Trust – Certifications
Recently I wrote an article about how Trust can be a security risk in one’s environment; today I will expand on that further. On the 4th of January H-Online reported a story where security firm SySS managed to get around the security of some USB drives and access the data without needing to break the cryptography involved. The closing argument that we will be tackling in the article by H-Online is, how could these devices, whose security could so easily be broken, been given the FIPS 140-2 Level 2 Certification?
The reason why these USB drives were given this certification is because they were compliant and still are. Certification claims one thing and one thing alone – that whatever they certify complies with what the certification is all about. In case of FIPS 140-2 in order to achieve level 2 compliance all a USB drive needed were 2 things.
- Requirement to achieve level 1 consisted of the USB drive to use one of the certified cryptographic algorithms, which in this case they did since the algorithm used was AES 256 bit.
- Requirements for Level 2 were compliance with level 1 and physical security for the device. Tamper proof seals or at least notification when physical tampering occurred.
The flaw discovered by SySS was that after entering a password which was validated using a number of cryptographical algorithms, the program would always send the same sequence of bytes, irrespective of the password, to unlock the drive. Obviously none of this has anything to do with FIPS 140-2 level 2 certification.
That being said just because the FIPS certification is not stating anything false even in light of this security flaw there is still a huge problem. When people decide to buy a secure USB drive it is quite safe to assume that they will first look at the certifications it has been given. FIPS 140-2 is the certification that government agencies use to decide on product applicability. What people will think when seeing a USB drive certified with such a certification is that if this is good enough for the government it will certainly be good for them. Very few people will stop to see what a FIPS 140-2 Level 2 certification really means. Even if people do check out what FIPS 140-2 level 2 is all about, it is unlikely that a person who is not into security will realize which parts have been tested and found compliant and which parts have had no actual oversight whatsoever. Finally even people in security who might ask these questions have no way of knowing how such a device really works by just looking at it! How is one supposed to know that this device is unlocked with a byte sequence that remains constant no matter what passwords are used?
The answer is that obviously you cannot. One has to TRUST that the certification process is enough to protect you. The same problem or possibly worse is with devices that have no certification because here you need to believe that the vendor tested the product well enough before shipping it with no independent oversight. So what is one to do? The answer is never trust a device or system to be secure. This not to say that there is no need to buy a secure USB drive, it simply means do not trust that your data is completely safe because it is being stored on a USB drive which has certified encryption. If that USB drive is stolen, in most cases whoever stole it will not be able to gain access however there is no real guarantee of that.
These same arguments don’t apply solely to USB drives; they apply to any device and any certification. No certification claims that no matter what happens you’re safe with the certified device and this is an important point to keep in mind. If the certified device will be used in critical capacity it is essential that the first step in choosing such a device should be researching the certifications in question. Get familiar with what each one is claiming and look for devices that attain the requirements you seek. However keep in mind that no certification covers everything and tests everything. Risk can only be minimized never entirely eliminated. Remember there is no such thing as total security.
In closing, security is a process. Each element you add to it will reduce the risk on a certain front. The biggest danger to this however is when a new added element seems so strong and reduces the risk so much that it makes the user neglect other parts, mistakenly thinking that this new element is enough to mitigate all other risks. This is never the case and it is essential to remember that one only needs to break the weak link to get through, and not the whole security echo system.
Emmanuel—Despite this flaw, it seems that it’s business as usual for some USB drive makers, as this announcement yesterday by Kingston indicates:
“Flash memory device maker Kingston on Wednesday released its DataTraveler 5000 USB flash drive meant for government and enterprise customers. Secured by SPYRUS technology gives it 256-bit AES hardware-based encryption, FIPS 140-2 Level 2 certification, XTS-AES cipher mode and elliptic curve cryptography (ECC) algorithms to meet the US government’s Suite B standards.
“FIPS 140-2 certification meets federal standards set out by the National Institute of Standards and Technology (NIST). Level 2 means the DataTraveler 5000 has a tamper-evident construction, a power-on self test that verifies encryption is operating as it should every time the drive is plugged into a USB port.”
Yes well I wasn’t expecting any of them to close down really and neither should they. Hopefully they learned from what happened and introduced better QA to ensure something like that doesn’t happen again. I am sure that once the DataTraveler 5000 hits the market it will be very well tested by the community!
On my side I just hope that my article will help people who read it, avoid the mistake of thinking that FIPS 140-2 Level 2 (or any other certification really) is idential to definitely safe. Always remember, certifications just helps one make a good decision by pointing to the right direction, nothing else.
Emmanuel—do you know if the security problem with FIPS 140-2 Level 2 also apply to FIPS 140-2 Level 3?
Hi John, I think I might not have been very clear in my article. You see, the security issue was with the USB drive itself not with the certification. In that FIPS 140-2 lvl2 certifies drives that use approved encryption and have anti physical tempering measures. In the case illustrated in this article the vendor had an application that authenticated the password using approved encryption algorithms but that’s all the application did, once the password was verified it then used the same key to authenticate with the drive itself.
I am speculating a little here since obviously I didn’t do the research myself but I suspect the vendor uses the same cryptographic key to decrypt the data within the USB drive and then encrypts that cryptographic key with the password provided by the user. The security flaw in this was the vendor’s implementation, that is they used the same cryptographic key on every drive meaning that all a malicious person would need to do is patch the USB drive application to send the proper key irrespective of the decrypted key. This would make it so that the patched application would decrypt any USB drive of that vendor even when a bad password is entered. Since the drive was still using an approved encryption algorithm it still could be certified as FIPS 140-2 lvl 2.
In a way it’s like a vendor issues a garage door remote where all remotes send the same encrypted signal. No one can decode the signal itself but they don’t need to as any remote can open any door anyway. Likewise here the vulnerability wasn’t with the encryption but with the implementation of that encryption. Hope I was clear. Let me know if you have any more questions.
Conclusion is if a device is Certified FIPS 140-2 level 2 it doesn’t mean that it’s insecure, it just doesn’t necessarily mean it’s secure. Depends on how good a job the vendor did.
Thankfully some bloggers can still write. My thanks for this piece..