Backdoor

From Free net encyclopedia

This article is about hidden backdoors into most computer systems. For other uses, see Backdoor (disambiguation).

A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication or securing remote access to a computer, while attempting to remain hidden from casual inspection. The backdoor may take the form of an installed program (e.g., Back Orifice) or could be a modification to a legitimate program.

The threat of backdoors was recognized by the US military when multiuser and networked operating systems became widely adopted. Petersen and Turn discussed computer subversion in a paper that was published in the proceedings of the AFIPS Conference [PT67]. They note a class of active infiltration attacks that utilize "trapdoor" entry points into the system to bypass the security facilities and permit direct access to data. Here the use of the word trapdoor clearly coincides with the current definition of a backdoor. However, since the advent of public key cryptography the term trapdoor has assumed a different meaning.

A backdoor in a login system could take the form of a hard coded user and password combination which gives access to the system. A famous example of this was used as a plot device in the 1983 film WarGames, where the designer of a computer system (the "WOPR") had inserted an undocumented password (named after his son) which gave the user access to the system and to undocumented aspects of its behavior (a video game like simulation mode).

An attempt to plant a backdoor in the Linux kernel, exposed in November 2003, showed how subtle such a code change can be [1]. In this case a two-line change appeared to be a typographical error, but actually gave the caller to the sys_wait4 function root access to the system (see the external link below).

Although the prevalence of backdoors in systems using proprietary software (ie. software whose source code is not readily available for inspection) is not widely accepted, they are nevertheless periodically exposed. Programmers have even succeeded in secretly installing large amounts of code as Easter eggs in programs, although such cases may involve official forbearance if not actual permission.

It is also possible to create a backdoor without modifying the source code of a program, or even modifying it after compilation. This can be done by rewriting the compiler so that it recognizes code during compilation that triggers inclusion of a backdoor in the compiled output. When the compromised compiler finds such code, it compiles it as normal, but also inserts a backdoor (perhaps a password recognition routine). So, when the user provides that input, he gains access to some (likely undocumented) aspect of program operation. This attack was first outlined by Ken Thompson in his famous paper Reflections on Trusting Trust.

Many computer worms, such as Sobig and Mydoom, install a backdoor on the affected computer (generally a PC on broadband running insecure versions of Microsoft Windows and Microsoft Outlook). Such backdoors appear to be installed so that spammers can send junk email from the infected machines.

A traditional backdoor is a symmetric backdoor: anyone that finds the backdoor can in turn use it. The notion of an asymmetric backdoor was introduced by A. Young and M. Yung in the proceedings of Advances in Cryptology---Crypto '96. An asymmetric backdoor is a backdoor that can only be used by the attacker that plants it, even if the full implementation of the backdoor becomes public (e.g., via publishing, being discovered and disclosed by a reverse-engineer, etc.). Also, it is computationally intractable to detect the presence of an asymmetric backdoor under black-box queries. These types of attacks have been called kleptographic attacks and they can be carried out in software or hardware (smartcards). The theory of asymmetric backdoors is part of a greater field known as cryptovirology.

1 The classic "Trusting Trust" backdoor
2 References
3 Backdoors in the media
4 External links

[edit]

The classic "Trusting Trust" backdoor

"Trusting Trust" was the first major paper to describe black box backdoor issues, and point out that trust is relative. It described a very clever classic backdoor mechanism based upon the fact that people only review source (human written) code, and not compiled (machine) code. A program called a compiler is used to create the second from the first, and it is trusted to do an honest job.

This paper therefore described how a modified version of the UNIX C compiler could be told specifically to:

Put an invisible backdoor in the Unix Login command when compiled, and as a twist
Also add this feature undetectably to future compiler versions upon their compilation as well.

Because the compiler itself was a compiled program, this extra functionality would never be noticed, and likewise would not be noticed in software created by it. What's worse, in Thompson's implementation, the subverted compiler also subverted the analysis program (the disassembler), so that someone who examined the binaries in the usual way would not actually see the real code that was running, but something else instead. This version was never released into the wild. It was released to a sibling Bell Labs organization as a test case; they never found the attack.

In 2005 the paper Countering Trusting Trust through Diverse Double-Compiling was published. This paper showed how to counter this backdoor, but it requires a second compiler, and it only shows if a source and binary correspond (humans must still review the compiler source code).

[edit]

References

[PT67] H. E. Petersen, R. Turn, "System Implications of Information Privacy," Proceedings of the AFIPS Spring Joint Computer Conference, vol. 30, pages 291–300, AFIPS Press, 1967.

[edit]

Backdoors in the media

The popular movie WarGames is about a teenage hacker who discovers a backdoor inserted in the Department of Defense's computer system by the person who made the system.

[edit]