<HTML>

<HEAD><TITLE>WINDOWS&reg  CRYPTOSYSTEM GUIDELINES</TITLE></HEAD>

<BODY BGCOLOR="#C0C0C0" TEXT="#000000" LINK="#0000FF" VLINK="#009900" ALINK="#FF0000">

<a name="TOP"><IMG SRC="cerberus.gif" ALIGN=LEFT BORDER=1></a>
<CENTER>
<BR>
<FONT SIZE=5 COLOR="#C00000"><b>AL's WINDOWS<SUP>&reg</SUP> CRYPTOSYSTEM FAQ</b></FONT><BR>
<FONT SIZE=4><b>- INFORMATION SECURITY on UNSECURE COMPUTERS -</b></FONT><BR>
<FONT SIZE=2>Copyright<SUP>&copy</SUP> 1997  by  Albert P. Belle Isle </FONT>  <A HREF="mailto:[email protected]"> <IMG SRC="mail.gif" ALIGN=ABSMIDDLE BORDER=3></A>

<P><HR>          

<P><FONT SIZE=2><b>Cryptographic Software for INFOSEC under Windows</b><SUP>&reg</SUP></FONT>
</CENTER>

<P><BLOCKQUOTE><FONT SIZE=2>
This material is presented through the courtesy of Cerberus Systems, Inc.   It is excerpted from the section that I authored for the online help file of DOCUMENT SECURITY MANAGER <FONT SIZE=1>v1.2</FONT> entitled: "Cryptosystem Usage Guidelines."   Time permiting, I hope to expand it into a broader tutorial as I did with <a href="mtu_mss_rwin.html">Al's WinSock Tuning FAQ.</a>   As long as you include the copyright notice, you may use portions of its content for any no-fee purpose except posting on another web site.   Neither I, nor Cerberus Systems, Inc. can assume any liability for your use of its contents.
</FONT></BLOCKQUOTE>

<P><HR WIDTH=50%>          

<P>The Windows� family of personal computer operating systems are the most widely employed operating systems in the world.  However, they were not designed for security, nor were the IBM�-compatible personal computers on which they run.

<P>The DOS/Windows� architecture makes it fundamentally impossible for any software to deny a knowledgeable attacker access to a PC's system resources.  Consequently, as many security professionals are quick to point-out, add-on products cannot transform a Windows� PC into a secure <i>system.</i>  However, it <i>is</i> possible to cryptographically control access to your <i>data.</i>  Unfortunately, this requires more than is provided by many commercial encryption products.

<P>Effective encryption obviously requires strong (export-controlled) ciphers, performed by a securely implemented <i>cryptographic engine</i>  that meets the applicable standards for such ciphers, for their secure implementation, and for their secure modes of use.  Clearly, there are many products which do not meet such standards.  (See Matt Curtin's <a href="http://www.interhack.net/people/cmcurtin/snake-oil-faq.html">Encryption Snake Oil FAQ</a> for tell-tale clues to identifying them.)  However, even products that meet such standards can be inadequate, since the cryptographic engine must also be combined with secure key-generation and access control functions into a <i>high-grade cryptosystem.</i> 

<P>A high-grade cryptosystem must be designed "from the ground up" to meet the Security Requirements for 
Cryptographic Modules (FIPS PUB 140-1), so as to not leak keying information or commit the other sins of implementation covered by its extensive Derived Test Requirements.  In addition, the design must not purchase your data's <i>confidentiality</i> at the expense of its <i>integrity</i> or its <i>availability.</i>  (For example, power transients or system crashes in mid-encryption must not damage your data.  Encryption must also not interfere with back-up software.)  However, even such a cryptosystem is no guarantee of data security, if your operating system can circumvent it by leaving copies of un-encrypted data lying around.

<P>Unfortunately, Windows� has several inherent ways in which it can leak partial or complete copies of sensitive data around the strongest encryption.  This tutorial discusses the features that must be included in a  Windows� cryptosystem to plug these leaks, and system configuration issues affecting their effectiveness.

<BLOCKQUOTE><FONT SIZE=2 COLOR="#CC3300">
<b>UPDATE:</b> <a href="http://www.CerberusSystems.com"><b><u>Cerberus Systems, Inc.</u></b></a> has expanded this material and incorporated it into the Cerberus INFOSEC Tutorial, which is shipped as Windows Help files with their (also updated) cryptographic products, and posted in an HTML version on their web-site.  I've replaced my original pages with links to their corresponding web-pages.  Through their courtesy, I've posted here free downloads of the <a href="winhelp/tutorial.hlp"><b><u>16-bit</u></b></a> and <a href="winhlp32/tutorial.hlp"><b><u>32-bit</u></b></a> compressed help-files for off-line viewing.  Each file is about 58K.  To use the search capability of the Windows 95 or Win32s version of Help you should also download the less-than-300-byte<a href="winhlp32/tutorial.cnt"><b><u> tutorial.cnt</u></b></a> file.
</FONT></BLOCKQUOTE>


<CENTER>
<P><BR>
<TABLE BORDER=2>
<TR><TD>
<TABLE WIDTH=280>
<TR><TD> </TD><TD> </TD>
<TR><TD><A HREF="http://www.CerberusSystems.com/INFOSEC/tutorial/winfosec.htm"> <IMG SRC="doc.gif" ALIGN=LEFT BORDER=1></A></TD><TD><FONT COLOR="#C00000"><b>INFOSEC and WINDOWS</b>&reg</FONT></TD></TR>
<TR><TD> </TD><TD> </TD>
<TR><TD><A HREF="http://www.CerberusSystems.com/INFOSEC/tutorial/keys.htm"> <IMG SRC="doc.gif" ALIGN=LEFT BORDER=1></A></TD><TD><FONT COLOR="#C00000"><b>CRYPTOSYSTEMS and KEYS</b></FONT></TD></TR>
<TR><TD> </TD><TD> </TD>
<TR><TD><A HREF="http://www.CerberusSystems.com/INFOSEC/tutorial/phrases.htm"><IMG SRC="doc.gif" ALIGN=LEFT BORDER=1></A></TD><TD><FONT COLOR="#C00000"><b>PASSPHRASES</b></FONT></TD></TR>
<TR><TD> </TD><TD> </TD>
<TR><TD><A HREF="http://www.CerberusSystems.com/INFOSEC/tutorial/leaks.htm"> <IMG SRC="doc.gif" ALIGN=LEFT BORDER=1></A></TD><TD><FONT COLOR="#C00000"><b>WINDOWS</b>&reg <b>DATA LEAKS</b></FONT></TD></TR>
<TR><TD> </TD><TD> </TD>
<TR><TD><A HREF="http://www.CerberusSystems.com/INFOSEC/tutorial/system.htm"><IMG SRC="doc.gif" ALIGN=LEFT BORDER=1></A></TD><TD> <FONT COLOR="#C00000"><b>SYSTEM CONFIGURATION</b></FONT></TD></TR>
<TR><TD> </TD><TD> </TD>
</TABLE>
</TD></TR>
</TABLE>

</CENTER>
<P><BR><HR>

</BODY>

</HTML>