Biz & IT —

Red October crypto app adopts “two-man rule” used to launch nukes

Now there's an easy way to stop rogue insiders from decrypting sensitive data.

Red October crypto app adopts “two-man rule” used to launch nukes

Engineers at content delivery network CloudFlare have released open source encryption software that's designed to prevent rogue employees from accessing sensitive information by decrypting data only when two or more people provide keys.

The open source software combines known cryptographic protections with the so-called "two-man rule," which militaries have relied on for decades to prevent the accidental or unauthorized launching of nuclear weapons. Just as armaments of mass destruction can be unleashed only when two authorized service members turn their unique keys at the same time, the data encrypted by the CloudFlare tool can be unlocked only when two or more employees provide passwords that briefly unlock their private cryptographic keys. The software has been dubbed "Red October," a nod to a key scene in the Tom Clancy novel and movie The Hunt for Red October.

The aim of Red October is to fuse trusted cryptographic algorithms with a front-end programming interface that makes them work only when keys possessed by multiple people are presented. It assigns each user a randomly generated 2048-bit RSA key pair. Each user's private key is then encrypted using a separate key based on the 128-bit AES algorithm and a user-chosen password that is cryptographically salted and then stored as a cryptographic hash using the scrypt key derivation function.

In a blog post, CloudFlare engineers explained:

When a user delegates their key to the server, they submit their username and password over TLS using the delegate JSON API. For each account, the password is verified against the salted hash. If the password is correct, a password key is derived from the password and used to decrypt the user’s RSA private key. This key is now “Live” for the length of time and number of decryptions chosen by the user.

Decrypting data

To decrypt a file, the server validates that the requesting user is an administrator and has the correct password. If two users of the list of valid users have delegated their keys, then decryption can occur. First the RSA private key is used to decrypt the key encryption key for these two users, then the key encryption keys are used to decrypt the doubly encrypted data key, which is then used to decrypt the data.

Red October is written in the Go programming language and is freely available as an open source application that anyone can use or add additional features to. The modular design of the tool means it won't take too much work for developers to write code that implements other types of authentication methods that don't rely on passwords. Transport layer security client certificates and time-based one-time passwords are two possibilities. Red October could also be updated to support other cryptographic algorithms, such as those based on elliptic curves.

Making it easier to enforce the two-man rule in cryptographic settings can make sense to anyone who stores large amounts of sensitive information. While most of the data breaches generating headlines are the result of outside hackers who scale a website's digital fortress, an estimated 14 percent of data breaches in 2012 were tied to rogue insiders, according to a recent report from Verizon. One can't help wondering if network architects at the National Security Agency—charged with preventing the kinds of leaks carried out by former contractor Edward Snowden—are considering overhauling their systems to better incorporate the two-man rule.

Listing image by CloudFlare

Channel Ars Technica