Home About UsOur mission, Our name, Contacting us Events & Topics Articles Business General Technical Surveys FAQ

The Keys to the Kingdom

Windows and Cryptography

by Ed Sawicki
Accelerated Learning Center
Tailored Computers

January 1, 2007

In my circle of associates, we frequently design secure solutions to customer problems. The toughest problems are those where the best way to solve the problem involves cryptography but Windows desktops are involved. Cryptographic solutions usually require that one or more private keys (aka secret keys) are stored on the computer. To be effective, private keys must always be kept secret. It's generally not possible to provide this assurance for Windows desktops. Windows servers that are managed by competent administrators are at less risk but still vulnerable.

If an attacker can harvest the private key, he or she can masquerade as that computer or its user(s). In the Windows world, it's common for attackers to gain access to and control of the computer. We know this to be true because of the millions of Windows computers that have been hacked and now send spam over the Internet. Attackers are able to harvest information from any part of the computer system; they're able to harvest private keys.

---

"...adding cryptography ... results in a far
worse security situation... the attacker now
has the key to the kingdom."

---

To mitigate this, private keys can be created with a passphrase. The user of the system must enter the passphrase before the key can be used. Unless the attacker knows or can guess the passphrase, he can't use the key and can't masquerade as the user or computer. However, attackers have been successful in planting keystroke logger programs on Windows desktops. The attacker can collect keystrokes over time and eventually find the passphrase for the private key.

One possible solution is to not store the private key on the computer's hard disk. It can be stored on a removable storage device, such as USB flash memory or an optical disk. The user inserts the media only when the private key is needed and removes it afterwards. This is not foolproof because attackers can write programs that detect media insertion events and scan the device for private keys as soon as the device is detected as well as capture keystrokes. They can also plant programs (viruses) on computers that ask users to insert the device that has their private key.

Adding cryptography to Windows desktop systems may be far worse than not using cryptography because the attacker now has the key to the kingdom.

Desktop computers that run other popular operating systems can use cryptography with less risk. Macintosh and Linux computers are based on UNIX and are better able to keep private keys secret. Another article I've written called Windows vs. Linux Security explains why this is so.

Cryptographic solutions are only robust when the computer system can provide secure storage for the private keys. Until we get there with Windows, secure desktop applications will be elusive.

Back