In cryptography, rubber-hose cryptanalysis is a euphemism for cryptanalysis secret extraction (eg password to encrypted file) of a person by coercion or torture - such as hitting the person with a rubber hose, hence the name - in contrast to cryptanalytic attacks math or technical.
Video Rubber-hose cryptanalysis
Detail
According to Amnesty International and the United Nations, many countries around the world routinely torture people. It is therefore logical to assume that at least some of these countries are using (or will be willing to use) some form of cryptanalysis rubber hose. In practice, psychological coercion is as effective as physical torture. Not physically violent but a very intimidating method including tactics such as the threat of severe legal punishment. Incentives to work together may be a form of bargaining defense, such as an offer to drop or reduce criminal charges against a suspect in return for full cooperation with investigators. Or, in some countries, threats may be made to prosecute conspirators (or violence against) close relatives (eg spouses, children, or parents) of people questioned unless they work together.
In some contexts, rubber hose cryptanalysis may not be a worthy attack because of the need to decrypt data in disguise; information such as passwords may lose their value if they are known to have been compromised. It has been argued that one of the goals of strong cryptography is to force the opponent to use fewer veiled attacks.
The use of the earliest known term is on the sci.crypt newsgroup, in a message posted October 16, 1990 by Marcus J. Ranum, referring to corporal punishment:
... rubber hose code reading technique. (where a rubber hose is applied forcibly and often to the sole of the foot until a key to the cryptosystem is found, a process that can take a very short and computationally cheap time).
Although the term is used with tongue-in-cheek, the implication is serious: in modern cryptosystems, the weakest link is often a human user. Direct attacks on cipher algorithms, or cryptographic protocols used, tend to be much more expensive and difficult than targeting people who use or manage systems. Thus, many cryptosystems and security systems are designed with special emphasis on keeping human vulnerability to a minimum. For example, in public key cryptography, defenders can hold the key to encrypt messages, but not the decryption key needed to decipher them. The problem here is that the defense may not be able to convince an attacker to stop coercion. In undeniable encryption, a second key is created which opens a convincing but relatively innocuous second message (for example, it seems that personal writings express thoughts or desires that deviate from some legitimate but taboo kind), so the defense may prove to have handed over a temporary key the attacker remains oblivious to the main hidden message. In this case, the designer's expectation is that the attacker will not be aware of this, and release the actual threat or torture. The risk, however, is that the attacker may be aware of the deniable encryption and will assume the defender knows more than one key, meaning the attacker can refuse to stop forcing the defender even if one or more keys are revealed: on the assumption the defender still holds the additional key that holds additional information.
Maps Rubber-hose cryptanalysis
In law
In some jurisdictions, the law considers the opposite - that human operators know (or have access to) things like session keys, parallel assumptions made by practitioners of rubber hoses. An example is the British Inquiry Regulation Act, which makes it a crime not to submit an encryption key at the request of a government official authorized by the law.
According to the Head Office, the burden of proof that a defendant has a key relies on prosecution; In addition, the act contains a defense for operators who lose or forget the key, and they are not responsible if they are judged to have done what they can to get the key.
Possible case
Ahead of Kenya's 2017 election, the head of information, communication and technology at the Independent Electoral and Border Commission, Christopher Msando, was murdered. He has played a major role in developing a new voting system for elections. His body shows signs of torture, and there are fears that the killers have tried to get the password information from him.
See also
References
Source of the article : Wikipedia
0 Comments