Cryptography is a modern necessity. Without we would not be able to protect data (through encryption) or establish identity (through public key infrastructure, digital signatures, and other authentication techniques). Cryptography systems and algorithm implementations are ubiquitous but unfortunately are easy to get wrong, both in implementation and usage. Improper cryptography may have a greater impact than what might originally be apparent, and can introduce the following:
- System-wide security compromises: improperly architected or implemented cryptography systems may enable the entire system to be compromised by a malicious actor
- Data risks: improperly implemented cryptography may not properly secure data and may not prevent against data from being surreptitiously manipulated
- Identity risks: improperly implemented cryptographic encryption and authentication – used to establish and verify identity – may enable identity theft or misattribution.
- Reputational or regulatory risk: negative press can cause customer concern, impact business relationships, and regulatory fines may be imposed, all of which may put future business at risk
- Certification or compliance loss: Depending on the nature of the impact caused by poorly implemented cryptography, certifications or auditing artifacts may be revoked, putting future business at risk.
Improper cryptography can manifest in different ways, some more apparent than others. Several situations that may give rise to the aforementioned issues include:
- Incorrect usage of well-designed cryptography by client code: using well-known and battle-hardened code (e.g. OpenSSL) does not remove the risk and may even introduce overconfidence. The right code also needs to be used in the right way – some encryption schemes have multiple modes, parameters, or flags that need to be selected to best produce the intended results. A typical example of this includes not randomizing initialization vectors for algorithms requiring them.
- Improperly designed crypto systems that are composed of existing components: even if cryptographic code is used properly, it is possible to architect a system in a way that renders the cryptographic implementation moot. A recent example of this includes the hack on the chat service Parler, in which an authentication system was implemented but was not enforced on the server, allowing arbitrary access to the API and enabling user data to be retrieved.
- Improperly implemented cryptographic algorithms: if implementing an algorithm by hand, or optimizing existing code for speed, scale, or to target a platform or topology, it may be difficult to trust that the cryptographic implementation holds overall expected use cases. Even one small error or corner case may weaken the functionality or guarantees that the cryptographic implementation is intended to provide.
- Use of flawed cryptographic protocols: some cryptographic protocols do not provide the security guarantees that were originally expected of them, and using out-of-date or flawed protocols like DES for encryption, can provide a false sense of security without adding any of the benefits intended with their use.
- Unknown usage of cryptography: cryptographic implementations may be in use through third party libraries or dependencies that were pulled into a project or system for other purposes. The presence of these implementations may be introducing unexpected risks.
How do you know whether your cryptography is properly implemented? Do you want your implementations or architectural design checked or audited? Galois can help. We provide cryptographic consulting, auditing, education, and development services that can give you the confidence that your systems are properly delivering the results you expect.
If you’d like to hear about how we can help you, please contact us.