Lazarus: Data Leakage with PGP and Resurrection of the Revoked User

Authors

  • Rodrigo Ruiz CTI Renato Archer, Campinas, Brazil
  • Rogério Winter Brazilian Army, Campinas, Brazil

DOI:

https://doi.org/10.13052/2245-1439.521

Keywords:

Data Leakage, Privacy, Data Loss, Drive Encryption, Encryption, PGP, Symantec, NASA

Abstract

The cybersecurity is the issue on the international agenda. The abuse of communication and faulty software is a common practice that brings the decade of 70. Invariably technology is the great protagonist of data leakage and loss of privacy. However, issues related to cybersecurity are founded on sociotechnical approach: technology, people, processes and environment, which interact indistinctly in a sensitive relationship. In this intricate sociotechnical environment of cybersecurity, this paper discloses a flaw in Symantec Encryption Desktop (SED), which can allow the leakage of sensitive information from governments, military and research centers around the world. In this context, as an example, the National Aeronautics and Space Administration (NASA) uses the Symantec Pretty Good Privacy (PGP) Encryption Desktop (SED). The Technology is not the main culprit for data leakage. Sometimes, the users are influenced by sophisticated marketing campaigns, which reaffirms the quality of products and services. In practice, this work is focused in the design errors and past vulnerabilities which are still present in recent technological solutions and allow data leakage and loss of privacy in a general way.

 

Downloads

Download data is not yet available.

Author Biographies

Rodrigo Ruiz, CTI Renato Archer, Campinas, Brazil

R. Ruiz is researcher of CTI – Information Technology Center – Renato Archer, Campinas, Brazil, also he is a member of the SDIWC (The Society of Digital Information and Wireless Communications) have some papers about privacy and he is co-author of Apoc@lypse: The End of Antivirus and he is author of papers about privacy and security.

https://www.researchgate.net/profile/Rodrigo_Ruiz3

Rogério Winter, Brazilian Army, Campinas, Brazil

R. Winter is colonel at the Brazilian Army with more than 25 years of experience in military operations and cybersecurity. He is master degree in Electronic Engineering and Computation by Aeronautics Technological Institute-ITA, also he is a member of the SDIWC (The Society of Digital Information and Wireless Communications) and at present, one dedicates to the warfare issues, cybernetics, command and control, and decision-making process and he is co-author of Apoc@lypse: The End of Antivirus.

References

CISCO. (2008). Data Leakage Worldwide: Common Risks and Mistakes Employees Make. Available at: Data Loss Prevention: http://www. cisco.com/c/en/us/solutions/collateral/enterprise-networks/data-loss-pre vention/white_paper_c11-499060.html (Retrieved: February 24, 2014).

Corbin, K. (2016). Cybersecurity much more than a compliance exercise. Available at CIO: http://www.cio.com/article/3025452/cyber-attacks-espionage/cybersecurity-much-more-than-a-compliance-exercise.html (Retrieved February 24).

Denning, D. E. (1987). “An Intrusion-Detection Model,” in IEEE (Ed.) IEEE Transactions on Software Engineering – Special Issue on Computer, Vol. 13, (Piscataway, NJ, USA: IEEE Press), 222–232. doi:10.1109/TSE.1987.232894

Ellacott, J. (2014). Leading Email Encryption Vendors Respond to Heartbleed Bug Threat. (Infiniti Research Limited). Available at: TechNavio: http://www.technavio.com/report/global-email-encryption-market-2014-2018 (Retrieved February 22, 2015).

Filatovs, A. (2014). Data Security Solutions. Available at: Slide Share: http://pt.slideshare.net/AndSor/dss-symantec-pgp-encryption-fortress-2014-arrowecs-roadshow-baltics (Retrieved February 25, 2015).

Greenberg, A. (2010). Symantec Acquires Encryption Provider PGP For $300 Million. (Forbes) Retrieved February 24, 2015, from Forbes Magazine: http://www.forbes.com/sites/firewall/2010/04/29/symantec-acquires-encryption-provider-pgp-for-300-million/

NASA. (2012). NASA Data At Rest (DAR) Symantec Pretty Good Privacy (PGP) Desktop Encryption. (NASA). Available at: NASA SHARED SERVICES CENTER: https://answers.nssc.nasa.gov/app/answers/detail/a_id/6235/∼/nasa-data-at-rest-%28dar%29-symantec-pretty-good-privacy-%28pgp%29-desktop-encryption (Retrieved April 24, 2015).

Ruiz, R., Amatte, F. P., and Park, K. J. (2014). Security Issue on Cloned TrueCrypt Containers and Backup Headers. Kuala Lumpur, Malaysia: SDIWC. Available at: https://www.researchgate.net/publication/271498536

Symantec Corporation. (2014). Symantec Endpoint Encryption – Protect Your Data. (Google Inc.) Available at: You Tube: https://www.youtube.com/watch?v=NtGSX3pYkLQ (Retrieved February 24, 2015).

Symantec Corporation. (2015). How Endpoint Encryption Works. Available at: from Symantec Enterprise: http://www.symantec.com/content/en/us/enterprise/white_papers/how-endpoint-encryption-works_WP_21275920.pdf (Retrieved February 24, 2015).

The New York Times. (2005). Nytimes. Available at: http://www.nytimes.com/2005/05/10/technology/internet-attack-called-broad-and-long-lasting-by-investigators.html?_r=0 (Retrieved 01 05, 2016).

Winter, R., and Ruiz, R. (2015). Luke 8:17 – Errors that Compromise the Privacy and Information Security. Def.camp. Bucharest.

Winter, R., and Ruiz, R. (2016). Corrosive secrecy and confidence: the paradox among bypassing cryptographic software, loss of privacy and information security. Cyber Secur. Rev. 66–74.

Downloads

Published

2016-11-19

Issue

Section

Articles