This is an unedited version of the correspondence that was summarised in "Fortress: the debate continues" in Computer Fraud and Security Bulletin vol. 9 no. 7 (1987) pp. 10-11.
John High wrote:
Martin Kochanski's headline-grabbing activities in cracking file-encryption software (presumably to boost the sales of his own Ultralock) demonstrate a common misunderstanding that security professionals continually strive to overcome. Properly constructed computer security does not rely on one single mechanism (for example encryption), but encompasses multiple layers of access control to deter unauthorised users of a system, and to limit the activities of authorised users.
Of course, Kochanski has not cracked Fortress, he has merely achieved what any authorised user might obtain from his own files. He has only tackled one aspect of an access control system.
A criminal, intent on stealing readable information from a microcomputer protected by access controls, first has to breach any physical barriers. We advise our clients to site machines sensibly in order to limit access to them. Locked doors or keyboards are simple but effective deterrents. However, we must assume that at some times doors will not be locked and machines will be unattended.
The next step is to switch on the machine. The criminal should be faced with a sign-on screen which requires the entry of a system password. If he successfully enters the system password, he should then need to identify himself with a user-id and password.
Any good access control software should then present him with a menu that allows access to the particular programs and files that the user is allowed to deal with. Some of the options on the menu may also be password-protected.
If encryption is incorporated as a feature, then we would expect it to either encrypt all files, or be under the control of a security administrator. We would not expect users to be faced with deciding whether or not to encrypt individual files. To guard against machines being left on and unattended, we would expect to see software-driven terminal time-out procedures.
Of course, passwords are like physical keys, and people can leave them lying around. But all that any reasonable security function (whether it is mainframe or micro-oriented) can do is:-
Instead of trying to work through the access control layers, can the criminal use any other routes to information? An obvious method would be to reboot DOS from drive A to access the hard disk. Access control software should either lock out drive A for booting, or should ensure that programs cannot act on data on the hard disk.
If the MOD had installed access control software on the machines which they subsequently sold, they would not have been embarrassed by the recent headlines about secret information being found by a purchaser of one of their second-hand machines.
Another route would be for the criminal to steal backup diskettes. If the user has not physically secured his diskettes then this is a possibility. How will the criminal decrypt a backup diskette? Clearly he could do what Martin Kochanski has done - but then he needs to be an authorised user of the access control software.
Last month's article stated "However elaborate a package's use of passwords, if the encryption is not secure, then someone can read the disk". I don't think that many administrators of RACF, ACF2, etc, would agree.
- John High, Deloittes.
Martin Kochanski replied:
I am sorry to see that John High thinks that the only possible reason for highlighting the weaknesses in a security system can be to promote another rival product: he should remember that even software suppliers can occasionally act from disinterested motives, especially when the respectability of the whole concept of computer security is being put at risk by the promotion of dangerously weak systems.
High scatters through his reply various assertions about the type of attack that was applied on the encryption system and on its validity. I shall describe the attack in more detail in due course, but it is worth noting now that although the construction of the attack obviously had to start from a copy of Fortress (easily obtainable from Deloittes), the attack itself will work on any copy of Fortress using the current encryption algorithm.
The whole sequence of events that High describes (for "Any good access control software" read "Fortress" throughout) has little relevance to the way that an attack would actually be conducted. A whole paragraph is devoted to physical security, and High says that Deloittes "advise [their] clients to ... limit access to [their machines]" - but the Fortress manual states explicitly "Even if a thief succeeds in stealing the machine, the data on the hard disk is still secure" and "A disk encrypted using Fortress can safely be allowed to leave the premises for repair".
"The criminal should be faced with a sign-on screen" - true, but impossible. Beg, borrow, steal, or buy an ordinary copy of PC-DOS and start up the machine from it, and you will have access to the whole range of DOS commands without any sign-on screen or requirement for passwords.
"If encryption is incorporated as a feature" - this makes it sound optional. Does High assert that it is in fact optional, and if so, why does Fortress include encryption? Just as a marketing ploy? Does this attitude explain the weakness of the algorithm chosen?
What, then, is the true position of encryption in a security system? High says that thinking that encryption is important is "a common misunderstanding that security professionals continually strive to overcome" (I) and that "properly constituted computer security does not rely on ... encryption". I would assert, on the contrary, that encryption is the foundation of all microcomputer security, and its importance is exactly that of the foundations of a building: its strength is not an automatic guarantee of the strength of the whole, but if it is weak, the whole structure will collapse. High says that encryption is just "one aspect" of a security system. The foundations of the Albert Hall are just one aspect of the whole, but this does not make them any less important.
High's final reference to mainframe security packages such as RACF is not relevant to microcomputer security, whose physical and operational characteristics are very different. I have covered the differences, their significance, and what can be done about them, in my paper "Is Data Security Possible on Microcomputers?" presented at the European Computer Systems Security Forum in November 1984 and subsequently published by Online: if any reader has difficulty in obtaining this, I shall be pleased to supply reprints.
- Martin Kochanski.