to peoples names probably has an upper limit of 30years.
This is about the same length of time as AES is supposed to be "certified for use" so the security system used may well be marginal for a very small percentage of people for things like locating their "current details".
However if there is other sensitive data, even if the details are not current the putting on line of things like the "land Registry" and historic "census data" and "electoral rolls" means that the data may still be usefull even 30 years after the loss for some types of privacy infringements (misuse of peoples medical data).
So as long as the exact data involved is unknown it is dificult to say how long the data is going to be sensitive for.
Another question that springs to mind is why was "sensitive data" being sent to a software supplier in the first place... Of what possible use would "real data" be to them over and above "representational test data" which would effectivly be manufactured and so not sensitive at all.
I think on reflection we might actually be looking at the wrong issue.
Passwords are always going to be a human weakness. I used my boss' account at work because the password was "HH".
"There is no problem if encrypted disks are lost. You can mail them directly to your worst enemy and there's no problem. Well, assuming you've implemented the encryption properly and chosen a good key."
I appreciate there's probably some hyperbole in this statement. Nevertheless, the Enigma machine was advanced encryption for its time. Raise the stakes and throw in enough money and processing power (and perhaps a bit of serendipity such as a rammed U-boat, or keys remaining in laptop memory) and even the strongest encryption won't necessarily be enough once the data is captured.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.