Channels ▼
RSS

Security

How DDJ Readers Helped Us Improve Our Product


Joel is president and senior engineer at Microworks. He can be contacted at joel@mw-inc.com.


When we began work on our SmartDongle security key (www.smartdongle.com), our intentions were to create a device that would be an adequate deterrent to theft. While we understand that complete security is impossible in open systems like PCs, we wanted to make it hard enough to break that would-be hackers would look elsewhere. In an effort to show that our product was more than smoke-and-mirrors, we decided to open the kimono and submitted an article to Dr. Dobb's Journal that gave significant details on how our SmartDongle USB security key worked (www.ddj.com/security/184406281). This is always a scary proposition, but it was

especially fearsome based on the characteristics of DDJ readers. There are some real ferrets out there.

I was not disappsointed. Several readers responded with a variety of suggestions and judgements. The most common response we got from readers is that there are algorithms for determining the keys used in a linear congruential sequence (LCG) if successive values are known. The classic paper on the subject is "'Cracking A Random Number Generator" by James Reeds (www.dean.usma.edu/math/pubs/cryptologia/ ClassicArticleReprints/V01N1PP20-26JamesReeds.pdf). While there are many articles indicating how easy it is to find the keys given the sequence, the articles I read assume that the sequence is available. In our case, the sequence is not available. In the SmartDongle, each time a challenge is made, the starting point for that challenge comes from the free-running counter. This counter is changing quickly and is unknown to outside observers. The result is that users can observe Ln and Ln+1, but never Ln+2. While there may be effective algorithms available to use snippets of the sequence to find the keys, I wasn't able to find them.

Let's assume that enterprising intruders are able to analyze the data on the USB bus, collect a sufficient number of values, and apply the appropriate effort to determine the key values. Is the usefulness of the SmartDongle over? Not really. An intruder cannot use information to clone another key. It is impossible (even with that information) for a program communicating with a SmartDongle by using the correct keys to change the key values on the device. The keys are not stored in memory that can be accessed by any program, even if it knows the keys. The bottom line is that this approach cannot change a hardware key for product X to be modified to become a key for product Y.

Soon after the magazine hit the newsstands, I got a call from Mr. A, a computer-science student at a major university. He asked for free copies of the software and SmartDongle to use in a class project. I didn't feel it was wise to give a free pass to someone whose objective was to expose problems and publish his findings, so I graciously declined his request. Soon after, I got a request from Mr. B, a person who was willing to obtain the software and SmartDongle through the usual purchase procedure. As a matter of coincidence, Mr. A and Mr. B lived in the same city. It didn't take long to figure out that Mr. B and Mr. A were friends, and that the hardware and software had made their way to the computer-science student. As the end of the semester approached, I looked up Mr. A and asked what he had learned in his investigation of the SmartDongle. He was kind enough to send me a link to his report on which two students collaborated. The report describes their approach to solving the problem. They indicated that they made some progress in cracking the device, but that because of the inherent delays in the system, it didn't lend itself to an exhaustive search. It takes about 12 milliseconds per guess, and there are lots of guesses required. The paper said that it would take more than 900 million years to crack the SmartDongle. Happily, this is a timeframe we can live with.

Another issue that was brought forward from a different source deals with the fact that our challenge and response was a one-way challenge. The SmartDongle issues the challenge to the host and the host responds. It is only necessary for a fake SmartDongle to watch the USB wire for one successful challenge and response, and then it could always use the same number for the challenge. Knowledge is power, and we put the knowledge to work. We modified the drivers and SmartDongle firmware. Our new firmware requires that the challenge/response go both ways. First, the SmartDongle challenges the PC, and after that succeeds, the PC challenges the SmartDongle. This requires that a fake SmartDongle not only remember one successful conversation, but that it actually knows the keys so that it can make a response to the challenge made by the host.

We appreciate the review and feedback we received from DDJ readers. It has let us improve our product. Our software development customers didn't have to change their code, and the security is improved. We aren't so naïve as to believe that our approach provides an unbreakable solution, but we do believe that the time and effort required to crack and bypass the security is sufficiently high that intruders will look for easier targets.


Related Reading


More Insights






Currently we allow the following HTML tags in comments:

Single tags

These tags can be used alone and don't need an ending tag.

<br> Defines a single line break

<hr> Defines a horizontal line

Matching tags

These require an ending tag - e.g. <i>italic text</i>

<a> Defines an anchor

<b> Defines bold text

<big> Defines big text

<blockquote> Defines a long quotation

<caption> Defines a table caption

<cite> Defines a citation

<code> Defines computer code text

<em> Defines emphasized text

<fieldset> Defines a border around elements in a form

<h1> This is heading 1

<h2> This is heading 2

<h3> This is heading 3

<h4> This is heading 4

<h5> This is heading 5

<h6> This is heading 6

<i> Defines italic text

<p> Defines a paragraph

<pre> Defines preformatted text

<q> Defines a short quotation

<samp> Defines sample computer code text

<small> Defines small text

<span> Defines a section in a document

<s> Defines strikethrough text

<strike> Defines strikethrough text

<strong> Defines strong text

<sub> Defines subscripted text

<sup> Defines superscripted text

<u> Defines underlined text

Dr. Dobb's encourages readers to engage in spirited, healthy debate, including taking us to task. However, Dr. Dobb's moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing or spam. Dr. Dobb's further reserves the right to disable the profile of any commenter participating in said activities.

 
Disqus Tips To upload an avatar photo, first complete your Disqus profile. | View the list of supported HTML tags you can use to style comments. | Please read our commenting policy.
 

Video