Thursday, 20 October 2011

Fake it 'til you break it

So me and my Dad have the same initials (and obviously last name).  It was never really an issue until I got older and started receiving mail of my own.  It was common for me to open mail that I thought was addressed to me, but it was actually for him, and vice-versa.  Fortunately is was usually fairly clear from the context of the mail who the mail was actually for, but the fact remained that it was impossible to tell who the mail was for just by looking at the outside.

The same problem can occur when you use cryptography to protect information.  Encryption or signatures are often used to protect data so that an application can be confident that data that leaves its control can't be altered.  However, the keys used for this protection may very well be used by other parts of an application, for a very similar purpose.  So what happens if someone replays some protected data from one part of an application to a different part of that application?  After all if the data is protected in the same way it will pass any signature checks and decrypt successfully.

Initially it might be tempting to say, "use different keys!".  That would work, but it could also drastically increase the number of keys you have to manage.  Hopefully you know that the real problem with using cryptography is usually how to securely manage the keys.  For this reason keys are often re-used.

So what could go wrong if an attacker uses data that is impersonating other data in an attack?  Who knows?!  It clearly is totally dependent on the data that is protected and the implications of it being trusted by the wrong application.

There is a simply solution though, all you have to do is ensure that where your part of an application uses the data, you provide a way of identifying that the data belongs to you.  This could be as simple as adding a unique fixed prefix to the data you protect and ensuring when you recover that data you confirm the prefix is correct.

It's a bit of an odd attack, but I can guarantee that any attacker that suspects some data is encrypted will be injecting that encrypted data into any other place where encrypted data is being used.

No comments:

Post a comment