Vulnerabilities Threats Countermeasures

Document Security

FIPS PUB 140-1
DOD 5220.22-M
FIPS PUB 180-1
DOD 5200.28-STD

Windows® Leaks
System Settings




Windows®-compatible encryption

The NSA's National Cryptologic School defines information security, or INFOSEC as a risk management program, of both technical and operational measures, taken to counter threats to sensitive information's confidentiality, integrity or availability.


INFOSEC concerning Computer Systems Security, or COMPUSEC is the responsibility of NSA's National Computer Security Center (NCSC).

NOTE: The National Security Agency/Central Security Service is responsible for Signals Intelligence (SIGINT), including Communications Intelligence, or COMINT. In addition to traffic analysis, COMINT includes breaking the codes and ciphers used to protect targeted communications. Cryptology, the science which underlies such cryptanalysis, also underlies the design of secure codes and ciphers - cryptography. Thus, NSA also has the mission of providing cryptographic technology for Communications Security, or COMSEC. COMSEC includes protecting data in transit between computer systems, and since cryptography can also be used to protect data while it's on a computer system, NSA is responsible for the combination of COMSEC and COMPUSEC - INFOSEC.

NCSC is responsible for certifying software operating systems that may be used in Automated Information Systems, or AISs. This aids the accreditation of an AIS for a specific program's DoD Classified or Sensitive But Unclassified (SBU) information.

Access to DoD Classified information must be limited to individuals who both possess the appropriate Personal Clearance Level (PCL; i.e. Confidential, Secret or Top Secret/EBI/SBI), and have been Indoctrinated for that program.

NOTE: The most sensitive information is compartmented, to restrict access to those indoctrinated for its program. This has led to the popular misconception that there are "classifications higher than Top Secret." Instead, each program has a Classified code name, consisting of a pair of randomly generated words, like Fragrant Emerald and an unclassified digraph, like BK. Security personnel can check access lists to see if someone is cleared for Program BK, without themselves being cleared for need to know Fragrant Emerald information (or the name, itself). The fact that they have a Top Secret (TS) PCL, even if Fragrant Emerald is a TS program, doesn't permit them to see such data.

Such SCI (Sensitive Compartmented Information) or Special Access Programs may require more frequent repetitions of a person's Extended or Special Background Investigation to maintain his/her clearance. The costs of such EBI/SBI investigations, and those of various INFOSEC measures, are weighed against the costs of compromise. A 1991 Navy INFOSEC planning form listed nominal per-incident costs of $10,000 for Privacy Act data, $100,000 for Secret and $1,000,000 for generic Top Secret, in a hierarchy that extended further upwards to SIOP-ESI, SCI and National Cryptologic.

SBU information is a broad category of all other information whose security the US Government has a legal obligation to protect (under 15 USC 271-278h, for instance).

NOTE: SBU information includes Federal Reserve FedWire funds transfers, DoD For Official Use Only (FOUO) information, Privacy Act data and proprietary information.


Under NCSC's Trusted Computer Systems Evaluation Criteria (DOD 5200.28-STD), Windows® operating systems are Class D, the lowest of its seven levels.

NOTE: The increasing levels of "trust" in DOD 5200.28-STD are D, C1, C2, B1, B2, B3 and A. Win3.1, Win3.11, WFW3.11 and Win95 are Class D. WinNT 3.51 is certified as Class C2, as long as it's used on a PC with no floppy drive, no network or modem connection, and physical security measures adequate to maintain that configuration.

Even an AIS with a B2- or B3-certified operating system could fail accreditation for a particular program's sensitive information. Nevertheless, Windows® PCs can even be accredited for Top Secret/SCI and similar Special Access Programs, if used in Dedicated Mode per DOD 5220.22-M. The key is the embedding of the AIS in a physically and operationally secure environment while it contains sensitive data.

The DOS/Windows® architecture makes it fundamentally impossible for any software to deny a knowledgeable attacker access to a PC's system resources.

NOTE: Commercial access control software which modifies the DOS/Windows® Master Boot Record on your hard disk can be circumvented by the copy of an MBR that accompanies the basic DOS files on an "emergency boot diskette." BIOS passwords can be reset with jumpers or by shorting your CMOS setup memory's battery. Removing the floppy drive can defeat these kinds of attacks on your system. However, any Windows® (or DOS) system can read your hard disk's data files. One loaded with the kind of software used by law enforcement agencies can read files that you "deleted." Consequently, any means of system access control can be made irrelevant by disconnecting your disk controller cable and reconnecting one from another PC (or laptop). Any adversary who's unconcerned with your discovering such an attack can just steal your hard drive.

Consequently, add-on products cannot ensure COMPUSEC for a Windows-based system. However, it is possible to cryptographically control access to your data.


The only way you can protect your data while it's in use on an unsecure computer system is through physical and operational security measures. The only way you can guarantee your data's availability is by the disciplined use of data back-ups to a (non-physically-co-located) secure storage medium.

However, high-grade encryption can protect your data's confidentiality from being compromised when your system is outside your operational or physical security perimeter. Encryption can also enable you to determine whether your data's integrity has been compromised by tampering.

Such encryption obviously requires strong (export-controlled) ciphers. In addition, however, such encryption must be implemented in a high-grade cryptosystem that doesn't allow the operating system to circumvent the security of the encryption, and that doesn't compromise availability.

When combined with physical and operational security for your PC (and for your person), disciplined use of a high-grade software cryptosystem can provide high-level INFOSEC for your high-value data.

NOTE: Disciplined use is not universal use. If you feel that it's important to deny anyone else access to your particular copy of a publically available application program, our software cryptosystems are not for you. They (and we) do not support mass-encryption of executables, dynamic link libraries and virtual device drivers. Universal encryptors that intervene between Windows® and your disk may prevent your back-up software from working. Decryption delays in accessing their various components can crash some programs, or Windows® itself. More importantly, such disadvantages of mindless over-encrypting can discourage your using encryption to protect your high-value data files. Our software cryptosystems are specifically designed to provide you with minimal discouragement from their proper use, within the limits of good INFOSEC practices.


Effective encryption requires strong ciphers (e.g. triple-DES), that are performed by a securely implemented cryptographic engine. That cryptographic engine must meet the applicable standards for such ciphers; for their secure implementation; and for their secure modes of use (e.g. FIPS PUBs 46-2, 74 and 81).

Such a cryptographic engine must be integrated with secure key-generation, access control, and file overwriting functions (to standards like ANSI X9.17, FIPS PUB 180-1 and DOD 5220.22-M), to create a high-grade cryptosystem.

A high-grade cryptosystem must meet the Security Requirements for Cryptographic Modules (FIPS PUB 140-1). It must not leak keying information or exhibit the other implementation insecurities covered by that standard's Derived Test Requirements.

A high-grade software cryptosystem must perform automatic self-tests, to verify its own integrity and assure its user that it remains free from tampering.


A high-grade cryptosystem must be designed from the ground up. Products originally designed to handle un-encrypted data may be riddled with security leaks; adding encryption functions to them gives a false sense of security. If products are globally marketed, US export controls will limit their encryption to weak ciphers.

NOTE: Software to "crack" Lotus 1-2-3®, Lotus Symphony®, MS Excel®, MS Word®, Quattro Pro®, Quicken® and WordPerfect® encrypted files is available for from $99 to $185 from CRAK Software and AccessData: "AccessData's software recovers passwords for PKZip, WinZip, Word, Excel, WordPerfect, Lotus1-2-3, Paradox, Q&A, Quattro-Pro, Ami Pro, Approach, QuickBooks, Act!, Access, Word Pro, dBase, Symphony, Outlook, Express, MSMoney, Quicken, Scheduler+, Ascend, Netware, and Windows NT server/workstation." Non-export-controlled "encryption products" are similarly crippled. Avoiding such products is not difficult with a little study, by leaving "secret design features" and "new encryption algorithms" for the unwary. (See Matt Curtin's Encryption Snake Oil FAQ)

Its implementation must not purchase your data's confidentiality at the expense of its integrity or its availability. Power transients or system crashes in mid-encryption must not damage your data. Encryption must not interfere with back-up software.

NOTE: Our software cryptosystems are specifically designed to not interfere with the backup process, unlike automatic disk-encryptors. They are also designed to avoid corrupting data if interrupted in mid-encryption by system crashes, whether such crashes are due to power transients or to Windows® reaction to what it perceives as other programs' Illegal Operations or General Protection Faults.

Pre-packaged, generic high-level software building blocks used to minimize programming effort can leak your passphrase. Encryption software that directly uses passwords as keys, rather than using one-time keys from a cryptographically strong key generator, provides increased opportunity for cryptanalytic attack.

Such cryptosystem implementations are weak, regardless of the strength of the cipher used in the actual encryption subroutines.


Even without such implementation flaws, no cryptosystem can guarantee your data's security if your operating system bypasses it by writing extra copies of un-encrypted plaintext data into various locations on your hard disk.

The Windows® operating system can leak partial or complete copies of sensitive data around the strongest encryption. These copies are readily scavanged with the forensic software used by law enforcement agencies and by data recovery specialists in legal discovery for law suits. Such software is readily available to others, as well.

Any high-grade cryptosystem claiming the ability to protect your sensitive data on a Windows® PC must also provide the specific functions needed to plug those leaks. Only such a cryptosystem can really offer Windows®-compatible encryption.

The following sections address the design and use of software cryptosystems to secure your data, even though you can't secure your system.

Cerberus Systems, Inc. develops, manufactures and markets
software cryptosystems designed to level 1 of FIPS PUB 140-1
with DOD 5220.22-M disk data recovery countermeasures.

The Cerberus logo and the ...Security Manager product names are trademarks of Cerberus Systems, Inc.
© Copyright 1997-99, all rights reserved.