Rubber-hose cryptanalysis
Encyclopedia
In cryptography
, rubber-hose cryptanalysis is the extraction of cryptographic secrets (e.g. the password to an encrypted file) from a person by coercion
or torture
, in contrast to a mathematical or technical cryptanalytic attack
.
The euphemistic
term refers to beating someone with a rubber hose until they cooperate.
According to Amnesty International
and the UN
, many countries in the world routinely torture people. It is therefore logical to assume that at least some of those countries use (or would be willing to use) some form of rubber-hose cryptanalysis. In practice, psychological coercion can prove as effective as physical torture
. Non-violent but highly intimidating methods include such tactics as the threat of harsh legal penalties. The incentive to cooperate may be some form of plea bargain
, such as an offer to drop or reduce criminal charges against a suspect in return for full co-operation with investigators. Alternatively, in some countries threats may be made to prosecute as co-conspirators (or inflict violence on) close relatives (e.g. wife, children or parents) of the person being questioned unless they co-operate.
Although the term is used tongue-in-cheek, its implications are serious: in modern cryptosystems, the weakest link is often the human user. A direct attack
on a cipher algorithm, or the cryptographic protocol
s used, will likely be much more expensive and difficult than targeting the users of the system. Thus, many cryptosystems and security systems are designed with special emphasis on keeping human vulnerability to a minimum. For example, in public-key cryptography
, the defender may hold the key to encrypt the message, but not the decryption key needed to decipher it. The problem here is that the defender may be unable to convince the attacker to stop coercion. In deniable encryption
, a second key is created which unlocks a second convincing but relatively harmless message (for example, apparently personal writings expressing "deviant" thoughts or desires of some type that are lawful but taboo), so the defender can prove to have handed over the keys whilst the attacker remains unaware of the primary hidden message. The designer expectation is that rational adversaries will realize this, and forego threats or actual torture.
In some jurisdictions, statutes assume the opposite — that human operators know (or have access to) such things as session keys, an assumption which parallels that made by rubber-hose practitioners. An example is the United Kingdom's Regulation of Investigatory Powers Act
, which makes it a crime not to surrender encryption keys
on demand from a government official authorized by the act — irrespective of whether or not there are reasonable grounds for even suspecting that the data encrypted held any illegal material.
According to the Home Office
, the burden of proof that an accused person is in possession of a key rests on the prosecution; moreover, the act contains a defence for operators who have lost or forgotten a key, and they are not liable if they are judged to have done what they can to recover a key. However in such cases, the prosecution only has to prove that the accused had the key at some arbitrary time in the past - regardless of whether they still have it.
Cryptography
Cryptography is the practice and study of techniques for secure communication in the presence of third parties...
, rubber-hose cryptanalysis is the extraction of cryptographic secrets (e.g. the password to an encrypted file) from a person by coercion
Coercion
Coercion is the practice of forcing another party to behave in an involuntary manner by use of threats or intimidation or some other form of pressure or force. In law, coercion is codified as the duress crime. Such actions are used as leverage, to force the victim to act in the desired way...
or torture
Torture
Torture is the act of inflicting severe pain as a means of punishment, revenge, forcing information or a confession, or simply as an act of cruelty. Throughout history, torture has often been used as a method of political re-education, interrogation, punishment, and coercion...
, in contrast to a mathematical or technical cryptanalytic attack
Cryptanalysis
Cryptanalysis is the study of methods for obtaining the meaning of encrypted information, without access to the secret information that is normally required to do so. Typically, this involves knowing how the system works and finding a secret key...
.
The euphemistic
Euphemism
A euphemism is the substitution of a mild, inoffensive, relatively uncontroversial phrase for another more frank expression that might offend or otherwise suggest something unpleasant to the audience...
term refers to beating someone with a rubber hose until they cooperate.
According to Amnesty International
Amnesty International
Amnesty International is an international non-governmental organisation whose stated mission is "to conduct research and generate action to prevent and end grave abuses of human rights, and to demand justice for those whose rights have been violated."Following a publication of Peter Benenson's...
and the UN
United Nations
The United Nations is an international organization whose stated aims are facilitating cooperation in international law, international security, economic development, social progress, human rights, and achievement of world peace...
, many countries in the world routinely torture people. It is therefore logical to assume that at least some of those countries use (or would be willing to use) some form of rubber-hose cryptanalysis. In practice, psychological coercion can prove as effective as physical torture
Torture
Torture is the act of inflicting severe pain as a means of punishment, revenge, forcing information or a confession, or simply as an act of cruelty. Throughout history, torture has often been used as a method of political re-education, interrogation, punishment, and coercion...
. Non-violent but highly intimidating methods include such tactics as the threat of harsh legal penalties. The incentive to cooperate may be some form of plea bargain
Plea bargain
A plea bargain is an agreement in a criminal case whereby the prosecutor offers the defendant the opportunity to plead guilty, usually to a lesser charge or to the original criminal charge with a recommendation of a lighter than the maximum sentence.A plea bargain allows criminal defendants to...
, such as an offer to drop or reduce criminal charges against a suspect in return for full co-operation with investigators. Alternatively, in some countries threats may be made to prosecute as co-conspirators (or inflict violence on) close relatives (e.g. wife, children or parents) of the person being questioned unless they co-operate.
Although the term is used tongue-in-cheek, its implications are serious: in modern cryptosystems, the weakest link is often the human user. A direct attack
Brute force attack
In cryptography, a brute-force attack, or exhaustive key search, is a strategy that can, in theory, be used against any encrypted data. Such an attack might be utilized when it is not possible to take advantage of other weaknesses in an encryption system that would make the task easier...
on a cipher algorithm, or the cryptographic protocol
Cryptographic protocol
A security protocol is an abstract or concrete protocol that performs a security-related function and applies cryptographic methods.A protocol describes how the algorithms should be used...
s used, will likely be much more expensive and difficult than targeting the users of the system. Thus, many cryptosystems and security systems are designed with special emphasis on keeping human vulnerability to a minimum. For example, in public-key cryptography
Public-key cryptography
Public-key cryptography refers to a cryptographic system requiring two separate keys, one to lock or encrypt the plaintext, and one to unlock or decrypt the cyphertext. Neither key will do both functions. One of these keys is published or public and the other is kept private...
, the defender may hold the key to encrypt the message, but not the decryption key needed to decipher it. The problem here is that the defender may be unable to convince the attacker to stop coercion. In deniable encryption
Deniable encryption
In cryptography and steganography, deniable encryption is encryption that allows its users to convincingly deny that the data is encrypted, or that they are able to decrypt it. Such convincing denials may or may not be genuine. For example, although suspicions might exist that the data is...
, a second key is created which unlocks a second convincing but relatively harmless message (for example, apparently personal writings expressing "deviant" thoughts or desires of some type that are lawful but taboo), so the defender can prove to have handed over the keys whilst the attacker remains unaware of the primary hidden message. The designer expectation is that rational adversaries will realize this, and forego threats or actual torture.
In some jurisdictions, statutes assume the opposite — that human operators know (or have access to) such things as session keys, an assumption which parallels that made by rubber-hose practitioners. An example is the United Kingdom's Regulation of Investigatory Powers Act
Regulation of Investigatory Powers Act 2000
The Regulation of Investigatory Powers Act 2000 is an Act of the Parliament of the United Kingdom, regulating the powers of public bodies to carry out surveillance and investigation, and covering the interception of communications...
, which makes it a crime not to surrender encryption keys
Key (cryptography)
In cryptography, a key is a piece of information that determines the functional output of a cryptographic algorithm or cipher. Without a key, the algorithm would produce no useful result. In encryption, a key specifies the particular transformation of plaintext into ciphertext, or vice versa...
on demand from a government official authorized by the act — irrespective of whether or not there are reasonable grounds for even suspecting that the data encrypted held any illegal material.
According to the Home Office
Home Office
The Home Office is the United Kingdom government department responsible for immigration control, security, and order. As such it is responsible for the police, UK Border Agency, and the Security Service . It is also in charge of government policy on security-related issues such as drugs,...
, the burden of proof that an accused person is in possession of a key rests on the prosecution; moreover, the act contains a defence for operators who have lost or forgotten a key, and they are not liable if they are judged to have done what they can to recover a key. However in such cases, the prosecution only has to prove that the accused had the key at some arbitrary time in the past - regardless of whether they still have it.
See also
- Black-bag cryptanalysisBlack-bag cryptanalysisIn cryptography, black-bag cryptanalysis is a euphemism for the acquisition of cryptographic secrets via burglary, or the covert installation of keystroke logging or trojan horse software/hardware on target computers or ancillary devices...
- Deniable encryptionDeniable encryptionIn cryptography and steganography, deniable encryption is encryption that allows its users to convincingly deny that the data is encrypted, or that they are able to decrypt it. Such convincing denials may or may not be genuine. For example, although suspicions might exist that the data is...
- Social engineering
- United States v. BoucherUnited States v. BoucherIn re Boucher, No. 2:06-mj-91, 2009 WL 424718, is a federal criminal case in Vermont, which was the first to address directly the question of whether a person can be compelled to reveal his or her encryption passphrase or password, despite the U.S. Constitution's Fifth Amendment protection against...
- Rubberhose (encrypted filesystem)