Live Journal about blowfish |

Recent Posts

Best links

Web Hosting Reviews

    • Data security in practice

    | Under Live Jounal

    systems to download unsigned or unencrypted firmware upgrades or store unencrypted user data, a practice we justify because it’s invisible to the end user and makes our lives easier. The stealthy practice, however, is no longer kosher. With the help of this public-domain encryption algorithm, we can clean up our act.

    Modern embedded systems need data security more than ever before. Our PDAs store personal e-mail and contact lists; GPS receivers and, soon, cell phones keep logs of our movements; and our automobiles record our driving habits. On top of that, users demand products that can be reprogrammed during normal use, enabling them to eliminate bugs and add new features as firmware upgrades become available.

    Data security helps keep private data private. Secure data transmissions prevent contact lists and personal e-mail from being read by someone other than the intended recipient, keep firmware upgrades out of devices they don’t belong in, and verify that the sender of a piece of information is who he says he is. The sensibility of data security is even mandated by law in certain applications: in the U.S. electronic devices cannot exchange personal medical data without encrypting it first, and electronic engine controllers must not permit tampering with the data tables used to control engine emissions and performance.

    Data security techniques have a reputation for being computationally intensive, mysterious, and fraught with intellectual property concerns. While some of this is true, straightforward public domain techniques that are both robust and lightweight do exist. One such technique, an algorithm called Blowfish, is perfect for use in embedded systems.

    Terminology
    In cryptographic circles, plaintext is the message you’re trying to transmit. That message could be a medical test report, a firmware upgrade, or anything else that can be represented as a stream of bits. The process of encryption converts that plaintext message into ciphertext, and decryption converts the ciphertext back into plaintext.

    Generally speaking, encryption algorithms come in two flavors, symmetric and public key. Symmetric algorithms, such as Blowfish, use the same key for encryption and decryption. Like a password, you have to keep the key secret from everyone except the sender and receiver of the message.

    Public key encryption algorithms use two keys, one for encryption and another for decryption. The key used for encryption, the “public key” need not be kept secret. The sender of the message uses that public key to encrypt their message, and the recipient uses their secret decryption key, or “private key”, to read it. In a sense, the public key “locks” the message, and the private key “unlocks” it: once encrypted with the public key, nobody except the holder of the private key can decrypt the message. RSA is a popular public key encryption algorithm.

    Most credible encryption algorithms are published and freely available for analysis, because it’s the security of the key that actually makes the algorithm secure. A good encryption algorithm is like a good bank vault: even with complete plans for the vault, the best tools, and example vaults to practice on, you won’t get inside the real thing without the key.

    Sometimes an encryption algorithm is restricted, meaning that the algorithm itself is kept secret. But then you can never know for sure just how weak a restricted algorithm really is, because the developer doesn’t give anyone a chance to analyze it.

    Encryption algorithms can be used for several kinds of data security. Sometimes you want data integrity, the assurance that the recipient received the same message you sent. Encryption algorithms can also provide authentication, the assurance that a message came from whom it says it came from. Some encryption algorithms can even provide nonrepudiation, a way to prove beyond a doubt (say, in a courtroom) that a particular sender was the originator of a message. And of course, most encryption algorithms can also assure data privacy, a way to prevent someone other than the intended recipient from reading the message.

    Data security in practice
    Let’s say an embedded system wants to establish a secure data-exchange session with a laptop, perhaps over a wireless medium. At the start of the session, both the embedded system and laptop compute a private Blowfish key and public and private RSA keys. The embedded system and laptop exchange the public RSA keys and use them to encrypt and exchange their private Blowfish keys. The two machines then encrypt the remainder of their communications using Blowfish. When the communications session is over, all the keys are discarded.

    In this example, it doesn’t matter if someone is eavesdropping on the entire conversation. Without the private RSA keys, which never go over the airwaves, the eavesdropper can’t obtain the Blowfish keys and, therefore, can’t decrypt the messages passed between the two machines. This example is similar to how the OpenSSH command shell works (although OpenSSH takes additional steps to prevent the public keys from being tampered with during transit).

    Now let’s say that a server wants to send a firmware upgrade to a device and wants to be sure that the code isn’t intercepted and modified during transit. The firmware upgrade may be delivered over a network connection, but could just as easily be delivered via a CD-ROM. In any case, the server first encrypts the firmware upgrade with its private RSA key, and then sends it to the device. The recipient decrypts the message with the server’s public key, which was perhaps programmed into the device during manufacture. If the firmware upgrade is successfully decrypted, in other words a checksum of the image equals a known value, or the machine instructions look valid, the firmware upgrade is considered authentic.

    The RSA algorithm is computationally expensive, although not unreasonably so for the level of functionality and security it provides. A lighter-weight approach to firmware exchange with an embedded system would be to encrypt the image with Blowfish, instead of RSA. The downside to this approach is that the Blowfish key in the embedded system has to be kept secret, which can be difficult to achieve for a truly determined attacker with hardware skills. In less extreme cases, however, Blowfish is probably fine since an attacker with such intimate knowledge of the target system and environment will likely find another way into the device anyway (in other words, simply snatching the firmware upgrade from flash memory once it’s decrypted).


    Archive Encryption Key Security Options

    | Under Live Jounal

    Your data is not encrypted with the security you’ve chosen; rather, the security method is used to protect the encryption key that encrypts your data. Think of a key that is locked inside a safe. Your security method (also know as the public key) is the information that unlocks the safe, which contains the key (also known as the private key) that unlocks your data. In other words, your public key protects your private key.

    You have these options for securing your archive encryption key:

    • account password – default
    • private password – another password to use instead of account password
    • personal private key – a private key you create that replaces the default private key

    Each of the encryption key security options offers increasingly greater security, and correspondingly greater risk for forgetting. In other words, using your account password to secure your data is the simplest method and the easiest for others to penetrate. Using a private password adds another layer of security, but it is another password to remember.

    Once you have upgraded your encryption key option, you cannot downgrade to another option. This prevents someone from recovering your lost or stolen computer and using CrashPlan to downgrade your security.

    Securing Your Encryption Key with Your Account Password

    Using your account password to secure your encryption is the simplest method to use, but the easiest for others to penetrate.

    • Default encryption key security option
    • Private key is stored on the server and on source computer
    • Public key uses your account password to protect your private key
    • Public key and private key are stored on the server for web restore
    • Public key is stored on the destination for guest restore
    • Admins can restore without password, allowing easy local fast restore

    Securing Your Encryption Key with a Private Password

    You can specify to use a private password, which is different from your account password, to secure your encryption key. Securing your encryption key with another password offers another level of security; however, you increase the risk to your archive because there is no way to retrieve the private password if you forget it.

    • Upgraded security
    • Private key is stored on and never leaves source computer
    • Public key uses a private-password to protect your private key
    • Public key is stored on the server for web restore and for new installations
    • Public key is stored on the destination for guest restore
    • Admins need private password to restore
    • Additional password to remember, risk not being able to restore if forgotten

    Your Private Encryption Key

    You can specify to replace the default encryption key with a private key to encrypt your archive. This is the most secure option, but it requires the most user management because you must provide your private key every time you restore.

    • Highest upgraded security
    • Private key is stored on and never leaves source computer
    • Manage your own private key per computer, with each computer under this account theoretically using a different private key
    • Web restore, guest restore, new installations, remote restore, etc. require the private key
    • Admins need private key to restore
    • Additional information to keep track of, with increased risk of not being able to restore if lost

    Generating Your Private Key

    You can create your private key in several ways:

    • Enter a passphrase that returns a private key and then paste the key into the encryption key box
    • Allow CrashPlan to generate a private encryption key for you without entering any text (just click the Generate option)
    • Import an encryption key that has been saved to a text file (e.g. an SSH private key)

    Importing and Exporting the Private Key Once you’ve selected the method for generating your private key; you can use the Export option to export the key to a text file. Exporting the private key to a file makes it easier to locate the key in case you forget it. When you need to supply the private key on another computer to which you want to recover files, you can use the Import option to import the encryption key from the text file.

    All data previously backed up and associated with the previous method’s encryption key is no longer available for restoring.


    « Previous Entries