[IP] Master Key Copying Revealed (Matt Blaze of ATT Labs)

Sun Jan 26 20:09:51 EST 2003

On Sat, 25 Jan 2003, Pete Chown wrote:

> Len Sassaman wrote:
>
> > Most of the time, the lock is not the weakest point of attack.
>
> Isn't this like saying that cryptography isn't important, because most
> real world attacks aren't cipher breaks?

No. It's similar to arguing against a system because it uses 56 bit DES,
but missing the fact that the cryptosystem isn't actually encrypting the
plaintext at all.

> Also, if you pick the lock, potentially no one will know that you
> gained access.  An ordinary burglar can just break a window, but
> someone with a more subtle reason for wanting to gain access may not
> want to.

There are many, many entrance techniques which do not cause any physical
damage whatsoever, which also do not require direct manipulation of the
pin tumbler mechanism.

> If I wanted to make a building physically secure, my instinct would be
> to use electronic locks.  While attacks on, say, an iButton are probably
> possible, it seems to me that it must be an order of magnitude more
> difficult than attacking a mechanical lock.

Again, you're missing the weakest point of attack. *Ignore* the actual
lock. It doesn't matter if you have an iButton or an ASSA or a Kwikset if
the door is secured with an improperly installed spring-latch mechanism,
and it can be opened with a shim. Only after you get the rest of the
physical security aspects addressed should you spend time thinking about
the lock, because it takes a lot more time, effort, or talent to attack a
lock than it does to jimmy a latch.

I would say that 60 percent of the doors I have stood before in my life, I
could have opened with items I carry in my pocket on a daily basis.
Another ten percent would have required picking.

The world of physical security doesn't rely on "security through
obscurity." It relies on security through illusion.

> Now, I'm not an expert on locks, so firstly am I right?  If so, does
> this mean that high security mechanical locks will gradually disappear?

Nearly all installed locks do nothing more than keep honest people honest.
I don't see this changing anytime soon.

I used to jump up and down about physical security problems when I
encountered them, until I learned that people generally don't want to hear
if they have security problems -- they just want to think they are safe.

One of my previous employers was a web hosting company, who had a locked
data center. On my second day working for them, I pointed out that I could
open the door to their datacenter with a credit card. They didn't believe
me. I demonstrated. Did they thank me for this bit of information?

Nope. I was nearly fired.

If you have to sign an NDA before you visit a company's colocation
facility, ask yourself what it is you are about to see that would do
damage to the company if you spoke about it. Locked cages? Look at the
raised floors.

None of these problems even come close to the issues of lost keys and
overly helpful employees, though. Criminals have been using social
engineering techniques to get into locked buildings for as long as there
have been locked buildings.

My comments in this thread have never been intended to criticize Matt for
publishing his paper. In fact, I hope I've praised it. I just don't think
that it will affect the status quo.

--Len.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com