Rubber-hose cryptanalysis

From Wikipedia, the free encyclopedia

Jump to: navigation, search

In cryptography, rubber-hose cryptanalysis is a euphemism for the extraction of cryptographic secrets (e.g. the password to an encrypted file) from a person by coercion,[1][2] in contrast to a mathematical or technical cryptanalytic attack. The term refers to beating someone with a rubber hose until they cooperate.

Ambox question.svg
 This article or section may contain previously unpublished synthesis of published material that conveys ideas not attributable to the original sources. See the talk page for details. (December 2009)

According to Amnesty International and the UN, many countries in the world routinely torture people.[3][4][5][6] It is therefore logical to assume that at least some of those countries use (or are willing to use) some form of rubber-hose cryptanalysis.[citation needed]

The term originated in the sci.crypt newsgroup in a message posted 16 October 1990 by Marcus J. Ranum, alluding to corporal punishment:

...the rubber-hose technique of cryptanalysis. (in which a rubber hose is applied forcefully and frequently to the soles of the feet until the key to the cryptosystem is discovered, a process that can take a surprisingly short time and is quite computationally inexpensive).[7]

In practice, psychological coercion can prove as effective as physical torture. Non-violent but highly intimidating methods include such tactics as the threat of harsh legal penalties. The incentive to cooperate may be some form of plea bargain, such as an offer to drop or reduce criminal charges against a suspect in return for full co-operation with investigators. Alternatively, in some countries threats may be made to prosecute as co-conspirators (or inflict violence on) close relatives (e.g. wife, children or parents) of the person being questioned unless they co-operate.[4][8]

Although the term is used tongue-in-cheek, its implications are serious: in modern cryptosystems, the weakest link is often the human user. A direct attack on a cipher algorithm, or the cryptographic protocols used, will likely be much more expensive and difficult than targeting the users of the system.[citation needed] Thus, many cryptosystems and security systems are designed with special emphasis on keeping human vulnerability to a minimum. For example, in public-key cryptography, the defender may hold the key to encrypt the message, but he may not hold the decryption key to decipher it. The problem here is that the defender may be unable to convince the attacker to stop coercion. In deniable encryption, a second key is created which unlocks a second convincing but relatively harmless message (for example, apparently personal writings expressing "deviant" thoughts or desires of some type that are lawful but taboo), so the defender can prove to have handed over the keys whilst the attacker remains unaware of the primary hidden message. By using these techniques, threats to operators or other personnel will be ineffective in breaking the system.[citation needed] The expectation[by whom?] is that rational adversaries will realize this, and forgo threats or actual torture.

In some jurisdictions, statutes assume the opposite i.e. that human operators know (or have access to) such things as session keys, an assumption which parallels that made by rubber-hose practitioners. An example is the United Kingdom's RIP Act, which has made it a crime to not surrender encryption keys on proper demand from a government official as authorized in the statute. That users of some cryptosystems may not be able to do so, as noted above, is not addressed by the statute.

[edit] See also

[edit] References

  1. ^ Soghoian, Chris (October 24, 2008). "Turkish police may have beaten encryption key out of TJ Maxx suspect". Surveillance State. CNET Networks. http://news.cnet.com/8301-13739_3-10069776-46.html. Retrieved August 29, 2009. 
  2. ^ Schneier, Bruce (October 27, 2008). "Rubber-Hose Cryptanalysis". Schneier on Security. http://www.schneier.com/blog/archives/2008/10/rubber_hose_cry.html. Retrieved August 29, 2009. 
  3. ^ Pincock, Stephen (November 1, 2003). "Exposing the horror of torture". The Lancet 362 (9394): 1462–1463. doi:10.1016/S0140-6736(03)14730-7. http://www.thelancet.com/journals/lancet/article/PIIS0140-6736(03)14730-7/fulltext. Retrieved August 29, 2009. 
  4. ^ a b UN News Service (October 27, 2004). "Many countries still appear willing to use torture, warns UN human rights official". Press release. http://www.un.org/apps/news/story.asp?NewsID=12364&Cr=torture. Retrieved August 28, 2009. 
  5. ^ Modvig, J.; Pagaduan-Lopez, J.; Rodenburg, J.; Salud, CMD; Cabigon, RV; Panelo, CIA (November 18, 2000). "Torture and trauma in post-conflict East Timor". The Lancet 356 (9243): 1763. doi:10.1016/S0140-6736(00)03218-9. Archived from the original on August 27, 2005. http://members.pcug.org.au/~wildwood/Lancet.htm. Retrieved August 29, 2009. 
  6. ^ Iacopino, Vincent (November 30, 1996). "Turkish physicians coerced to conceal systematic torture". The Lancet 348 (9040): 1500. doi:10.1016/S0140-6736(05)65892-8. http://www.thelancet.com/journals/lancet/article/PIIS0140-6736(05)65892-8/fulltext. Retrieved August 29, 2009. 
  7. ^ Marcus J. Ranum (October 16, 1990). "Re: Cryptography and the Law...". sci.crypt. (Web link). Retrieved on August 29, 2009.
  8. ^ Russell D. Hoffman (February 2, 1996). "Interview with author of PGP (Pretty Good Privacy)". High Tech Today. http://www.animatedsoftware.com/hightech/philspgp.htm. Retrieved August 29, 2009. 
Retrieved from "http://en.wikipedia.org/wiki/Rubber-hose_cryptanalysis"