- Email: [email protected]
Export of cryptographic information from the US: A brief look at the problems
Network Security
October 1995
Export of Cryptographic Information from the US: A f3rief look at the Problems Bill Hancock Ever wonder why many technologies that could benefit from cryptographic security frequently do not have such facilities? Network protocols are a prime example. Inclusion of end-to-end encryption would solve a great many problems in regard to the security of node-to-node communications. Of course, it also raises some other problems (such as key distribution systems), but these are made to be solved. The main reason for the non-inclusion of cryptographic techniques in many software products is the law in the United States. There are no technical reasons why cryptography cannot be included; the knowledge and expertise to do so is well documented and widely available. No, due to a paranoid governmental attitude about the proliferation of encryption technologies, laws have been placed into effect in the United States that treat encryption technologies like munitions and require manufacturers and exporters of encryption technologies to obtain munitions vendors licences. Further, in the United States, munitions exports are carefully controlled and require extensive documentation and approvals if the export is even allowed. In the US, the main law affecting controls of export of encryption technology falls under the Arms Export Control Act (22 USC Sec. 2778). Oddly enough, encryption is not even mentioned, but it does empower the President to
01995 Elsevier Science Ltd
determine what are ‘defence articles’and ‘defence services’ and what items are subjected to the law. The State Department further drafted massive regulations under the Arms Export Control Act umbrella called the International Traffic in Arms Regulations (ITAR) which cover, extensively the export and control of encryption technologies (it is about 380Kb in size). Add on specific evaluations of what is and is not encryption as well as other interpretations and threat of usage of the law against individuals and companies and the problems of implementation of encryption technologies has more to do with politics than with technology. For a computer software vendor to export encryption technology from the US to other countries in the world, first the vendor must register$as a munitions vendor with the Department of Defense. Following that, specific documentation must be filed with US federal government agencies about the product and the usage of the encryption technology(s) in it.
Finally, any purchases of the technology that are exported from the US require specific export licences from the US Department of Commerce which require that the exporter of the encipherment technology provide specific information about the customer, use and other information about the product and it’s use. Following all of this, a determination is made as to the exportability of the product in accordance with a variety of US laws and export control regulations by the Department of Commerce in cooperation with the Department of State and an export licence is either granted or denied. Most of the time, it is denied. Because of these technical issues, many software vendors are not eager to incorporate cryptographically sound methods in the encoding of passwords or other information which would normally benefit heavily from encryption technologies. In fact, many password program facilities in use in operating systems use a password hashing algorithm which a) does not meet the test of a cryptographic algorithm and b) is exportable. A simple example is the password hashing facilities used in the OpenVMS operating system. Password encoding is done via a password hashing algorithm based on one developed some years ago by the ACM (the algorithm is easily seen in an included assembly language example file on the operating system called HASH_PASSWORD.MAR). Using a single-direction hashing algorithm, security for the passwords is kept stored in a file called SYSUAFDAT. As a user enters a password for access, the password is hashed and the resulting value compared against the stored value to verify the entry.
9
NetworkSecurity
October
While this is belter than nothing, programs have popped up on the Internet to de-hash the password file(s) and are quite successful at guessing passwords. There is nothing wrong with this approach, but it serves to show that what is typically thought to be encrypted is really, in fact, hashed to be able to export the product outside the US without violation of US export controls and without incurring the wrath of an unforgiving US government.
question. Mr Daniel Bernstein, a student at the University of California at Berkeley. wrote a paper for a graduate thesis which has caused the Electronic Frontier Foundation (EFF) to file a lawsuit against the US government (80 pages worth) where Mr Bernstein has not received government approval to present his paper and findings due to the vagaries of the law. In the EFF announcement, the following pertinent passage provides the issue:
Export of encryption technologies from the US, even when not done by the author of the work, has caused some serious problems. Phil Zimmerman, author of Pretty Good Privacy (PGP) electronic mail facilities for the IP protocol stack, has been detained by US Customs officials when re-entering the US because of the ‘export’of the PGP program facilities,
“The plaintiff in the suit is a graduate student in the Department of Mathematics at the University of California at Berkeley named Daniel J. Bernstein. Bernstein developed an encryption equution, or algorithm, and wishes to publish the algorithm, a mathematical paper that describes and explains the algorithm, and a computer program that runs the algorithm.”
According to records and documents, Mr. Zimmerman wrote the program and distributed it to select sites. ‘Someone’ put the program up on a bulletin board facility which was publicly accessible and the program made its way outside the US, which violated US law. There is a Grand Jury investigation under way in the US, for some time now, which seeks to identify that Mr Zimmerman did, or did not, perpetrate the ‘export’ and to charge the appropriate entity with the export crime and subsequent punishment which could include criminal and civil penalties, Therefore, export of encryption technology, no matter how it happened, is an important issue to the US government and is given some serious consideration by the jurisdictional agencies. Even the issue of discussion of potential cryptographic information may be called into
10
Bernstein also wishes to discuss these items at mathematical conferences and other open, public meetings. The problem is that the government currently treats cryptographic software as if it were a physical weapon and highly regulates its dissemination, Any individual or company who wants to export such software - or to publish on the Internet any ‘technical data’ such as papers describing encryption software or algorithms - must first obtain a licence from the State Department, Under the terms of this licence, eat h recipient of the licensed software or information must be tracked and reported to the government. Penalties can be pretty stiff - 10 years in jail, a million dollar criminal fine, plus civil fines,
7995
“This legal scheme effectively prevents individuals from engaging In otherwise legal communications about encryption. The lawsuit chalenges the export-control scheme as an “impermissible prior restraint on speech, in violation of the First Amendment”. Software and its associated documentation, the plaintiff contends, is published, not manufactured; it is constitutionally protected work of human-to-human communication, like a movie, a book, or a telephone conversation. These communications cannot be suppressed by the government except under very narrow conditions - conditions that are not met by the vague and over broad export-control laws, in denying people the right to publish such information freely, these laws, regulations, and procedures unconstitutionally abridge the right to speak, to publish, to associate with others, and to engage in academic inquiry and study. They also have the effect of restricting the availability of a means for individuals to protect their privacy, which is also a constitutionally protected interest. This lawsuit, which is expected to go to trial in the fourth quarter of 1995, is calling into question the entire cryptographic legal ‘machine’ in the US. How or what the outcome will be is anyone’s guess at this point, but this is the first incidence of a challenge to the laws, en-toto, in the US. The overall suit is expected to take a considerable amount of time, so no fast solution is expected, In recent times, the US government has made overtures to companies requesting the ability to export encipherment algorithms and technologies to allow some
01995 Elsevier Science Ltd
October
7995
very specific technologies to be exported without the coincident hassle currently encountered. While a few technologies are being considered, this is another area which will be changing and has a long way to go.
Network Security
Encryption technologies are not new, mysterious or even very difficult, in some ways, to apply to a wide range of information technologies. In the US, however, the law is not very permissive in the proliferation of encryption and
until this changes, there will be a severe lack of propagation of encryption to products which could be improved via its use,
Internet Holes - Part 3: The Sendmail Maelstrom
responds with an OK reply. The dialogue is purposely lock-step, one-at-a-time. On its face, this seems like a very simple process, and it should be, but it’s not.
Fred Cohen
A sampling of sendmail attacks
The Internet is now the world’s most popular network and it is full of potential vulnerabllltles. In this series of articles, we explore the vulnerabllltles of the Internet and what you can do to mitigate them.
Here is an example of the notifications about sendmail attacks from the Computer Emergency Response Team (CERT) at Carnegie Mellon University.
Sendmail is the program that handles electronic mail for the operating system in most Unix-based systems. Sendmail is an enormously complex program that provides services ranging from forwarding mail between computers to compressing and decompressing files for more efficient transmission. In its complexity lies sendmail’s downfall. As a point of reference, three major sendmail attacks were detected in the first six months of 1995, each of which allows an external attacker to take over the host using sendmail for processing its mail. Considering that sendmail holes have been detected on a regular basis for a period of several years, it is very likely that more holes will be found for a long time to come. Sendmail’s primary function is to implement IP the Transfer Control Protocol (TCP) Simple Mail Transfer Protocol (SMTP) protocol suite. As an Internet standard, SMTP operates on TCP port 25.
01995 Elsevier Science Ltd
As the result of a user mail request, the sender establishes a two-way communications channel to a receiver. The receiver may be either the ultimate destination or an intermediate. SMTP commands are generated by the sender and sent to the receiver, SMTP replies are sent from the receiver to the sender in response to the commands, Once communication is established, the sender sends a MAIL command indicating the sender of the mail. If the receiver can accept mail it responds with an OK reply. The sender then sends a RCPT command identifying a recipient of the mail. If the receiver can accept mail for that recipient it responds with an OK reply; if not, it responds with a reply rejecting that recipient (but not the whole mail transaction). The sender and receiver may negotiate several recipients, When the recipients have been negotiated the sender sends the mail data, terminating with a line containing only a ‘.‘. If the receiver successfully processes the mail data it
0
On 29 January 1990, they learned of and verified break-ins on several Internet systems in which the intruders exploited a vulnerability in the Sun sendmail program, CERT provided no details, however attack scripts indicated that sendmail allowed recipients with names like ’ I ‘which resulted in running programs with the inbound mail as the input.
0
On 22 February 1991, in making the repair suggested by CERT to the previous attack, another hole was created. They forgot to remove the Setuid file protection setting that allowed the mail system to be used to become the superuser.
0
On 4 November 1993, a vulnerability was found in most versions of sendmail that allows unauthorized remote or local users to execute programs as any system user other than root. Again, but use of a shell
11
October 1995
Export of Cryptographic Information from the US: A f3rief look at the Problems Bill Hancock Ever wonder why many technologies that could benefit from cryptographic security frequently do not have such facilities? Network protocols are a prime example. Inclusion of end-to-end encryption would solve a great many problems in regard to the security of node-to-node communications. Of course, it also raises some other problems (such as key distribution systems), but these are made to be solved. The main reason for the non-inclusion of cryptographic techniques in many software products is the law in the United States. There are no technical reasons why cryptography cannot be included; the knowledge and expertise to do so is well documented and widely available. No, due to a paranoid governmental attitude about the proliferation of encryption technologies, laws have been placed into effect in the United States that treat encryption technologies like munitions and require manufacturers and exporters of encryption technologies to obtain munitions vendors licences. Further, in the United States, munitions exports are carefully controlled and require extensive documentation and approvals if the export is even allowed. In the US, the main law affecting controls of export of encryption technology falls under the Arms Export Control Act (22 USC Sec. 2778). Oddly enough, encryption is not even mentioned, but it does empower the President to
01995 Elsevier Science Ltd
determine what are ‘defence articles’and ‘defence services’ and what items are subjected to the law. The State Department further drafted massive regulations under the Arms Export Control Act umbrella called the International Traffic in Arms Regulations (ITAR) which cover, extensively the export and control of encryption technologies (it is about 380Kb in size). Add on specific evaluations of what is and is not encryption as well as other interpretations and threat of usage of the law against individuals and companies and the problems of implementation of encryption technologies has more to do with politics than with technology. For a computer software vendor to export encryption technology from the US to other countries in the world, first the vendor must register$as a munitions vendor with the Department of Defense. Following that, specific documentation must be filed with US federal government agencies about the product and the usage of the encryption technology(s) in it.
Finally, any purchases of the technology that are exported from the US require specific export licences from the US Department of Commerce which require that the exporter of the encipherment technology provide specific information about the customer, use and other information about the product and it’s use. Following all of this, a determination is made as to the exportability of the product in accordance with a variety of US laws and export control regulations by the Department of Commerce in cooperation with the Department of State and an export licence is either granted or denied. Most of the time, it is denied. Because of these technical issues, many software vendors are not eager to incorporate cryptographically sound methods in the encoding of passwords or other information which would normally benefit heavily from encryption technologies. In fact, many password program facilities in use in operating systems use a password hashing algorithm which a) does not meet the test of a cryptographic algorithm and b) is exportable. A simple example is the password hashing facilities used in the OpenVMS operating system. Password encoding is done via a password hashing algorithm based on one developed some years ago by the ACM (the algorithm is easily seen in an included assembly language example file on the operating system called HASH_PASSWORD.MAR). Using a single-direction hashing algorithm, security for the passwords is kept stored in a file called SYSUAFDAT. As a user enters a password for access, the password is hashed and the resulting value compared against the stored value to verify the entry.
9
NetworkSecurity
October
While this is belter than nothing, programs have popped up on the Internet to de-hash the password file(s) and are quite successful at guessing passwords. There is nothing wrong with this approach, but it serves to show that what is typically thought to be encrypted is really, in fact, hashed to be able to export the product outside the US without violation of US export controls and without incurring the wrath of an unforgiving US government.
question. Mr Daniel Bernstein, a student at the University of California at Berkeley. wrote a paper for a graduate thesis which has caused the Electronic Frontier Foundation (EFF) to file a lawsuit against the US government (80 pages worth) where Mr Bernstein has not received government approval to present his paper and findings due to the vagaries of the law. In the EFF announcement, the following pertinent passage provides the issue:
Export of encryption technologies from the US, even when not done by the author of the work, has caused some serious problems. Phil Zimmerman, author of Pretty Good Privacy (PGP) electronic mail facilities for the IP protocol stack, has been detained by US Customs officials when re-entering the US because of the ‘export’of the PGP program facilities,
“The plaintiff in the suit is a graduate student in the Department of Mathematics at the University of California at Berkeley named Daniel J. Bernstein. Bernstein developed an encryption equution, or algorithm, and wishes to publish the algorithm, a mathematical paper that describes and explains the algorithm, and a computer program that runs the algorithm.”
According to records and documents, Mr. Zimmerman wrote the program and distributed it to select sites. ‘Someone’ put the program up on a bulletin board facility which was publicly accessible and the program made its way outside the US, which violated US law. There is a Grand Jury investigation under way in the US, for some time now, which seeks to identify that Mr Zimmerman did, or did not, perpetrate the ‘export’ and to charge the appropriate entity with the export crime and subsequent punishment which could include criminal and civil penalties, Therefore, export of encryption technology, no matter how it happened, is an important issue to the US government and is given some serious consideration by the jurisdictional agencies. Even the issue of discussion of potential cryptographic information may be called into
10
Bernstein also wishes to discuss these items at mathematical conferences and other open, public meetings. The problem is that the government currently treats cryptographic software as if it were a physical weapon and highly regulates its dissemination, Any individual or company who wants to export such software - or to publish on the Internet any ‘technical data’ such as papers describing encryption software or algorithms - must first obtain a licence from the State Department, Under the terms of this licence, eat h recipient of the licensed software or information must be tracked and reported to the government. Penalties can be pretty stiff - 10 years in jail, a million dollar criminal fine, plus civil fines,
7995
“This legal scheme effectively prevents individuals from engaging In otherwise legal communications about encryption. The lawsuit chalenges the export-control scheme as an “impermissible prior restraint on speech, in violation of the First Amendment”. Software and its associated documentation, the plaintiff contends, is published, not manufactured; it is constitutionally protected work of human-to-human communication, like a movie, a book, or a telephone conversation. These communications cannot be suppressed by the government except under very narrow conditions - conditions that are not met by the vague and over broad export-control laws, in denying people the right to publish such information freely, these laws, regulations, and procedures unconstitutionally abridge the right to speak, to publish, to associate with others, and to engage in academic inquiry and study. They also have the effect of restricting the availability of a means for individuals to protect their privacy, which is also a constitutionally protected interest. This lawsuit, which is expected to go to trial in the fourth quarter of 1995, is calling into question the entire cryptographic legal ‘machine’ in the US. How or what the outcome will be is anyone’s guess at this point, but this is the first incidence of a challenge to the laws, en-toto, in the US. The overall suit is expected to take a considerable amount of time, so no fast solution is expected, In recent times, the US government has made overtures to companies requesting the ability to export encipherment algorithms and technologies to allow some
01995 Elsevier Science Ltd
October
7995
very specific technologies to be exported without the coincident hassle currently encountered. While a few technologies are being considered, this is another area which will be changing and has a long way to go.
Network Security
Encryption technologies are not new, mysterious or even very difficult, in some ways, to apply to a wide range of information technologies. In the US, however, the law is not very permissive in the proliferation of encryption and
until this changes, there will be a severe lack of propagation of encryption to products which could be improved via its use,
Internet Holes - Part 3: The Sendmail Maelstrom
responds with an OK reply. The dialogue is purposely lock-step, one-at-a-time. On its face, this seems like a very simple process, and it should be, but it’s not.
Fred Cohen
A sampling of sendmail attacks
The Internet is now the world’s most popular network and it is full of potential vulnerabllltles. In this series of articles, we explore the vulnerabllltles of the Internet and what you can do to mitigate them.
Here is an example of the notifications about sendmail attacks from the Computer Emergency Response Team (CERT) at Carnegie Mellon University.
Sendmail is the program that handles electronic mail for the operating system in most Unix-based systems. Sendmail is an enormously complex program that provides services ranging from forwarding mail between computers to compressing and decompressing files for more efficient transmission. In its complexity lies sendmail’s downfall. As a point of reference, three major sendmail attacks were detected in the first six months of 1995, each of which allows an external attacker to take over the host using sendmail for processing its mail. Considering that sendmail holes have been detected on a regular basis for a period of several years, it is very likely that more holes will be found for a long time to come. Sendmail’s primary function is to implement IP the Transfer Control Protocol (TCP) Simple Mail Transfer Protocol (SMTP) protocol suite. As an Internet standard, SMTP operates on TCP port 25.
01995 Elsevier Science Ltd
As the result of a user mail request, the sender establishes a two-way communications channel to a receiver. The receiver may be either the ultimate destination or an intermediate. SMTP commands are generated by the sender and sent to the receiver, SMTP replies are sent from the receiver to the sender in response to the commands, Once communication is established, the sender sends a MAIL command indicating the sender of the mail. If the receiver can accept mail it responds with an OK reply. The sender then sends a RCPT command identifying a recipient of the mail. If the receiver can accept mail for that recipient it responds with an OK reply; if not, it responds with a reply rejecting that recipient (but not the whole mail transaction). The sender and receiver may negotiate several recipients, When the recipients have been negotiated the sender sends the mail data, terminating with a line containing only a ‘.‘. If the receiver successfully processes the mail data it
0
On 29 January 1990, they learned of and verified break-ins on several Internet systems in which the intruders exploited a vulnerability in the Sun sendmail program, CERT provided no details, however attack scripts indicated that sendmail allowed recipients with names like ’ I ‘which resulted in running programs with the inbound mail as the input.
0
On 22 February 1991, in making the repair suggested by CERT to the previous attack, another hole was created. They forgot to remove the Setuid file protection setting that allowed the mail system to be used to become the superuser.
0
On 4 November 1993, a vulnerability was found in most versions of sendmail that allows unauthorized remote or local users to execute programs as any system user other than root. Again, but use of a shell
11