KEY SECURITY OVERVIEW

Internet Scenarios

The general model for communications over the Internet usually involves a client and server. Netscape makes a client program called Netscape Navigator and a server program called the Netscape Commerce Server. Take the following scenarios of client <-> server communications for example:

1. A majority of the requests a client may make and the response a server might return have very little value. They involve information that is generally available public knowledge. (i.e. "What time is it?" or "What did the stock market close at?" or "What were last week's housing transactions in Poughkeepsie?").
2. Some requests a client makes and the response a server might return have more value. They involve information that might be confidential or personal information that is not generally public knowledge (i.e. "Here is my credit card number I'd like to buy this hat." or "My name is Fred, I'm a republican, and I answer no to the private question of ..." or "The credit card number xxx is valid, here is the copy of Urban Walleye Fishing you just ordered.").
3. A few requests a client may make and the response a server might return have even higher value. They involve information that is highly confidential, and that may cause extreme financial, emotional, or strategic damage to either party. This is knowledge that is definitely not available to the public (i.e. "Please sell all 60 million shares of stock I currently own and send a cashier's check to the following address..." or "The merger between the five largest companies in the world is set to be announced on the 15th of next month").

The data in scenario #1 is so general and in most cases so publicly available that there is very little value if it is compromised, so security is not a great concern. Scenario #2 involves data that has some value if it is compromised, so security is of limited concern. Scenario #3 involves data with substantial value if it is compromised so security is of grave concern.

How Security works in Internet products

SSL is a protocol that describes how a client and server application can communicate securely. SSL employs a variety of standard encryption algorithms including the goverment and banking standard of DES and several RSA algorithms including RC4. Netscape products currently use SSL to communicate securely between HTTP and NNTP clients and servers, sending and receiving information like that stated in the examples above. SSL secures a client server communication session by enabling the client and server to securely exchange a secret number known as a Master_Key.

Different key sizes work best with different cryptographic algorithms but in general the larger the size of the Master_Key the more secure the SSL enabled application will be. After the Master_Key is securely shared the client and server use the Master_Key to create a different set of keys called Session Keys. These keys are used with a specified cryptographic algorithm to encrypt and decrypt the contents of the communication session.

Netscape products currently implement SSL using a variety of sizes for the Master_Key and cryptographic algorithms. The U.S. versions of Netscape Navigator and the Netscape Commerce Server have the following algorithms; RC4, RC2, DES, and DES3, with the key sizes 40 or 128-bits, 40 or 128-bits, 64-bits, and 192-bits respectively. The Export versions of Netscape Navigator and the Netscape Commerce Server have the RC4 algorithm with a key size of 40-bits.

The current Netscape SSL implementation also limits the lifetime of the Master_Key, regardless of its size, to no more than 100 seconds. The Session Keys are only ever valid for a single communications session.

How secure is it?

To compromise the security of SSL you have to be able to find or guess the key for a given session. For the types of key sizes used in Netscape products guessing is almost impossible. To find the correct key you would have to systematically and exhaustively search for every possible key until you found one that allowed you to decrypt the particular communications session.

Because the keys are valid for only one session, the exhaustive search would produce a key that was only good for decrypting one session. This means you have to randomly choose one communications session from the millions transversing the Internet and hope that it contains information valuable enough to justify the time, effort and money it would take to compromise the session.

Let's take the smallest key that is available inside Netscape's products, 40 bits. The gentleman claims to have used 111 very fast UNIX workstations and 1 supercomputer to find the 40 bit key that allowed them to decrypt a session that was previously saved off the Internet. They claim it took them eight days to accomplish their task. To recreate this effort for exploitative or malicious purposes it would cost approximately $10,000 and take the same eight days to decrypt this one session. So, every time you tried to crack a random session it would cost you at least $10,000.

The information obtained as a result of decrypting this session was someone's name, address, and a list of items they were trying to purchase online. This information is hardly worth the time and expense it took to obtain it. Even if there had been a credit card number obtained as a result of this attack the value of that card number would, in most cases, be less than $10,000. Furthermore, a popular site may have many people browsing and significantly less people buying, making it extremely difficult to isolate a valuable session with any acceptable probability.

For those types of communications outlined in the third scenario above you may want even better security because the value of the information might be high enough to justify an attack. To accomplish this you can choose a longer key, say 128 bits. It would cost approximately:

$5,600,000,000,000,000,000,000,000,000,000US

to crack a single session in eight days encrypted with a 128 bit key.

Can it be made more secure?

So why not use 128 bit keys all the time? Two reasons.

• The first is that the United States Government, for reasons of national security, will not allow U.S. companies to export products outside the U.S. that use anything more than 40-bits. By limiting the key size of products distributed abroad the U.S. Government perceives an advantage in helping to ensure the safety of U.S. citizens from the threats of terrorism, illegal drugs, and organized crime being perpetrated in foreign countries. So Netscape can only sell products with key sizes larger than 40 bits inside the U.S..
• The other reason is that as the key size grows the performance of the system decreases. The larger the keys used the longer it will take to complete the communication. In some cases less security but faster communications can be more valuable.

Netscape has recently announced new technology called Secure Courier that will significantly increase the size of keys used to encrypt financially specific data like credit card numbers. Using Secure Courier and keys that are 56-bits in length it would cost approximately:

$1,200,000,000US

to crack a single session in eight days and obtain the single credit card number.