Embed Size (px)
Citation preview
Vol. 11, No. 8, Page 16
insurance adequately covered hardware, software, data, extra expense and business interruption. Roughly the same proportion - 14% - said that while they did have a contingency plan they were not convinced that it would actually work in the event of a disaster.
Indeed, 22% claimed that their organization’s disaster recovery plan had not been fully tested, and some 17% said they were not completely satisfied with their standby data processing facilities.
Only 11% believed that their business would be affected if their computer was down for an hour or more, but the overwhelming majority - 94 per cent - said there would be a very significant effect if the computer was down for a day or longer. Nevertheless, 71% believed they could restore online applications within 12 hours at most.
Of course, we do not live in a perfect world and it would have been even more surprising if all the firms polled had been able to give a satisfactory answer to all the survey questions. Even so, the number of firms who clearly fall very far short is significant.
For some, the lessons are being learned the hard way. One data processing manager who was contacted by telephone during the survey to obtain his answers to the survey questions replied: “Sony, I can’t talk now, we’ve just had a disaster!“.
lain Hall
Phoenix Business Systems Recovery
TECHNICAL EVALUATION
Product: DATALOC KEY
Developer, Vendor: Abstract Computers, Greensward House, The Broadway, Totland,
Isle of Wight PO39 OBX, UK; tel: +44-(0)983-753798
Availability: IBM PC/XT/AT or any close comparatively running MS-DOS/PC-DOS, with an 8 bit, full length, slot available.
Version evaluated: v2.3 (taken from the plug-in card PROM), token serial number = 003330.
Price: f399.
Computer used for technical evaluation: ITT XTRA (a PC compatible) with 640K of RAM, 4.77 MHz 8088 processor, one 3.5 inch floppy disk, two 5.25 inch floppy disks, a 30 Mbyte Western Digital hardcard, and MS-DOS v3.30.
DATALOC KEY is a plug-in card that in
common with many other products on the market aims to control access to data held on a PC using encryption techniques. It is one of a family of such products (DATALOC SOFT, DATALOC PLUS - Further information from
the address above).
Associated with each plug-in card is a small (66 x 66 x 25 mm) epoxy block (confusingly called the KEY) which plugs into a 15way connector on the plug-in card.
Possession of this epoxy block, which performs the encryption and decryption, and knowledge of the correct password permits a user to access the PC, and its associated files.
The name ‘KEY’ is made even more confusing by the manual insisting that encryption requires data and an encryption code to operate, when the phrase ‘encryption code’ is what is universally referred to as a key. To avoid such confusion I shall use the
word ‘token’ to refer to the small epoxy block. If the token is removed and replaced by another one, any file stored in encrypted form cannot be successfully decrypted.
The available facilities for each user must be chosen by the security manager. He or she
COMPUTER FRAUD 81 SECURITY BULLETIN
01989 Else&r Science Publishers Ltd., England./89/!kO.O0 + 2.20 No part of this publication ma be IX educed, stored in a retrieval s stem, or transmitted by any form or b{ any means, electronic, mechanics photocopying, recording or o x. enwse, w&out the prmr permission o the publishers. (Readers in the U.S.A.- please see special regulations listed on back cover.)
Vol. 11, No.8, Page 17
can choose to make only certain directories available, autoencrypt data read from/written
to any or all disk drives, permit or disbar the user from the directory manipulation commands available in MS-DOS (change, make or remove directory), allow access to the PC only at named times of day on specified days of the week, and if required generate an audit trail. Of necessity in an article of this size, this list is only a short summary of the
available facilities. The setup process is easy to use.
The security manager must also set a password for each user. Case is significant in the passwords, a fact that increases the total number of possible passwords that can be chosen, but tends to make passwords easier to forget. This is only a mild nuisance, but passwords that cannot be precisely remembered tend to get written down.
It is imperative that the security manager has some appreciation of the technical innards of the PCs being used, and a more than passing knowledge of the security aims that he wishes to achieve. This is not an onerous restriction, it is saying no more than at least one person in any company knows what using DATALOC KEY (or any similar product) is supposed to achieve.
DATALOC KEY requires a full length slot in your PC (any slot will do), and requires a hard disk drive to operate. After installing the plug-in card, the ribbon cable to the floppy disk drives must be removed and re-inserted into the plug-in card to the floppy disk drives. I doubt if physical installation would take more than 15 minutes for each PC.
It is a shame that at 205 mm in length, the plug-in card is too long for a half-length slot. The printed circuit board is not particularly densely populated, and some compression of the physical layout of the integrated circuits could achieve a card that would fit into a half-length slot. The plug-in card contains a PROM, CMOS RAM, a parallel interface to the token, and other miscellaneous logic. It does not contain a processor (see discussion of the token).
Unfortunately I had problems installing the
system on my PC. One cause of this was the cables cores twisted between the connectors for the two floppy disk drives. My clone does not require such a cable. IBM manufactured computers, and many other clones do require this. This was soon sorted out by helpful telephone discussions with Abstract Computers’ personnel. The cables were also too short for use with any slot other than the one nearest to the disk drives, and I could only insert the plug-in card in this slot after rearranging the other cards in my PC.
The plug-in card can be re-jumped to any one of 32 I/O addresses and any one of six memory addresses. Some suitable combination can probably be found for almost any PC.
Once the security manager has set up the system, then all the user notices is that the correct token must be attached, and a name and password must be entered before DOS is allowed to boot. Note that passing the disk drive cables through the plug-in card makes it particularly easy for DATALOC KEY to prevent booting from a floppy disk. A point often not covered by other similar security products.
The token is designed to atta& directly to the plug-in card, which is accessible at the back on most PCs. This requires at least 66 mm of space available at the rear of the PC, but if this is not available then a 15 way cable can be used to extend the socket to a more easily accessible position. I was surprised that such a cable was not provided as standard.
The documentation provided with DATALOC KEY is written in a clear style, comprising 52 pages (A5 size), with an index and glossary both included. I would have liked to see more examples and further detailed explanation in the manual. Many of the most useful points are made on an extra five A4
sheets which were provided in addition to the manual. For instance I had to refer to the extra sheets to find out if I should back up my hard disk before using DATALOC KEY (the
COMPUTER FRAUD &
SECURITY BULLETIN
01989 Ekevier Science Publishers Ltd., Engtand./89/$0.00 + 2.20 No part of this publication ma be rc b
r any means, electionic, met rl P
reduced, stored in a retrieval s stem, or transmitted by any form or amca , photocopying, recording or o x.. erwwee, w&out the prtor permission
o the publishers. (Readers in the U.S.A.- please see special regulations listed on back cover.)
Vol. 11, No. 8, Page 18
answer is Yes), and the I/O addresses and memory addresses mentioned above are described on these extra sheets. I assume that such details will be included in later versions.
The encryption algorithm used by DATALOC KEY is called ‘Extended DES’, which has a 64 bit key as opposed to 56 bits for the commonly used DES (Data Encryption Standard) algorithm. Either DES is used, or it is not. To claim that the DES algorithm has been extended when it is very precisely defined in various international standards is merely misleading. The manual even claims that the key length extension makes the algorithm 256 times more difficult to ‘break
(their quotation marks) than DES. Designing a stronger algorithm is not as simple as extending the key length, anyway the real DES algorithm has no means of using the extra key
bits during encyrption or decryption, so a radical re-design is called for.
I believe that such references to DES should be removed entirely. DATALOC KEY uses an unpublished algorithm. To try and imply otherwise is false (and misleading).
The difficulty (impossibility?) of establishing the strength of an unpublished algorithm has been discussed at length in previous technical evaluations. An article by Martin Kochanski entitled ‘Security considerations for encyrption products’ (CFSB
September 1988) also provides a very clear discussion of how to approach this problem.
I also have great difficulty with the way the processor contained within the token which performs the encryption and decryption is described as a transputer. This word is now universally used in reference to the lnmos processor of that name. DATALOC KEY defines transputer as “a self-contained computer complete with interface to the outside world”. This is a definition of a single-chip processor. to use the word transputer implies processing power that is not available with the hardware used in DATALOC KEY.
The plug-in card contains no tamper resistance, so in common with other products of this nature, a logic analyser attached to the plug-in card could (after overcoming any physical difl iculties) be used to monitor security operations. This includes loading the card with security information for a particular user. The encryption and decryption operations are performed using the processor within the token, but this only claims to be tamper resistant by being embedded within epoxy resin.
One of my previous articles (‘Plug-in security cards, how secure are they?’ CFSB August 1987), discussed the contention that using a hardware plug-in inevitably made your PC more secure. It is certainly true that to achieve a very secure system you need to use hardware/software which is inaccessible to the main processor. The converse however is not always true. If you use a hardware security card, your PC may or may not be operating more securely, it all depends on how well the plug-in card has been designed. and how it operates.
Keith Jackson
BOOK REVIEW
Title: Building a Secure Computer System
Author: Morris Gasser
ISBN : o-442-23022-2
Publisher: Van Nostrand Reinhold at International Thomson Publishing Services Ltd, North Way, Andover, Hants SPlO 5BE.
Price: f 26-95
This is a technical reference work on computer security. It is unashamedly aimed at the “computer professional who wants to understand, and perhaps implement, technical solutions to computer security problems”.
COMPUTER FRAUD & SECURITY BULLETIN
@WI39 Elsevier Science Publkhers Ltd., Englaaod./S9/$0.00 + 2.20 No part of this publication ma be re b
r any means, electronic, mcc~anic~
roduced, stored in a retrieval s stem, or transmitted by any fo? or , photocopying, recording or o x . crwse, without the pnor pemussion
o the publishers. (Readers in the U.S.A.- please see special regulations listed on back cover.)
