Dutch Fiasco Demonstrates Futility Of Security Through Obscurity
from the no-secret-algorithms dept
Recent research on the security vulnerabilities of a new Dutch fare card system offers important lessons for computer security. The Dutch government spent $2 billion on the system, which has now been demonstrated to have fatal flaws. The researchers disassembled the smart cards used by the system and took high-resolution photographs of the circuitry. This allowed them to reverse-engineer the encryption algorithms being used by the system. As Felten points out, this wouldn't have been a problem if the Dutch had used an open crypto algorithm that has been widely tested and found to be secure. But because the system relied on algorithmic secrecy for security, this could be catastrophic. The algorithm uses a relatively short 48-bit key. This means that once the algorithm is known, it becomes possible to perform a brute-force attack, simply trying all 281 trillion possible keys in parallel until the correct one is found. That requires a non-trivial amount of computing power, but it's well within the capabilities of modern computer hardware. Indeed, this is precisely the approach taken by a Johns Hopkins research group three years ago when they cracked the encryption on the Exxon Mobil Speedpass, which used a 40-bit key. Brute forcing the 40-bit algorithm reportedly took the Hopkins team about 20 minutes, which suggests that -- even ignoring improvements in hardware -- it should be possible to brute force a 48-bit key in under a week. Since they're just deploying the system now and are presumably planning to use it for a decade or more, 48 bits is woefully inadequate. They ought to have used a standard, widely-tested cryptographic algorithm with a significantly longer key size, in order to make brute force attacks impractical.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
People aren't willing to treat government agencies like real businesses. They view it as something sacred. To me, sure the government shouldn't be arbitrarily changed. But you're talking about the AGENCIES and stuff that aren't stipulated in the Constitution. Which is why you get redundant crap like "Homeland Security".
But all well, I've become cynical enough to just give up on humanity at this point.
[ link to this | view in chronology ]
Re:
The thing is they have the money to pay permanent staff however in my experience they'd much rather piss that money away on overpaid contractors and consultants.
The reality is paying £900 per day for someone won't guarantee they're actually any good at their job and in many cases they may even be a graduate with little to ZERO experience. I know when I graduated and worked for a large IT consultancy on massive public sector projects my charge out rate was nearly £700 per day!
[ link to this | view in chronology ]
It'd be worse if...
...a country actually made this same, classic mistake while trying to implement a system to do something critically important, like, oh...hmmm...let me think...voting?
[ link to this | view in chronology ]
Why amateurs should not do crypto.
Maybe the point you were trying to make is simply that the Dutch used a key that was too small. Perhaps, you meant that they thought they could get away with a shorter key because they thought their algorithm was secret, but you didn't make that point.
The rational argument against a proprietary crypto algorithm is that absent expert peer review of the details, it is likely that the algorithm can be broken without having to do a brute force attack.
[ link to this | view in chronology ]
Re: Why amateurs should not do crypto.
[ link to this | view in chronology ]