128 BIT WHAT?

Author:Dr. Kent D. BoklanDirector, Security ResearchRazorpoint Security Technologies, Inc.

Version:1.1

Date of current version:2007–05/18

Date of original version:2007–01/10

Copyright © 2007 Razorpoint Security Technologies, Inc.All Rights Reserved.

128 bit what?

[ WHITE PAPER ]

™

Table of Contents:

Introduction. ................................................................................................................................................. i

TheStrongestAvailable. ............................................................................................................................. 1

ModernCryptography. ................................................................................................................................. 1

RealWorldUse. ............................................................................................................................................ 2

BlockCipherEncryptionDiagram. ............................................................................................................ 2

It’sEncrypted.Isn’tIt? .............................................................................................................................. 3

SomeCommonCryptographyTerms. ...................................................................................................... 3

AboutRazorpointSecurity. ......................................................................................................................... 4

™

May 18, 2007 128 Bit What? [v1.1]

31 east 32nd street, sixth floor | new york city, new york 10016–5509 usa | tel: 212.744.6900 | fax: 212.744.6344 | www.razorpoint.com | [email protected] Copyright © 2007 Razorpoint Security Technologies, Inc. All Rights Reserved.

Introduction.Your data is encrypted. So what?

Istheencryptionyouusedablockcipherorasymmetriccipher?MaybeSSL,AES,or3DES?Canyourdatabecompromised with known cryptographic attacks? What key length are you using with your encryption? And, what does that mean? Is 56 bits enough? What about 128 or 256?

Buzzwords abound when it comes to security, and encryption is an area with a set all its own. This paper attempts to shed a bit of light on the myths and misconceptions when dealing with encryption, and hopefully helps focus on what matters through all the noise.

GaryC.Morse,CISSP,CISMPresident/FounderRazorpointSecurityTechnologies,Inc.

™

May 18, 2007 128 Bit What? [v1.1] Page i of i


128 bit what?

The Strongest Available.When I moved to Manhattan in the summer of 2002, I opened a checking account at a major bank. I was asked by the financial manager if I wished to set up the account for online access. I replied by asking about the security mechanisms that were in place for online banking. The woman with whom I was speaking tried to assure me with waives of her hands that the bank used “really good methods” but I asked for a more detailed assessment. She telephoned one of the bank’s experts in such matters (so she told me) and, after a few minutes on hold and small talk about my move to New York, she got through to the person that I can only suppose was a lead in the bank’s IT department. He told her – and she relayed to me – that they used “really strong encryption.” I asked for more details and he told her that he would connect her to the person who really knew what they used. A few embarrassing minutes later, she got the answer, they used, “128 bit encryption.” I directly inquired, “128 bit what?” and she repeated this question into the telephone receiver. The person on the other end was silent for a few moments and then admitted they did not know more than that – but it was 128 bit encryption – “the strongest available.”

Today, we are inundated with media pronouncements of “strong security” with such ubiquitous buzz phrases as “128 bit encryption.” The cipher mechanisms and associated data security technologies almost always come directly out of the black boxes of commercial software. To maintain the confidentiality of data, the encrypting (and the decrypting) is performed invisibly to the user who must go on faith that best practices are employed, and that strongestmeansbest. Unfortunately, the security of encrypted data is not simply a matter of the number of bits, 128 or otherwise.

The answer is not simple because the question is ill–posed. It’s not the strength of the algorithms that should be the concern, it’s how they are implemented, how the cryptographic keys are generated, how the keys are managed and how they are stored. And that’s notall.

Modern Cryptography.Modern cryptography is founded upon two essentially different types of schema: public key methods and private key methods.

Public key cryptography is relatively new. Whereas private key methods date back centuries, public key techniques were “invented” in the public sector in the 1970s and, recently disclosed, at the UK’s Government Communications Headquarters (GCHQ) a decade earlier (but they had been classified). In a public key system, the sender of a message looks up some public information for the person to whom they wish to send a message. That person – and hopefully only that person – is in possession of some private key that allows them to read any message that is encrypted with the public information. For this reason, public key cryptography is also known as asymmetriccryptography.

As a simple example of the public key concept, imagine an open lock and an open box. These represent the public information for a particular person. To send a message securely to this person, put the message into the box and lock the box with the lock. Only the person with the key to that lock can read the message. (This means that once you lock the box, you can’t get to the message either.) Public key algorithms are rarely used for encryption – they are almost exclusively employed to create digital signaturesandto send very short pieces of data – like keys to be used in private key methods and personal identifiers for use with e-commerce sites. Roughly, the major public key systems run at about 10,000 times slower than private key algorithms. Public key methods are usually based upon mathematical operations and, as such, are very slow.

In private key cryptography (also called symmetric key cryptography), a key – a string of zeros and ones – is shared exclusively amongst those who employ the secret key to encrypt and decrypt their communications. The technique to do the encrypting (and decrypting) is some chosen algorithm that is used in conjunction with that secret key. Following the example in the previous paragraph, in private key systems we have the concept of a box and a lock which those involved in the secret communications all have a key to open. Most often, this key is a session key, generated for a single session of communication between two users. The key is then discarded and the next time (for example, the next time you bank online), a new session key is created. The protocol for key establishment and key exchange is a cryptographic procedure that is usually performed inside the link that is established between the entities involved (like you and your bank’s website). Many symmetric encryption algorithms have been proposed over the years and are out there, but only a few have gained acceptance by experts, governments and industry as “secure” and of these, fewer still are widely used.

Symmetric algorithms come in two varieties: block ciphers and stream ciphers. Stream ciphers are used when you need to encrypt in real time. It’s done one bit at a time – telephone communication is a good example. Stream ciphers are very infrequently used on the Internet. Block ciphers, on the other hand, are used for essentially all bulk data encryption. They do almost all of the work in the digital world today. When you download a file through secure means or when you bank online, it’s a block cipher that encrypts and protects the confidentiality of your data. It’s a block cipher in which you trust.

Block ciphers encrypt blocks of bits at a time, the number of which depends on the algorithm. Some act on 64 bits, and some take 128 bits at a time; but this is not the 128 bits in “128 bit encryption.”

May 18, 2007 128 Bit What? [v1.1] Page 1 of 5


™

Real World Use.Perhaps the most famous example of a symmetric key cipher is the Data Encryption Standard, DES, which served as a global workhorse for twenty years since it’s adoption by the U.S. Government as a standard in the mid 1970s. It’s a block cipher, and the key in DES is 56 bits long. DES performs, one could say, “56 bit encryption.”

A key size of k bits is equivalent to having 2k possible keys. A good block cipher design does not yield to any attack other than what is called brute force1.Thismeans,essentially,thatall2k possible (encryption) keys are tried and whichever provides recognizable language output is the right one. With computers growing increasingly powerful, DES has been rendered vulnerable. 256 is just not as big as it once was. To compensate, a good (secure) alternative is to employ 3DES (read, “triple-DES”) which uses a much larger key size2. Multiple encryption applications, such as 3DES, can be made secure but one must be careful. 3DES is just DES 3 times, with 2 or 3 different keys. 2DES (“double DES”), however, is no more secure than DES because it falls to an attack called a “meet in the middle.” There are other options for block ciphers aside from multiple encryption approaches, of course.

Over the Internet today, most encryption is accomplished in a manner in which the user is passive. The only notification the user may receive may be a picture of a lock on a browser screen suggesting a secure channel or “secure page.” Is this a sign that you are using 128 bit encryption? 128 isn’t a magical number of bits. It doesn’t mean anything about how something is encrypted. 128 bit encryption is almost certainly a statement about the key size in the block cipher that’s being used. The block cipher itself could be the new Advanced Encryption Standard (AES), formerly known as Rijndael3. The Rijndael cipher comes in three flavors: 128, 196 and 256 bit key versions. IDEA is another block cipher that has a key size of 128 bits and so is CAST. IDEA is used in PGP, Pretty Good Privacy, the popular email encryption program. CAST is a Canadian design that’s widely employed. There are quite a few other block ciphers that have passed muster in the cryptoanalytic community that can use a 128 bit key but that’s not really the point. What 128 bitencryptionis not is a key size for a public key algorithm. RSA4 is an example of a well-known public key cryptosystem and if your data was being encrypted by 128 bit RSA, you should be very concerned. 128 bit RSA is not even close to being secure. You’d want at least 1,024 bits today.

Public key sizes (for the secret key) are invariably much larger than symmetric key sizes. Classically, there are better than brute force attacks against public key algorithms due to their highly mathematical nature. My bank was using, quite probably, the AES scheme. That wasn’t my security concern, however.

Block Cipher Encryption Diagram.The following diagram illustrates the basic process of block cipher encryption. Notice how the original plain text message is broken into separate blocks. The encryption algorithm, with the use of the encryption key, then encrypts the blocks. Finally, the encrypted blocks are reassembled into the cipher (encrypted) text.



1. This is not to say that new attacks can not or will not be found, but the theory of attacks is quite well-developed and it is unlikely that any shocking breakthroughs in attacking a block cipher directly will be made.

2. 3DES uses a key size of either 112 or 168 bits, depending on the variant.3. The U.S. government selected Rijndael after a three-year international search for a new encryption standard. It was developed by two Belgian computer scientists.4. RSA stands for Rivest Shimar Adleman. The company is now owned by EMC.

128 bit

Encryption Key

Plain Text Blocks

Cipher Text Blocks

EncryptionAlgorithm

(AES, 3DES, IDEA, DES)

Plain Text

CipherText



It’s Encrypted. Isn’t It?The widespread use of Secure Socket Layer (SSL) technology to protect data confidentiality, to secure data transmissions over unsecured networks, like the Internet, only goes to reinforce the rhetoric that the future of encryption is through automated software. From a cryptographic standpoint, the concern is not the block cipher or the key length options one may have, it’s how the key bits are generated and if they are based on your password – and if so, the password length and entropy1.

Some questions to consider: Can your key be found? Is your block cipher being used in the proper mode? (And what is a block cipher mode?) Default settings aren’t always best and appropriate for one’s needs and applications. Are issues of data integrity addressed? Isthedatasigned so you can trust its origin? Is 128 bits right for you? If you use the AES method with a 256 bit key, is that 128 bits more secure than with a 128 bit key? These are all important questions and only some of the issues that really need to be addressed. It’s just not as simple as using something called strong encryption.

The strength of data security is not all in the key and it’s not about breaking the crypto, it’s about exploiting the system. Bigger (keys) doesn’t necessarily mean better; just don’t use single DES. If your key size for your symmetric method, for your block cipher, is at least 100 bits long, you’re secure for quite a long time, a few decades. Predicting secure key sizes far into the future is a diviner’s art and it’s difficult to do with any sense of surety. (How strong are the methods that are never announced publicly? Why would anyone who has a good attack disclose it?) Moore’s Law, which has held up very well for decades, suggests that processing power doubles every 18 months. If we accept this – and that large-scale quantum computers do not exist2 - a block cipher that’s secure with a margin of 20 bits should be good for at least another 30 years. That means that, if done correctly, 128 bit encryption, using a respectable and vetted block cipher, should withstand attack for about 70 years. And 3DES is good for at least another 50.

Secure key sizes for public key algorithms (like RSA) are a whole other matter. Roughly speaking, an 80 bit key length for a block cipher is about equivalent in strength to a 1,024 bit RSA key, and a 128 bit key length for a block cipher to about a 3,000 bit RSA key3.

A strong algorithm poorly implemented is susceptible to compromise and attack. For a given secure key, even one 128 bits long, every time you encrypt your bank account number it looks the same. Every time you withdraw one hundred dollars, the encrypted version of your transaction is identical. This kind of “leakage” of confidential information – even though no one can tell it’s $100 you’re takingout – is unacceptable. Recognizable patterns like this can be exploited. There are means and best practices to block these weaknesses, but these are topics for another paper.

Some Common Cryptography Terms. Key: The secret that, in combination with an encryption algorithm, allows you to encrypt data.

Key Length: The number of bits in the key. The key length is a measure of the strength of your encryption.

Block Cipher: An algorithm that encrypts data, one block of data at a time. The size of the block varies algorithm to algorithm, but is usually 64 or 128 bits.

Stream Cipher: A block cipher with a block length of 1. These algorithms are used for speedy, real-time encryption (e.g., cellular phone calls).

128 Bit Encryption: Block cipher encryption with a key length of 128 bits.

1. In this situation, we may consider the entropy to be a measure of the amount of randomness. 2. And even if they do, symmetric methods do not fall as easily as the asymmetric do.3. The primary reason for this disparity is that, roughly, public key methods are more sensitive to advances in Mathematics.

The NeTwork SecuriTy challeNgeThe number of companies relying on the Internet for mission-critical business has skyrocketed. And, while this growth has intensified the need for network hardware, software and personnel, it has also increased the need for dynamic, effective network security. New security vulnerabilities are released daily, and maintaining a secure operating environment is a complex and costly process. Some analysts claim 3 of every 4 business web sites are vulnerable to attack, and by the end of 2006 Internet fraud could surpass credit card fraud. Cyberattacks are now routine in today’s electronic landscape, and cybercrime is no longer a future threat; it is here, now.

Public, PrivaTe & ProPrieTaryWe categorize security vulnerabilities into three areas: public, private, and proprietary. Public vulnerabilities are those reported in the mass media and are usually the most easily corrected. These include viruses, worms, misconfiguration notices, and other general security issues. Private vulnerabilities are lesser known and usually held more closely within the underground hacker community. Private vulnerabilities are almost always more lethal, much less publicized and can cause more damage to online networks. Proprietary vulnerabilities are those uncovered and developed at Razorpoint Security. We utilize all of these during our security engagements to ensure that our clients get the most comprehensive assessments possible.

a ProceSS, NoT a ProducTWhile many installations employ similar hardware and software products, not all networks are alike. All too often misconfigured machines are put behind firewalls (“a product”) giving a false sense of security. Hackers use their unlimited time resources to find small idiosyncrasies in perimeter security (e.g. firewalls) to obtain minimal access to internal machines (e.g. mail server, web server, etc.) usually undetected. Once limited access is established, hackers simply exploit vulnerabilities on the internal, misconfigured machines to obtain Superuser (root) access. That’s it. That’s all it takes. Your entire network is compromised. This simplistic scenario illustrates how someone, with enough time and skill, can bypass a product-based security solution and wreak havoc on a live network. Security needs to be monitored, maintained, and updated constantly to meet the ever-changing security landscape (a.k.a. “threatscape”). Proper security includes well-designed infrastructures, firewalls, “hardened” operating systems, good passwords, intrusion detection, and above all, awareness — all of which must be continuously updated. This ongoing “process” is what keeps environments secure and minimizes unauthorized access by malicious intruders.

There is no magic bullet. There is no shrink-wrapped package. And, there is no universally applicable product that ensures the security of a network environment. If there is one concept Razorpoint Security Technologies stresses to its clients, it’s that “network security is a process, not a product.”

Razorpoint Security Technologies, Inc. specializes in network security, attack / penetration testing and identifying potentially disastrous security vulnerabilities especially as they relate to Internet solutions and web applications. We offer security services that focus the view of your network environments and e-business ventures.

Razorpoint Security offers business leaders and corporate clients the necessary security services and solutions that help keep corporate networks secure. While many security firms provide singular penetration tests with limited documentation, Razorpoint offers a year-round assessment schedule and customized documentation deliverables that help keep clients up to date.

Our assessments go well beyond the average “port scan” or “vulnerability scan” exercises. We look at your network through the eyes of those looking to do you harm. We know what they know, we know what they see, and we know what they do.

What is secure?

Products alone do not secure data. Processes do.

R a z o r p o i n t ’s c o m p r e h e n s i v e security services identify real world vulnerabilities and help keep data secure.

www.razorpoint.com

and, how do you know?

The razorbaSeNew security vulnerabilities, tools and exploits are released every day. The task of cataloging, maintaining and applying these to achieve effective security assessments is nearly an impossible task. That is why we have created a customized database that enables us to collect, index and retrieve relevant information easily and effectively. We call it The RazorBASE. You can think of it as one of the most comprehensive repositories of network security information ever compiled. It is one way we can ensure our security assessments are as focused as possible for our varying client environments. This proprietary resource is tapped for every Razorpoint project and is constantly updated with new tools, techniques and documentation to help keep Razorpoint’s staff on top of the latest security developments.

annual assessment scheduleattack / penetration testing

Let us work with you to review an upcoming technology rollout or an existing infrastructure from the security point-of-view. We can help you uncover security vulnerabilities before malicious attackers do.

Whether it’s firewalls, routers, intrusion detection systems, or modem/PBX systems, security should always be a top concern. Razorpoint can help you configure, deploy and troubleshoot your technology to help eliminate security vulnerabilities that go undetected.

security technology consultingsecurity design review

Why did that hacker get into your network even though you’ve got a firewall? Internally or externally, we offer comprehensive attack/penetration tests that look at your network through the eyes of those looking to do you harm.

A 12 month schedule of quarterly attack/penetration tests, with monthly secur i ty advisor ies. This complete offer ing keeps your organization regularly updated on the latest security vulnerabilities, techniques and countermeasures.

our ServiceSRazorpoint Security’s services are designed to give our clients the most comprehensive security analysis of their network operating environments. Our expertise helps identify vulnerabilities, uncover potential ly disastrous security holes, plan for future growth from a security point of view, and maintain ongoing security with regular assessments. Below are each of our speciality areas in more detail:

31 east 32nd street, sixth floor | new york city, new york 10016-5509 usa | office: 212.744.6900 | fax: 212.744.6344 | www.razorpoint.com | [email protected]

copyright © 2001-2007 razorpoint security technologies, inc. all rights reserved.

Razorpoint Security Technologies, Inc.

FeaTured oN

Our expertise makes Razorpoint Security a prime media source on information security. We have been featured by CNN, CNBC, Forbes, The New York Times Magazine, MSNBC, WiredNews, Crain’s, CBS, Fox5, ABC/CourtTV and many others.

Technology

128 BIT WHAT?