Why we can't have nice security
A recently discovered flaw in many encrypted USB drives provides an object lesson in why IT security is so blessed hard.
The entire line of Spyrus Hydra PC USB encryption drives are invulnerable to such attacks because no password authentication values or keys are ever stored on Hydra PC devices after logoff or removal. Unlike any competing USB encryption drive, the Hydra PC reconstitutes a Master Key Encryption Key at logon using a FIPS-approved Key Derivation Function which utilizes, at a minimum, an Elliptic Curve Diffie-Hellman (ECDH) public/private key pair unique to the device and a random, secret 256-bit "salt" value together with a SHA-256 hash of the user's password. The secret salt value and all other cryptographic computations are securely bound within the FIPS 140-2 epoxy-encased cryptographic hardware rather than in host system software. Therefore it is not computationally feasible to mount an offline attack against the PIN/password. Spyrus has the only USB encryption drive that provides such a robust authentication process to protect access to the data encrypted on the device.
Did you get that? If you read further in the release, you'll find that Spyrus got Level 2/Level 3 validations for FIPS 140-2. Pop quiz: why didn't they get either Level 1 or Level 4 validation?
Ha! Double pop quiz: does Level 4 even exist for FIPS 140-2? If so, is it better or worse than Level 1? And is "validation" the same as, better than, or not as good as "certification"? Is it even possible to get "certification" for various FIPS 140-2 levels? Now answer the same question for "compliance."
For bonus points: is it the epoxy encasing, the fact that the encryption is hardware-embedded, or the infeasibility of mounting a computational/brute force attack that makes the device secure? Is a computational attack the same as a brute force attack in this case? And for double bonus points: is FIPS 140-2 the relevant standard for USB encryption drives, or is Spyrus pulling a fast one by referring to glorious results for FIPS 140-2 when it really should be measured by some other yardstick?
I'm not making fun of Spyrus here, by the way. Kudos to them for producing a product that isn't prey to the latest hack. But this entire discussion of a security-minded product is all too typical.
Yes, it's important that there's a Master Key Encryption Key used at log-in, based on a Key Derivation Function with, at minimum, an Elliptic Curve Diffie-Hellman (ECDH) key along with a random 256-bit "salt" value and SHA-256 hash of the user's password. That's how it works.
But to anyone who's not a security expert--and I don't mean someone who's basically or reasonably familiar with security, but a bona fide expert working on encryption or IT security day-in-day-out--all this is likely Grade A gobbledygook.
When it comes to security, IT consumers are routinely exposed to expert-level technical details. They're asked to understand and evaluate products on that basis. We're asked to make decisions about business-critical systems based on things we understand barely, if at all. Even when we understand the parts well, it's well nigh impossible to understand their interactions in practice.
For example, is a SHA-256 hash of the user's password enough? Or do we need SHA-384? SHA-512, maybe? Would that really be any more secure? It's hard to know. And yet, all sorts of investment and deployment questions depend on the basic question "is the security good enough?" When similar products based on the SHA-3 family arrive, should we immediately scrap those based on SHA-2? Or can we continue using them happily until a natural replacement opportunity? Keep in mind, this is a USB drive we're talking about. One, single, small component. Replicate these questions, this complexity, throughout all of the other IT components-the disk drives, the network cards, the database engines, the application software, the everything-and you start to get an idea why security is so hard.
The vulnerabilities can be anywhere, the complexities are everywhere. That's why we can't have nice security--at least, not with the simplicity and assurance we so crave.
Follow me on Twitter at @jeunice