Proprietary Crypto Implementations
Proprietary Software is computer software that is not free and protected by mostly copyright or patent rights. This means it is normally not possible for an unauthorized user to have a look at the source code of the program or change it in any way. Companies or persons that want to use a proprietary software need to pay for it. On the other hand, there is free software also called open source software. It is free to use, and mostly also free to change up to a certain point. Normally open source software offers the possibility to look at and change the source code. A commonly known example of proprietary versus open source software are the operations systems windows and Linux. Proprietary cryptographic software fulfilles the same fundamentals. A company must pay to use the encryption algorithm and the code remains hidden. August Kerckhoffs born in 1835 in Denmark was a famous linguist and cryptographer who wrote the book “La Cryptographie Militaire”, a stepstone for the cryptography of the 19th century. He is famous for the “Kerckhoffs´s principle, which states: “It [The cryprosystem] must not require secrecy and it can without disadvantage fall into the hands of the enemy” which means and is used in today’s terms that a cryptosystem should be secure even if everything about the system, except the key, is public knowledge. This stands in strong contrast to the concept “security through obscurity”. Security by obscurity goes with proprietary software in that case, that it relies on the secrecy of the inner workings of a system and the algorithm to keep the system secured. There is a huge discussion if a cryptosystem is more secure if the mechanism is kept secret or if it is open to public and thus overviewed by many people and tested for weak spots. One argument states, that keeping the algorithm secret may improve short term security but for long term security its better if a system has been published and analyzed. The problem is, if the security of the system relies on the secrecy of the mechanisms, if get leaked or hacked, the whole mechanism is useless.
Before 1969, software and services that went with the use of servers and computers where provided without extra charge. Source codes where available and everyone had the possibility to change and develop them and shared the results. That change when first IBM in 1969 started a new change leading to proprietary software. Companies started to keep source code secret to hinder other companies to steal and use it. Besides the source code, the fact that it was now possible to sell and change software on the base of microprocessors encouraged that change since the U.S. Copyright Act of 1976 extended the copyright law to protect binary programs as well. In February 1983 IBM took another step and established the “object-code-only”- Modell, which means the selling of a software without source code.
Examples of exploited proprietary systems
Legic is a swiss supplier of access control systems that uses RFID (radio-frequency identification) with smartcards to secure building access and micropayment applications. The cards are used throughout Europe in clinical infrastructures, military installations, governmental departments, power plants, hospitals and airports. Beside the fact that they are used in high security facilities, it was exploited, that access cards could be cloned form distance. The algorithm was reversed engineered by a method called chip-slicing and it shows that there is no secret key involved, only a secret algorithm.
SimonsVoss G1 is a locking system used for electronic locks whose cryptographic primitives and radio protocol where reverse engineered and discovered some implementation flaws which allow two ways to extract the master secret. There were also found some several weaknesses in the PRNG (Pseudo Random Number Generator).
DST stands for Digital Signature Transponder and is a cryptosystem used in vehicle immobilizer. The transponder was used for black-box analysis and it was shown, that is straightforward to recover the proprietary algorithms used in the cryptosystem. They then did an exhaustive search over the complete key space.
KeeLoq is used in Remote Keyless Entry (RKE) that are used for garage doors. The cipher was published in 2006 and the first proposed attack was a combination of linear attacks and correlation to recover the secret key.
ORXY is a stream cipher that is used to protect the wireless data services of the North American Telecommunications Industry Association (TIA). The cipher was first publicly reviewed in 1995 and it was shown that although the cipher should provide a computational complexity of 2 hoch 96 it only had 2 hoch 16. The same reviewers used a divide-and-conquer attack to reduce the computational complexity of the cipher. Since the cipher was insecure, they updated their specification and removed ONXY from the list of proposed cryptographic primitives.
A3, A8, COMP128 is a proprietary algorithm for network authentication that instances the two proprietary algorithms A3 and A8. A3 is used to authenticate the mobile station to the network, A8 is used to generate the session key. COMP128 was copied and deployed by different service providers although it was just a reference example. The first attack to this was published in 1998 and later extended and generalized. There was also a hardware attack where just 8 chosen plaintext where used to retrieve a 128-bit key.
CSS the content scramble system is a proprietary cryptosystem is used to store encrypted information on a DVD. The working was later published and there were several serious weaknesses and the 40-bit secret key can be recovered with a computational complexity of only 2 hoch 25 operations.
E0 is a stream cipher algorithm used to encrypt the communication between Bluetooth devices. The first attack was published shortly after its introduction and is based on general correlation attack techniques. An article of 2013 identifies weaknesses that allows to recover the complete 128-bit secret key.
Skipjack depends on an 80-bit secret key and was designed by the National Security Agency (NSA). It was only used in a hardware device called the Clipper chip which was for example used by telecom providers to secure the confidentiality of telephone conversations. The requirement to use the chip was to share every used secret key with the US government. Although several minor weaknesses were identified the design of the proprietary cipher Skipjack does not seem to be very insecure.
RC4 short for Rivest Cipher 4, is a proprietary stream cipher that was designed in 1987 and originally considered a trade-secret only available under a Non-Disclosure Agreement (NDA). The creator was Ron Rivest, the same who tool part in designing RSA. The design is more than 20 years old but still used in many protocols such as TLS, SSH or to encrypt network traffic in VPNs. When the code first appeared in the internet in 1994 it was anonymously posted and several weaknesses where identified. When used with a long random initializing internal state thou, it is still much more secure than most proprietary algorithms.
WEP the Wired Equivalent Privacy is a wireless network communication protocol that was officially introduced as part of the IEEE 802.11 in 1999. There were several weaknesses in the loading and scheduling of the secret key and after the first attack methodology was published, an experiment that demonstrated the feasibility of the proposed attack followed. As a result, the IEEE together with the Wi-Fi Alliance superseded by the Wi-Fi Protected Access (WPA).
- "The (in)security of proprietary cryptography"; Roel Verdult; 2015