Rubber-hose cryptanalysis

In cryptography, rubber-hose cryptanalysis is the extraction of cryptographic secrets (e.g. the password to an encrypted file) from a person by coercion or torture,[1][2] in contrast to a mathematical or technical cryptanalytic attack.

The euphemistic term refers to beating someone with a rubber hose until they cooperate.

According to Amnesty International and the UN, many countries in the world routinely torture people.[3][4][5][6] It is therefore logical to assume that at least some of those countries use (or would be willing to use) some form of rubber-hose cryptanalysis.[1] In practice, psychological coercion can prove as effective as physical torture. Non-violent but highly intimidating methods include such tactics as the threat of harsh legal penalties. The incentive to cooperate may be some form of plea bargain, such as an offer to drop or reduce criminal charges against a suspect in return for full co-operation with investigators. Alternatively, in some countries threats may be made to prosecute as co-conspirators (or inflict violence on) close relatives (e.g. wife, children or parents) of the person being questioned unless they co-operate.[4][7]

In some contexts, rubber-hose cryptanalysis may not be a viable attack due to a need to decrypt data covertly; information such as passwords may lose its value if they are known to have been compromised. It has been argued that one of the purposes of strong cryptography is to force adversaries to resort to less covert attacks.[8]

Although the term is used tongue-in-cheek, its implications are serious: in modern cryptosystems, the weakest link is often the human user. A direct attack on a cipher algorithm, or the cryptographic protocols used, will likely be much more expensive and difficult than targeting the users of the system. Thus, many cryptosystems and security systems are designed with special emphasis on keeping human vulnerability to a minimum. For example, in public-key cryptography, the defender may hold the key to encrypt the message, but not the decryption key needed to decipher it. The problem here is that the defender may be unable to convince the attacker to stop coercion. In deniable encryption, a second key is created which unlocks a second convincing but relatively harmless message (for example, apparently personal writings expressing "deviant" thoughts or desires of some type that are lawful but taboo), so the defender can prove to have handed over the keys whilst the attacker remains unaware of the primary hidden message. The designer expectation is that rational adversaries will realize this, and forego threats or actual torture.

In some jurisdictions, statutes assume the opposite — that human operators know (or have access to) such things as session keys, an assumption which parallels that made by rubber-hose practitioners. An example is the United Kingdom's Regulation of Investigatory Powers Act,[9][10] which makes it a crime not to surrender encryption keys on demand from a government official authorized by the act — irrespective of whether or not there are reasonable grounds for even suspecting that the data encrypted held any illegal material.[11]

According to the Home Office, the burden of proof that an accused person is in possession of a key rests on the prosecution; moreover, the act contains a defence for operators who have lost or forgotten a key, and they are not liable if they are judged to have done what they can to recover a key.[9] However in such cases, the prosecution only has to prove that the accused had the key at some arbitrary time in the past - regardless of whether they still have it.[10]

See also

References

  1. ^ a b Soghoian, Chris (October 24, 2008). "Turkish police may have beaten encryption key out of TJ Maxx suspect". Surveillance State. CNET Networks. http://news.cnet.com/8301-13739_3-10069776-46.html. Retrieved August 29, 2009. 
  2. ^ Schneier, Bruce (October 27, 2008). "Rubber-Hose Cryptanalysis". Schneier on Security. http://www.schneier.com/blog/archives/2008/10/rubber_hose_cry.html. Retrieved August 29, 2009. 
  3. ^ Pincock, Stephen (November 1, 2003). "Exposing the horror of torture". The Lancet 362 (9394): 1462–1463. doi:10.1016/S0140-6736(03)14730-7. PMID 14603923. http://www.thelancet.com/journals/lancet/article/PIIS0140-6736(03)14730-7/fulltext. Retrieved August 29, 2009. 
  4. ^ a b "Many countries still appear willing to use torture, warns UN human rights official" (Press release). UN News Service. October 27, 2004. http://www.un.org/apps/news/story.asp?NewsID=12364&Cr=torture. Retrieved August 28, 2009. 
  5. ^ Modvig, J.; Pagaduan-Lopez, J.; Rodenburg, J.; Salud, CMD; Cabigon, RV; Panelo, CIA (November 18, 2000). "Torture and trauma in post-conflict East Timor". The Lancet 356 (9243): 1763. doi:10.1016/S0140-6736(00)03218-9. PMID 11095275. Archived from the original on August 27, 2005. http://members.pcug.org.au/~wildwood/Lancet.htm. Retrieved August 29, 2009. 
  6. ^ Iacopino, Vincent (November 30, 1996). "Turkish physicians coerced to conceal systematic torture". The Lancet 348 (9040): 1500. doi:10.1016/S0140-6736(05)65892-8. PMID 11654536. http://www.thelancet.com/journals/lancet/article/PIIS0140-6736(05)65892-8/fulltext. Retrieved August 29, 2009. 
  7. ^ Hoffman, Russell D. (February 2, 1996). "Interview with author of PGP (Pretty Good Privacy)". High Tech Today. http://www.animatedsoftware.com/hightech/philspgp.htm. Retrieved August 29, 2009. 
  8. ^ Percival, Colin (May 13, 2010). "Everything you need to know about cryptography in 1 hour (conference slides)". http://www.bsdcan.org/2010/schedule/attachments/135_crypto1hr.pdf. Retrieved December 29, 2011. 
  9. ^ a b "The RIP Act". The Guardian (London). October 25, 2001. http://www.guardian.co.uk/world/2000/oct/24/qanda. 
  10. ^ a b "Regulation of Investigatory Powers Bill; in Session 1999-2000, Internet Publications, Other Bills before Parliament". House of Lords. 9 May 2000. http://www.parliament.the-stationery-office.co.uk/pa/ld199900/ldbills/061/2000061.htm. Retrieved 5 Jan 2011. 
  11. ^ Williams, Chris (November 24, 2009). "UK jails schizophrenic for refusal to decrypt files". The Register. http://www.theregister.co.uk/2009/11/24/ripa_jfl/. Retrieved January 4, 2010.