Subscribe Now

* You will receive the latest news and updates on the Canadian IT marketplace.

Trending News

Blog Post

Master key misery
SECURITY SHELF

Master key misery 

One of the most vocal proponents of a back door, or as he called it a “front door,” is FBI Director James Comey. His desire is understandable; the FBI investigates serious crimes and national security threats. However, from a technical perspective they seek the impossible: encryption systems strong enough to stop hostile intelligence services that magically pop open when ordered by a U.S. court.

The U.S. government has been down this road before. In 1993 they introduced the Clipper chip, the infamous solution to protect data from everyone except the U.S. government. The scheme involved key escrow and fell flat in 1996. That epic failure did not stop the U.S. Transportation Security Administration (TSA) from advancing the same concept in the physical security world and reminding us why master keys are a really bad idea.

In some respects, the TSA’s challenge parallels that of the FBI. From a security perspective, it makes sense for travellers to lock their luggage. The vast majority of suitcase locks provide limited security, but they provide the traveller with some peace of mind. It is more difficult to surreptitiously steal from, or add items to, a locked suitcase.  But they also make suitcases more difficult for the TSA to inspect.

In 2003, Travel Sentry was founded. The organization manages standards used in travel security, including the “TSA Lock” concept. Each lock includes a code indicating which key (referred to as “tools” by Travel Sentry) can be used to open the lock. According to Wikipedia, in 2014 there were over 300 million TSA locks in circulation. The “tools” are at every luggage screening checkpoint in the 450 airports controlled by the TSA. The Travel Sentry system is also used by security agencies in Austria, Canada, Finland, Israel, Japan, Netherlands, South Korea, and Switzerland.

Maintaining the security of thousands of sets of Travel Sentry “tools” is obviously a major challenge. It is highly likely that at least one set has been lost or stolen in the last decade. A single key opens millions of locks. This is probably the largest modern master key system in existence.

Reproducing keys from a photo is not difficult. Among other works, Benjamin Laxton, Kai Wang, and Stefan Savage published a 2008 paper on a prototype system called Sneaky. It demonstrated the ability to duplicate most popular residential key types in the U.S. from photographs.

In 2014, the Washington Post ran an article entitled “The secret life of baggage.” One high resolution image published with the article included a hand, presumably of a TSA official, holding a fanned set of 7 Travel Sentry “tools” with the key patterns clearly visible. Lockpicking and 3D printing enthusiasts became interested, and 3D printer files for the seven TSA keys were quickly posted on the Internet. In effect, the TSA, with some help from the Washington Post, compromised the Travel Sentry system.

Anyone with access to a 3D printer can now produce a complete set of Travel Sentry master keys. The TSA003 key in the photo accompanying this article was printed by a teenager who simply downloaded the STL file.

Cryptographers will quickly point out that cryptographic keys are more complicated than Travel Sentry “tools”. Cryptographic keys can be divided into several parts or derived from a master key using a one-way function. However, to be of practical use to government agencies, keys must be readily available. A court order can not decrypt a document, it can only instruct one or more humans to do so.

The technology to ensure that keys are only used when approved by the courts does not exist, and some government agencies have demonstrated that they will sidestep the judiciary. Even if citizens trust them to abide by the law, many governments have proven incapable of protecting their own most sensitive information. Master keys, by any name, are a terrible idea.

Have a security question you’d like answered in a future column? Email eric.jacksch@iticonline.ca

Related posts