By John E. Dunn
03 October 2008
Bitmaps stored inside encrypted backup files could be vulnerable to a
sophisticated 'comparison' attack, a German security researcher has
In a new paper, Bernd Roellgen of Munich-based encryption outfit PMC
Ciphers, explains how it is possible to compare an encrypted backup
image file made with almost any commercial encryption program or
algorithm to an original that has subsequently changed so that small but
telling quantities of data 'leaks'.
The problem is that bitmaps often display low levels of entropy, such as
would be the case in pictures taken at night with large areas of high
contrast. Roellgen's attack is based on comparing two volumes encrypted
into scrambled ciphertext using the same symmetric or 'static' key,
where the original subsequently has new files added. This yields a
pattern of structured similarities and differences that can be used to
reveal some of the original information in plaintext form.
The attack doesn't work for other types of data, for instance text
files, because the entropy levels are too high. But it is believed to
effect almost any encryption program currently on sale as long as the
two volumes being compared use the same encryption key whilst being
slightly different from one another.
Register now for HITBSecConf2008 - Malaysia! With
a new triple-track conference featuring 4 keynote
speakers and over 35 international experts, this
is the largest network security event in Asia and
the Middle East!