Subject: Simson Garfinkel's article, part 2 of 3 Examples of secure passwords include random, unpronounceable combinations of letters and numbers and several words strung together. Single words spelled backwards, very popular in some circles, are not secure passwords since crackers started searching for them. The second characteristic of a secure password (and of a secure computer) is that it is easily changed by the user. Users should be encouraged to change their passwords frequently and whenever they believe that someone else has been using their account. This way, if a cracker does manage to learn a user's password, the damage will be minimized. It should go without saying that passwords should never be written down, told to other people or chosen according to an easily predicted system. Smart Cards If the communication link between the user and the computer is monitored, even the longest and most obscure password can be recorded, giving the eavesdropper access to the account. The answer, some members of the computer community believe, is for users to be assigned mathematical functions instead of passwords. When the user attempts to log on, the computer presents him with a number. The user applies his secret function (which the computer knows) to the number and replies with the result. Since the listener never sees the function, only the input and the result, tapping the communications link does not theoretically give one access to the account. Assume for example, user P's formula is ``multiply by 2.'' When she tries to log in, the computer prints the number ``1234567.'' She types back ``2469134,'' and the computer lets her log in. A problem with this system is that unless very complicated formulas are used, it is relatively easy for a eavesdropper to figure out the formula. Very complicated formulas can be implemented with the ``smart card,'' which is a small credit-card sized device with an embedded computer instead of magnetic strip. The host computer transmits a large (100 digit) number to the smart card which performs several thousand calculations on the number. The smart card then transmits the result back to the host. Obviously, dedicated hardware consisting of the smart cards themselves and a special reader are required. Smart cards change authentication from something to user knows (a password) to something the user has (a smart card). Naturally, the theft of a smart-card is equivalent to the disclosure of a password. Smart cards have been proposed as a general replacement for many password applications, including logon for very secure computers, verification of credit cards, and ATM cards and identity cards. Since the cards are authenticated by testing a mathematical function stored inside the card on a silicon computer, rather than a number stored on a magnetic strip, the cards would be very difficult to duplicate or forge. They are also very expensive. Authentication of the computer: The Trojan Horse problem While most computer systems require that the user authenticate himself to the computer, very few provide a facility for the computer to authenticate itself to the user! Yet, computer users face the same authentication problems a computer does. For example, a user sits down at a terminal to log onto a computer and is prompted to type his username and his password. What assurance does the user have that the questions are being asked by the operating system and not by a program that has been left running on the terminal? Such a program -- called a Trojan Horse -- can collect hundreds of passwords in a very short time. Well written trojan horses can be exceedingly difficult to detect. Another example of a trojan horse program is a program which claims to performs one function while actually performing another. For example, a program called DSKCACHE was distributed on some computer bulletin board systems in the New York in December 1985. The program substantially improved disk i/o performance of an IBM Personal Computer, encouraging people to use the program and give it to their friends. The hidden function of DSKCACHE was to erase the contents of the computer's disk when it was run on or after the trigger date, which was March 24, 1986. Trojan horses are possible because reliable ways in which the computer can authenticate itself to the user are not wide spread. Computer Viruses A computer virus is a malicious program which can reproduce itself. The DSKCACHE program described above is a sort of computer virus that used humans to propagate. Other computer viruses copy themselves automatically when they are executed. Viruses have been written which propagate by telephone lines or by computer networks. The computer virus is another problem of authentication: Since programs have no way of authenticating their actions, the user must proceed on blind trust when we run them. When I use a text editor on my computer, I trust that the program will not maliciously erase all of my files. There are times that this trust is misplaced. Computer viruses are some of the most efficient programs at exploiting trust. One computer virus is a program which when run copies itself over a randomly located program on the hard disk. For example, the first time the virus is run it might copy itself onto the installed wordprocessor program. Then, when either the original virus program or the wordprocessor program are run, another program on the hard disk will be corrupted. Soon there will be no programs remaining on the disk besides the virus. A more cleaver virus would merely modify the other programs on the disk, inserting a copy of itself and then remain dormant until a particular target date was reached. The virus might then print a ransom note and prevent use of the infected programs until a ``key'' was purchased from the virus' author. Once a system is infected, the virus is nearly impossible to eradicate. The real danger of computer viruses is that they can remain dormant for months or years, then suddenly strike, erasing data and making computer systems useless (since all of the computer's programs are infected with the virus.) Viruses could also be triggered by external events such as phone calls, depending on the particular computer. A number of authors have suggested ways of using computer viruses for international blackmail infecting the nation's banking computers with them. Viruses can and have been placed by disgruntled employees in software under development. Such viruses might be triggered when the employee's name is removed from the business' payroll. There are several ways to defend against computer viruses. The cautious user should never use public domain software, or only use such software after a competent programmer has read the source-code and recompiled the executable-code from scratch. {Computer programs are usually written in one of several english-like languages and then processed, using a program called a compiler, into a form which the computer can execute directly. While even a good programmer would have a hard time detecting a virus if presented solely with the executable code, they are readily detectable in source-code.} Telecommunications Modems The word MODEM stands for Modulator/Demodulator. A modem takes a stream of data and modulates it into a series of tones suitable for broadcast over standard telephone lines. At the receiving end, another modem demodulates the tones into the original stream of data. In practice, modems are used in two distinct ways: A) File Transfer and B) Telecomputing. When used strictly for file transfer, modems are used in a fashion similar to the way that many law firms now use telcopier machines. One computer operator calls another operator and they agree to transfer a file. Both operators set up the modems, transmit the file and then shut down the modems, usually disconnecting them from the phone lines. When used in this manner, the two computer operators are essentially authenticating each other over the telephone. (``Hi, Sam? This is Jean.'' ``Hi Jean. I've got Chris' file to send.'' ``Ok, send it. Have a nice day.'') If one operator didn't recognize or had doubts about the other operator, the transfer wouldn't proceed until the questions had been resolved. This system is called attended file transfer. Modems can also be used for unattended file transfer, which is really a special case of telecomputing. In telecomputing, one or more of the modems involved in operated without human intervention. In this configuration, a computer is equipped with a modem capable of automatically answering a ringing telephone line. Such modems are called AA (for ``auto answer'') modems. When the phone rings, the computer answers. After the modem answers the caller is required to authenticate himself to the computer system (at least, this is the case when a secure computer system is used), after which the caller is allowed to use the computer system or perform file transfer. In most configurations, the computer system does not authenticate itself to the caller, creating a potential for Trojan horse programs to be used by subverters (see above). AA modems answer the telephone with a distinctive tone. If a cracker dials an AA modem, either by accident or as the result of an deliberate search, the tone is like a neon sign inviting the cracker to try his luck. Fortunately, most multi-user operating systems are robust enough to stand up to even the most persistent crackers. Most personal computers are not so robust, although this depends on the particular software being used. Leaving a PC unattended running a file-transfer program is an invitation for any calling cracker to take every file on the machine he can find, especially if the file-transfer program uses a well known protocol and does not require the user to type a password. The only security evident is the obscurity of the telephone number, which may not be very obscure at all, and of the file transfer program's protocol. Call back and password modems Modem manufactures have attempted two strategies to make AA modems more secure: passwords and call back. When calling a password modem, the user must first type a password before the modem will pass data to the host computer. The issues involved in breaking into a computer system protected by password modems are the same as in breaking into a computer system which requires that users enter passwords before logging in. A good password modem has a password for every user and records the times that each user calls in, but most password modems only have one password. For most operating systems a password modem is overkill, since the operating system provides its own password and accounting facilities, or useless, since, any functionality which a password modem provides can be implemented better by programs running on a computer which a non-password modem is attached to. But for an unattended microcomputer performing file transfer, a password modem may be the only way to achieve a marginal level of security. A call back modem is like a password modem, in that it requires the caller to type in a preestablished password. The difference is that a call back modem then hangs up on the caller and then ``calls back'' -- the modem dials the phone number associated with the password. The idea is that even if a cracker learns the password, he cannot use the modem because it won't call him back. In practice, shortcomings in the telephone system make call back modems are no more secure than password modems. Most telephone exchanges are ``caller controlled,'' which means that a connection is not broken until the caller hangs up. If the cracker, after entering the correct password, doesn't hang up, the modem will attempt to ``hang up,'' pick up the phone, dial and connect to the cracker's modem (since the connection was never dropped). A few modems will not being dialing until they hear a dial tone, but this is easily overcome by playing a dial tone into the telephone. The idea of call back can be made substantially more secure by using two modems, so that the returned call is made on a different telephone line than the original call is received on. Call back of this type must be implemented by the operating system rather than the modem. Two modem call back is also defeatable by use of the ``ring window,'' explained below: How many times have you picked up the telephone to discover someone at the other end? The telephone system will connect the caller before it rings the called party's bell if the telephone is picked up within a brief period of time, called the ``ring window.'' That is -- when a computer (or person) picks up a silent telephone, there is no way to guarantee that there will be no party at the other end of the line. There is no theoretical way around the ring window problem with the current telephone system, but the problem can be substantially minimized by programming the dialout-modem to wait a random amount of time before returning the call. The principle advantage of a call back modem is that it allows the expense of the telephone call to be incurred at the computer's end, rather than at the callers end. One way to minimize telecommunication costs might be to install a call back modem with a WATS line. In general, both password and call back modems represent expensive equipment with little or no practical value. They are becoming popular because modem companies, playing on people's fears, are making them popular with advertising. Computer Networks A network allows several computers to exchange data and share devices, such as laser printers and tape drives. Computer networks can be small, consisting of two computers connected by a serial line, or very large, consisting of hundreds or thousands of systems. One network, the Arpanet, consists of thousands of computers at universities, corporations and government installations all over the United States. Among other functions, the Arpanet allows users of any networked computer to transfer files or exchange electronic mail with users at any other networked computer. The Arpanet also provides a service) by which a user of one computer can log onto another computer, even if the other computer is several thousand miles away. It is utility of the network which presents potential security problems. A file transfer facility can be used to steal files, remote access can be used to steal computer time. A spy looking for a way to remove a classified file from a secure installation might use the network to ``mail'' the document to somebody outside the building. Unrestricted remote access to resources such as disks and printers places these devices at the mercy of the other users of the network. A substantial amount of the Arpanet's system software is devoted to enforcing security and protecting users of the network from each other. In general, computer networks can be divided into two classes: those that are physically secure and those that are not. A physically secure network is a network in which the management knows the details of every computer connected at all times. An insecure network is one in which private agents, employees, saboteurs and crackers are free to add equipment. Few networks are totally insecure. Encryption What is encryption? The goal of encryption is to translate a message (the ``plaintext'') into a second message (the ``cyphertext'') which is unreadable without the possession of additional information. This translation is performed by a mathematical function called the encryption algorithm. The additional information is known as the ``key.'' In most encryption systems, the same key is used for encryption as for decryption. Encryption allows the content of the message to remain secure even if the cyphertext is stored or transmitted via insecure methods (or even made publicly available). The security in such a system resides in the strength of the encryption system employed and the security of the key. In an ideal cryptographic system, the security of the message resides entirely in the secrecy of the key. When Julius Caeser sent his reports on the Gallic Wars back to Rome, he wanted the content of the reports to remain secret until they reached Rome (where his confidants would presumably be able to decode them.) To achieve this end, he invented an encrypted system now known as the Caeser Cipher. The Caeser Cipher is a simple substitution cipher in which every letter of the plaintext is substituted with the letter three places further along in the alphabet. Thus, the word: AMERICA encrypts as DQHULFD The ``key'' of the Caeser Cipher is the number of letters which the plaintext is shifted (three); the encryption algorithm is the rule ``shift all letters in the plaintext by the same number of characters.'' The Caeser Cipher isn't very secure: if the algorithm is known, the key is deducible by a few rounds of trail-and-error. Additionally, the algorithm is readily determinable by lexigraphical analysis of the cyphertext. Recently, the author sent a postcard to a friend which was encrypted with the Caeser Cipher (without any information on the card that it was encrypted or which system was used): the postcard was decoded in five minutes. Modern cryptography systems assume that both the encryption algorithm and the complete cyphertext are publicly known. Security of the plaintext is achieved by security of the key. Cryptographic keys are typically very large numbers. Since people find it easier to remember sequences of letters than numbers, most cryptographic systems allow the user to enter an alphabetic key which is translated internally into a very large number. Ideally, it should be impossible for a spy to translate the cyphertext back into plaintext unless he is in possession of the key. In practice, there are a variety of methods by which cyphertext can be decrypted. Breaking cyphers usually involves detecting regularities within the cyphertext and repeated decoding attempts of the cyphertext with different keys. This process requires considerable amounts of computer time and (frequently) a large portion of the cyphertext. As there are many excellent books written on the subject of cryptography, it will not be explored in depth here. Why encryption? Encryption makes it more expensive for spies to steal data, since even after the data is stolen it must still be decrypted. Encryption thus provides an additional defense layer against data theft after other security systems have failed. On computer systems without security, such as office IBM PCs shared by several people, encryption is a means for providing privacy of data between users. Instead of copying confidential files to removable media, users can simply encrypt their files and leave them on the PC's hard disk. Of course, the files must be decrypted before they can be used again and encryption of files does not protect them from deletion. Encryption allows confidential data to be transmitted via insecure systems, such as telephone lines or by courier. Encryption allows one to relax other forms of security with the knowledge that the encryption system is reasonably secure. Costs of Encryption Encryption is not without its costs. Among these are the expenses of the actual encryption and decryption, the costs associated with managing keys, and the degree of security required of the encryption program. Beyond the cost of purchasing the encryption system, there are costs associated with the employment of cryptography as a security measure. Encrypting and decrypting data requires time. Most cryptography systems encrypt plaintext to cyphertext containing many control characters: special file-transfer programs must be used to transmit these files over telephone lines. In many cryptography systems, a one character change in the cyphertext will result in the rest of the ciphertext being indecipherable, requiring that 100 percent reliable data transmission and storage systems be used for encrypted text.