, SecurityFocus 2002-08-09
Professional encryption breaker says Moore's Law increases security risks as fast as it boosts chip storage.
Speaking at the Usenix security conference in San Francisco Thursday, Kocher, now president of Cryptography Research, Inc., said creative attacks like these are only becoming more successful as hardware and software solutions grow increasingly complex and difficult to debug.
"Nobody breaks the crypto, they all bypass the crypto," says Kocher. "They are putting bigger crypto keys in there and it doesn't give you bigger security."
These vulnerabilities are exacerbated by Moore's Law, the trend for chip storage to double approximately every 18 months. According to Kocher, cheaper chips drive vendors to build systems of exponentially increasing complexity, escalating the potential for security holes. "If you double the lines of code, you will have four times as many security problems," says Kocher. "Excessive complexity is a security flaw, every piece of a system should be there for a reason."
Complexity failures also extend to organizations. The larger the committee tasked with creating a security system, says Kocher, the worse the results. Kocher adds that Moore's Law is not making security experts exponentially more intelligent to compensate for the increased risk of attack. According to Kocher, this creates an environment where many commercial software and hardware products have a minuscule chance of being extremely secure.
Increased connectedness also encourages security failures, says the cryptographer. "If your toaster oven is connected, you have to figure out how to keep someone from burning down your house with the next worm," says Kocher.
Unexpected Interactions
In his Usenix address, Kocher notes that Moore's law is driving functionality. But the addition of extra features on software packages increases the likelihood that the product will be compromised. Including support for legacy features, for example, makes a product more complex and likely to fail. Developers should also avoid requirements that push the limits and should reduce product speed to increase security, says Kocher. He advises software developers to focus on interfaces between components and isolate components with sandboxing. "Most problems," says Kocher, "are due to unexpected interactions between components designed by different people."
Kocher says testers at his company have also found serious software vulnerabilities -- faulty compilers, non-sandboxed code, passwords and log-in procedures, as well as more subtle computational errors that can compromise keys.
As a result of these problems, Kocher says most commercial security products have a "negligible probability" of being secure against creative attacks.
Kocher says some of the most common successful attacks against commercial products include buffer overflows, "alg negotiation," flawed random number generators, timing attacks or exploits against the "bignum" programming libraries that allow computers to work with very large numbers. He says developers should also be cautious of man in the middle attacks, message replays in sessions, message forwarding and impersonation attacks.
According to Kocher, a typical security evaluation of a product takes two weeks, about eighty person-hours and costs about $32,000. Kocher says his company examines components to see if they are extraneous, and evaluates implementation details to determine how many similar systems have failed. Elsewhere in the lab, testers probe buses and network connections, and measure power consumption. The company also builds hardware for monitoring I/O, timing and power data from smart cards and crypto chips.
In a world of increasing complexity, the length of time a product is secure often depends on the availability of alternative targets, the cryptographer concludes. When a new smart card system was issued in France, Kocher says the rate of attacks on these cards went down while attacks on cards in surrounding countries went up because they were easier targets. "For risk management systems, your design goal should be 'better than the next guy,'" says Kocher.
