Dutch Fiasco Demonstrates Futility Of Security Through Obscurity

from the no-secret-algorithms dept

Recent research on the security vulnerabilities of a new Dutch fare card system offers important lessons for computer security. The Dutch government spent $2 billion on the system, which has now been demonstrated to have fatal flaws. The researchers disassembled the smart cards used by the system and took high-resolution photographs of the circuitry. This allowed them to reverse-engineer the encryption algorithms being used by the system. As Felten points out, this wouldn't have been a problem if the Dutch had used an open crypto algorithm that has been widely tested and found to be secure. But because the system relied on algorithmic secrecy for security, this could be catastrophic. The algorithm uses a relatively short 48-bit key. This means that once the algorithm is known, it becomes possible to perform a brute-force attack, simply trying all 281 trillion possible keys in parallel until the correct one is found. That requires a non-trivial amount of computing power, but it's well within the capabilities of modern computer hardware. Indeed, this is precisely the approach taken by a Johns Hopkins research group three years ago when they cracked the encryption on the Exxon Mobil Speedpass, which used a 40-bit key. Brute forcing the 40-bit algorithm reportedly took the Hopkins team about 20 minutes, which suggests that -- even ignoring improvements in hardware -- it should be possible to brute force a 48-bit key in under a week. Since they're just deploying the system now and are presumably planning to use it for a decade or more, 48 bits is woefully inadequate. They ought to have used a standard, widely-tested cryptographic algorithm with a significantly longer key size, in order to make brute force attacks impractical.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: dutch, security


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 23 Jan 2008 @ 2:37pm

    Yes, they should have. But that's how governments the world over work. The real experts tend to want better pay than a government job, or more freedom than a government job allows.

    People aren't willing to treat government agencies like real businesses. They view it as something sacred. To me, sure the government shouldn't be arbitrarily changed. But you're talking about the AGENCIES and stuff that aren't stipulated in the Constitution. Which is why you get redundant crap like "Homeland Security".

    But all well, I've become cynical enough to just give up on humanity at this point.

    link to this | view in chronology ]

    • identicon
      Anonymous Coward, 24 Jan 2008 @ 3:16am

      Re:

      "The real experts tend to want better pay than a government job, or more freedom than a government job allows."

      The thing is they have the money to pay permanent staff however in my experience they'd much rather piss that money away on overpaid contractors and consultants.

      The reality is paying £900 per day for someone won't guarantee they're actually any good at their job and in many cases they may even be a graduate with little to ZERO experience. I know when I graduated and worked for a large IT consultancy on massive public sector projects my charge out rate was nearly £700 per day!

      link to this | view in chronology ]

  • identicon
    Rich Kulawiec, 23 Jan 2008 @ 4:07pm

    It'd be worse if...

    ...a country actually made this same, classic mistake while trying to implement a system to do something critically important, like, oh...hmmm...let me think...voting?

    link to this | view in chronology ]

  • identicon
    GDK, 24 Jan 2008 @ 5:52am

    Why amateurs should not do crypto.

    Your premise is not supported by the facts in the story. You claim that not using a known secure algorithm is folly, because the algorithm is discoverable, whereas a published, widely known, algorithm that doesn't need to be reverse engineered is better. You go on to cite a successful BRUTE FORCE attack on a known algorithm as proof that a proprietary algorithm is less secure than a publicly vetted one. You base that claim on the fact that once an algorithm is known, a brute force attack is possible. You don't seem to acknowledge that the open crypto algorithms you tout are ALREADY subject to such attacks, no reverse engineering required.

    Maybe the point you were trying to make is simply that the Dutch used a key that was too small. Perhaps, you meant that they thought they could get away with a shorter key because they thought their algorithm was secret, but you didn't make that point.

    The rational argument against a proprietary crypto algorithm is that absent expert peer review of the details, it is likely that the algorithm can be broken without having to do a brute force attack.

    link to this | view in chronology ]

    • identicon
      Tim Lee, 24 Jan 2008 @ 8:03am

      Re: Why amateurs should not do crypto.

      Sorry, I guess I wasn't as clear as I could have been. My point was that relying on the secrecy of the algorithm is a bad idea, and that I suspect the government officials in this case assumed that the relatively short key wasn't an issue because the secrecy of the algorithm gave them extra protection. It's true that the ultimate problem is the longer key size, but I suspect that if they'd been more open when they were developing the algorithm, someone probably would have pointed out that a 48-bit key is too short.

      link to this | view in chronology ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.