|
EndCryptor has a security database where it
stores the public keys received and the private keys created. This database is
encrypted and accessible if the user's entry password to the database is
known.
We now explain the situation that arises e.g. if
a hacker Eve succeeds in accessing the computer of say Alice who is communicating with Bob.
The attacker now succeeds in installing spying software (e.g. key logger) and
then tries to utilize the security database, which she has transferred to
herself. Note that these kinds of attacks have in real life been demonstrated
against encryption software packages - a known example being the Caligula
virus.
This exposure of the security database can
happen other ways also: the user turns from friend to foe and reveals
the data to the adversary; or is forced (e.g. by a court order) or lured
to reveal current security data; etc.
Decryption of messages
Eve's possibilities to decrypt before (old) or
after (new) this exposure transmitted and captured messages are limited:
o Old
and new encrypted messages sent from Alice can't be decrypted by Eve.
o Old
encrypted messages sent from Bob to Alice
that have been decrypted by Alice
cannot be decrypted by Eve - this is called backward security.
o New
messages sent from Bob to Alice can be
decrypted by Eve until Alice
sends a message to Bob and Bob decrypts this message. Encrypted messages now
sent from Bob to Alice
cannot any more be decrypted by Eve - EndCryptor has recovered. If
exposure of the security database is suspected, using this feature it is
possible to achieve secure state by sending a dummy message to the
sender of an important message before the important message is encrypted and
transferred - the time window for successful attack will thus become very
narrow.
|
Note that if messages are
exchanged in turns then the number of messages from Bob that the attacker
can decrypt is either zero (Alice sent a
message to Bob just after the intrusion) or one (Alice sent a message to Bob just before
the intrusion) until the attacker has to perform a new hacking intrusion.
|
Identity hijacking
Because Eve has the security database and its
password she may try to send messages to Bob and pretend herself being Alice (Eve uses a
special program available in the Internet that fakes the sender of email).
o If
Alice sends a
message to Bob before Eve does then Eve's all messages are rejected by Bob's
EndCryptor - the hijacking attempt has failed.
o If
Eve is that one who sends the first message to Bob then it is accepted by
Bob's EndCryptor but then Alice's
all further messages will be rejected by Bob's EndCryptor. Also all Bob's
messages to Alice are rejected by Alice's EndCryptor (but
accepted by Eve's). If messages are being rejected it should alarm the
true holder of the identity.
|
Protection against id theft
is important since a user may have blind reliance on the protection given
by a digital signature which assures that the message comes from Alice. As shown above
an adversary may steal information and then try identity theft.
|
Home
|