Rubber-hose cryptanalysis

In cryptography, rubber-hose cryptanalysis is a euphemism for the extraction of cryptographic secrets (e.g. the password to an encrypted file) from a person by coercion, in contrast to a mathematical or technical cryptanalytic attack. The term refers to beating up someone with a rubber hose until they agree to cooperate.

The term originated in the sci.crypt newsgroup in a message posted 16 October 1990 by Marcus J. Ranum, alluding to bastinado: : "...the rubber-hose technique of cryptanalysis. (in which a rubber hose is applied forcefully and frequently to the soles of the feet until the key to the cryptosystem is discovered, a process that can take a surprisingly short time and is quite computationally inexpensive)." [http://groups.google.com/group/sci.crypt/msg/86404637e708d900]

In practice, psychological coercion can prove just as effective as physical torture. Non-violent but highly intimidating methods include such tactics as the threat of harsh legal penalties. The usual incentive to cooperate is some form of plea bargain, such as an offer to drop or reduce criminal charges against a suspect in return for full co-operation with investigators.

Although the term is used tongue-in-cheek, its implications are serious: in modern cryptosystems, the weakest link is often the human user. A direct attack on a cipher algorithm, or the cryptographic protocols used, will likely be much more expensive and difficult than targeting the users of the system. Thus, many cryptosystems and security systems are designed with special emphasis on keeping human vulnerability to a minimum. For example, in public-key cryptography, the defender may hold the key to encrypt the message, but he may not hold the decryption key to decipher it. The problem here is that the defender may be unable to convince the attacker to stop coercion. In deniable encryption, a second key is created which unlocks a second convincing but relatively harmless message, so the defender can prove to have handed over the keys whilst the attacker remains unaware of the primary hidden message. By using these techniques, threats to operators or other personnel will be ineffective in breaking the system. The expectation is that rational adversaries will realize this, and forgo threats or actual torture (on the other hand they may decide to continue the torture indefinately on the basis that they can never be sure they have everything).

In some jurisdictions, statutes assume the opposite — that human operators know (or have access to) such things as session keys, an assumption which parallels that made by rubber-hose practitioners. An example is the UK RIP Act, which has made it a crime to not surrender encryption keys on proper demand from a government official as authorized in the statute. That users (even owners) of some cryptosystems may not be able to do so (having been made somewhat immune to rubber-hose attacks as noted above) causes difficulty with the underlying presumptions of such enactments. One possible interpretation of this is that legislation such as RIP is intended to exert a chilling effect on the use of cryptography.

ee also

* Deniable encryption
* Social engineering (computer security)
* Black-bag cryptanalysis
* "United States v. Boucher", a case before the courts on whether a criminal defendant in the U.S. can be forced to reveal his encryption passphrase.

External links

* [http://www.schlockmercenary.com/d/20060329.html A simple illustration of rubber hose cryptanalysis] from the webcomic Schlock Mercenary

References