Cryptography Reference
In-Depth Information
software they use can be audited for cleptographic attacks only provided one
knows of the existence of such attacks in the first place.
Furthermore, nobody can discount the fact that there is a potential for unnoticed
modification of trust-center software. The sheer mention of such an attack might
fill some people in charge with outrage. However, they had better consider
that the stealthy conversion of public-authority software in SETUP software
is extremely attractive, for example, for national intelligence organizations of
all flavors. Such a 'transformation' would doubtlessly be executed with utmost
criminal energy, for the reward is unusually high against relatively little cost
and minimal risk.
We should pay attention to the fact that keys created by trust centers are used
for signing and never ever for ciphering!
I can think of yet another use for SETUP systems: they could serve for elegant
key escrow (more about it in Section 8.2.3). In this case, the government, or the
firm itself, would be the official owner of the 'universal key for all universal
keys'. While this might be of theoretical interest, the formulation alone points
to the risk: all, but really all, security depends on one single universal key. Once
this key is compromised (i.e., known to unauthorized parties), changing it will
be of little use. All messages of all users intercepted by eavesdroppers up to
this point can be decrypted, and nobody can prevent it. This is one of the very
big risks in cryptography; it is where it differs from the other system-security
terrain.
Some Ideas About Countermeasures
How can SETUP systems be prevented or, at least, how can their use be made
more difficult? Considering that the research work of Young and Yung stands
more or less alone in the world, there are only a few ideas about possible
countermeasures.
•
An idea more inclined to the safe side uses freely available
and
popular
cryptographic software. I can think of PGP 2.6, which will be discussed
in detail in Section 7.1, or SSH, or mainly OpenSSL. For the sake of
security, if you opt for this approach, you'd better check the checksum
shipped with the product (it's the only thing that proves that you got the
'real software', unless it's an MD5 sum
...
).
For example, the PGP source code was studied by so many programmers
on the Internet that Trojan cryptography would have been discovered
