Fwd: Classified Email

[caelyx <sigint () caelyx net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[reposted, to the list this time]

Hey,

Sorry this is so late; I didn't see any replies, and I thought this  
might be remotely valuable.

On 4 Jun 2005, at 00:15, Dave Aitel wrote:

> Here in Harlem (always the best place to advertise advanced  
> technology) every bus station has a three meter advertisement for  
> the Microsoft Office system on it. The one near my house has a  
> picture of a dwarf triceritops head on a human body.
>
> Anyways the advert says "Classified emails and reply-all buttons  
> don't go together - the Microsoft Office System". This always  
> puzzles me.

At best, it seems badly worded. :)

AFAIK, the technology they're really selling is called 'Office Rights  
Management', which is the first application of the 'Windows Rights  
Management' stuff they're selling now. Essentially, individual  
documents (incl. emails, webpages, Word docs, etc) are "protected" in  
terms of who can read them and what they can do with them. So, Alice  
could say that only Bob and Charlie can read her email telling them  
that she's thinking of firing Eve, but they can't forward it to  
anyone or print it.

The mechanics are a little messy (there's something like 4 separate  
RSA keys involved in any given transaction), and I've got a diagram  
somewhere in a presentation that a Microsoft rep gave me, if that  
would be helpful. In essence, each protected document gets encrypted  
against a document-specific AES key, which is then encrypted against  
the rights-management-server's public RSA key. That's then attached  
to a XrML document saying who can do what with the file, which is all  
then signed by another key (the sender's, I think). The whole signed  
XrML document is then appended (or prepended) to the encrypted  
document. When you get the file, you strip off the XrML and hand it  
to the RMS along with your authentication information (AD  
credentials). If you're allowed access to the file, it hands back the  
key and you can decrypt the file.

The whole system relies on the claim that the applications (office  
and IE mostly) are impervious to attack, and will always obey the  
limitations in the XrML. I don't imagine that it'd be too difficult  
to break, if you were really serious. Otherwise, you could always use  
terminal services and hit print-screen or take a photo of the screen  
to get around the 'thou shalt not copy-paste, nor print' restrictions.

Oh, and Microsoft tell you to save a rights-unencumbered (i.e.:  
unencrypted) version of your document before you encrypt it. In a big- 
business environment, most users are going to dump that on their (not- 
so-)'secure' network drive anyway. :(


> [snip] How many companies go so far as to purchase "Confidential"  
> stamps for their employees, or even educating them on what's  
> confidential and what's not? What company has more than one level  
> of confidentiality in the normal workforce?

AFAIK, it's one of those things that ISO 17799 unilaterally declares  
to be important. As a result, companies who need to be able to claim  
compliance install schemes. Most of the financial institutions here  
(Australia) have gone to great lengths to establish and maintain  
differentiated confidentiality levels.

Hope that was at least slightly interesting.

#sim

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.1 (Build 2185)

iQA/AwUBQrRl0g0PThLBxU2kEQJK3gCgjHTkrCL8bEtm+hLOxcQDQ2sxaV0An3FJ
UcuXRZilQZoQ+uHKcUElIYAJ
=gfmK
-----END PGP SIGNATURE-----
_______________________________________________
Dailydave mailing list
Dailydave () lists immunitysec com
https://lists.immunitysec.com/mailman/listinfo/dailydave