Home
Search
Login
<mosaic.cnfolio.com>
Technology Exploration Project – M591

When Encryption is not Enough -- the Weak Password Problem


Encryption is necessary, but insufficient to properly protect critical stored data from unauthorized access

The strength of an encryption is determined by the size of the key used. In data communications, this often results in a relatively strong encryption. For example, the SSH key used by one of our networked machines is cd:ba:84:18:25:41:74:90:f7:00:99:1d:24:b8:9f:e0. When it comes to stored data however, the passwords used are much simpler, because we need to remember them. Additionally, the perpetual nature of stored data makes it an easier target for attackers than a time dependent communication of the data.

Data encryption software, such as SafeHouse, are generally simple to use, but they store the encrypted files in an easily accessible way. There are other steps that can be taken, namely dispersing the information across servers as in the DSGrid approach, which can make the encryption strength irrelevant.


Stored data encryption is generally weaker than communication encryption because of simpler passwords

SafeHouse is a piece of file encryption software from PC Dynamics and it costs about $40 per user. The software uses a choice of symmetrical encryption algorithms (Blowfish, Twofish, Rijndael, DES or Triple DES) to encrypt a file of predetermined size. This file, with the extension .sdsk, is then mapped to a Windows drive letter, thus enabling simple file IO for any application.

The file size equates to disk capacity and is pre-determined. It can be changed after it is created, but within pre-defined limits. The file can be filled with random data so that the contents can't be inferred from the file size. This could also make unauthorized decryption a more difficult task, because recognising good data amongst the random background data becomes more difficult.

This is a simple and scaleable system. The encrypted files can be as large as 2 TB which may suit a small business, however there are multi access issues and the volume can only be mapped with write access by one user at a time (Frequently Asked Questions, n. d.). Because of this, the software is more suited to individual use. The costs associated with running this software are not more than the cost without the software, other than the per user license cost.

This software is limited to Windows only for the file encryption/decryption. However once the file is encrypted, it is just a file and can be handled by any operating system.

Most attacks on data occur with the stored version of the data, opposed to an interception of that data across a network (Seitz, Pierson & Brunie, 2003). This is because the data is in a known place at a given time, whereas an attacker is unlikely to know when a communication will occur and so is less likely to know when to intercept, or how to interpret what they have intercepted. Also, the passwords used to store data need to be memorable either directly or through a keychain file. These simple passwords do not withstand brute force attacks as well as a longer password (Password Recovery Times, 2007).


Key management helps mitigate the weak password problem, but the fundamental problem remains

One technique that can be employed is to use key management software. This enables the data to be protected with a longer, unmemorable password by storing that password in an encrypted file that is encrypted with a simple, memorable password. This does help the situation, because an attacker gaining access to the data does not necessarily mean that the attacker has access to the key file. However, on many occasions the data and the key file will be in the same location, or even the same machine (like my own system).

If the key file is stored separately, say on a USB drive, then this system can work very well. But if an attacker has access to the key file with the data file then the weak password problem is simply moved from one file to another.


Stored data can be accessed and the weak password broken

The stored data from the SafeHouse software is easily copied if one has access to the system. I have installed the system on my desktop, and then was able to copy the encrypted files onto a memory stick and read them with my laptop. The files are obviously still encrypted, but using a trial version of the software downloaded from the Internet, the simple, default password was guessed and the data fully recovered.

With networked computers, such as Distributed.net's Project Bovine and criminal bot nets (Net security threats growing fast, 2004) the computing power available is astonishing and growing. According to Lockdown.co.uk, a seven character, letters only password (like the default password with SafeHouse) can be guessed with a brute force search by a small cluster in 8 seconds (Password Recovery Times, 2007).


We can eliminate the weak password problem by dispersing the information

DSGrid is an open source product that uses Information Dispersal to add to the security of the stored data. An encrypted file is split into a number of sections, or slices. Each slice is insufficient to recover the original encrypted file.

Information Dispersal Data Storage

A DSGrig system comprises of three levels of computers (although some or all levels can be combined, a deployed system should include all three). The top level is the Source computers, these are the computers accessing the data; performing the read, write and modify operations. These computers communicate via an iSCSI interface across a network to the next layer, the Accessors. The iSCSI interface makes the distributed storage transparent for the software running on the Source computers, much like the Mapping does with the SafeHouse software.

The Accessor layer computers perform the Cauchy Reed-Solomon Information Dispersal Algorithm on the data, which produces the data Slices. Data Slices contain too little information to be useful themselves. They also contain some redundant data so that the original data can be constructed without all of the original Slices. The Accessor layer then transfers the Slices to the third layer: the Slicestor (storage) layer. This is where the file Slice is actually stored.

To recover the data you now need to know the password for the encryption and also the location of the data slices, and how to combine them.

Unlike the SafeHouse software solution, the front end of the DSGrid software, the Source computers, can be running any operating system. This is because of the iSCSI interface, so as long as the operating system supports iSCSI you can use a DSGrid. The operating systems on the lower layers are more specific and UNIX based, but because the software is open source it can be altered and compiled to run on any system.

The problem with the DSGrid solution it that it requires a large amount of knowledge to set up and it has a high resource threshold. The configuration and installation of the software requires a much higher degree of knowledge that the SafeHouse software, and there should be at least six computers within the DSGrid system, one each at layers one and two, and four at layer three. Any less, and there would be no benefit to the system over a more conventional data storage system.

The cost of installing and maintaining such a system is much higher than SafeHouse, even though the software itself is free. This is due to the time and expertise required to set the system up. The additional costs of hardware required to run the system is not quite a fair comparison, as the DSGrid system offers much more functionality that the SafeHouse software (data availability, for example). It would be more comparable to a SafeHouse file stored on a hard drive array, perhaps duplicated across multiple servers. In this case the hardware requirements are similar, if not in DSGrids favor.

These limitations make the DSGrid system suitable to larger organizations.


Conclusion

Stored data encryption is generally weaker than communication encryption and stored data is generally more vulnerable than communicated data. The use of encryption software like SafeHouse is better than not encrypting the data, but the password needs to be remembered. With processing power, and especially criminally controlled bot nets, increasing constantly, weak passwords are becoming much more of a security weak point than they once were. Password keychain files help mitigate the problem of weak passwords, but themselves suffer from the same problem.

Information Dispersion is a much better approach to data security and effectively elements the weak password problem, because the location of the slices of the files is also kept secret. However, this solution is more complicated than data encryption alone and has a higher threshold level of equipment and expertise.




My Own System:

Apple OS 10.4 with a 128-bit AES encrypted file using a long random password (18 characters using upper and lower case letters, numbers and special characters) that is held within a Keychain Access encrypted file, protected with a small password (8 characters using lower case letters and numbers).
The main encrypted file is located on an external hard drive attached to the machine where the Keychain file resides.

My SafeHouse Trial

Setup: Two Windows XP computers running the trial version of SafeHouse Standard Edition v2.10.079
1. Install SafeHouse on both systems
2. Create a .sdsk file and create .txt and .doc files
3. Lock the .sdsk file
4. Copy file to memory stick
5. Un-encrypt with second system
6. Inspect encrypted file with a text editor

Next steps would be to decrypt the file by a brute force of dictionary attack with a separate program or attempt to reverse engineer SafeHouse itself to use it directly to perform a brute force attack. This would highlight any embedded salt SafeHouse used, and so reduce the decrypt time, but would be more complicated and so increase the set up time.


References

BBC News. (2004). Net security threats growing fast. Retrieved November 10, 2007, from http://news.bbc.co.uk/1/hi/technology/3666978.stm

Cleversafe. (n. d.). How Dispersed Storage Works. Retrieved November 10, 2007 from http://www.cleversafe.org/dispersed-storage

Gladwin, C. (n. d.). Dispersed storage. Retrieved November 10, 2007, from http://news.zdnet.com/2422-13569_22-156114.html

Lockdown. (2007). Password Recovery Times. Retrieved November 11, 2007, from http://www.lockdown.co.uk/?pg=combi&s=articles

PC Dynamics. (n. d.). Frequently asked Questions. Retrieved november 10, 2007, from http://www.pcdynamics.com/SafeHouse/SafeHouseFAQ.asp

Safehouse. (n. d.). SafeHouse keeps your personal files private. Retrieved November 11, 2007, from http://www.pcdynamics.com/SafeHouse/

Seitz, L., Pierson J. & Brunie, L. (2003). Key Management for encrypted data storage in distributed systems. Retrieved November 10, 2007, from http://www.creatis.insa-lyon.fr/MEDIGRID/publis/SISW03-Seitz-et-al.pdf
Page revised 2007-11-27 09:36 • ©2012 University of Portsmouth • This website uses wikkawiki.org software.