comStar Firewall alert - PhaseThrough
comStar Firewall alert - PhaseThrough
comStar Firewall alert - PhaseThrough
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
systeM security . . . . . . . . . . . . . . . . . . . . . . . . . . . . .<br />
66<br />
optionaL rULe: draMatic encrYption<br />
As a gamemaster, you may wish to use an encrypted<br />
file or node as a story hook or a plot device.<br />
With the state of cryptography what it is in the 2070s,<br />
encryption presents a very low bar for players.<br />
Fortunately, there exist unique and particularly<br />
arcane encryption methods that represent either<br />
bleeding-edge research or ancient techniques that<br />
cannot be easily cracked by computers. These methods<br />
can only be decrypted under special circumstances,<br />
such as only in a certain place, using information from<br />
a particular object, only after finding all parts of a file,<br />
or simply after an inordinate amount of time. The<br />
details of such methods, including availability and<br />
frequency, are determined by the gamemaster.<br />
side of the link must be running Encrypt. There is no advantage if<br />
both connected nodes are running Encrypt, except that the highest<br />
rating of the two programs is used. Initiating signals encryption<br />
requires a Simple Action by each node, but no further action is<br />
needed to encrypt or decrypt data sent along the link until the<br />
encryption is disabled or the link is severed. Encrypted connections<br />
take up a subscription slot (see Subscriptions, p. 55).<br />
file encryption<br />
Files can be encrypted with a Simple Action, using the<br />
Encrypt program. When encrypting a file, a user may include more<br />
than one file, to create a single encrypted archive file containing<br />
several smaller files.<br />
A user may also include a Data Bomb program within the<br />
archive file. When doing so, the user also determines the conditions<br />
by which the Data Bomb will not activate (usually when<br />
it is decrypted using the key rather than by use of Decrypt) and<br />
whether or not the Data Bomb will destroy some, all, or none of<br />
the files within the encrypted archive. An encrypted archive may<br />
contain only one Data Bomb. See Data Bomb, p. 226, SR4.<br />
Additionally, a user may include an IC program (which may<br />
in turn be loaded with other programs) in an encrypted archive<br />
file. During this process, the user configures the IC’s behavior<br />
when the archive is decrypted, usually including a clause that keeps<br />
the IC from activating if the proper key is used. Barring instructions<br />
to the contrary, the included IC automatically loads into the<br />
node in which the archive file is decrypted. Only one IC program<br />
may be included in an archive file.<br />
The presence of a Data Bomb or IC can be detected with a<br />
successful Matrix Perception Test performed on the archive file.<br />
node encryption<br />
An entire node can be encrypted as an extra layer of security.<br />
An encrypted node can normally only be accessed by a user that has<br />
the correct key. A hacker may Decrypt the node, after which she can<br />
access it, as can anyone else with whom she shares the Decrypted key.<br />
The node must have an Encrypt program running, which counts<br />
against its program count for Response reduction. Encrypting a<br />
node does not automatically also encrypt subscriptions to or from<br />
it or files within it. Encrypting a node requires a Simple Action.<br />
Strong encryption<br />
While cryptanalysis is far stronger than encryption these<br />
days, it is possible to slow down an attacker more than standard<br />
encryption can. Doing so takes a large amount of processing<br />
power and time, and is considered by some hackers to be not<br />
worth the extra effort.<br />
When using strong encryption, the user needs the Encrypt<br />
program, as with normal encryption. The amount of time taken<br />
to perform the strong encryption then becomes the interval<br />
for an attacker’s Decryption Extended Test (p. 225, SR4). The<br />
longest period to which the interval may be increased is one<br />
day; beyond twenty-four hours, the encryption suffers from<br />
dramatic diminishing returns.<br />
Strong encryption may not be used for signals encryption.<br />
dynamic encryption<br />
It is possible to perform continuous re-encryption by<br />
monitoring a decryption attempt and adjusting the encryption<br />
algorithm accordingly. Doing so does not make the encryption<br />
safe, but it can delay an attacking hacker. Like strong encryption,<br />
dynamic encryption takes extra time and processing power. It<br />
has the additional disadvantage that it requires awareness of an<br />
attacker for it to be effective.<br />
Dynamic encryption is only effective against an attacker that<br />
has been detected with a Matrix Perception Test and that is currently<br />
decrypting a link, file, or node. The user makes an Opposed<br />
Computer + Encrypt Test against the attacker’s Electronic Warfare<br />
+ Decrypt; for every net hit on this test, the threshold for the attacker’s<br />
attempt to break the encryption is increased by one. This<br />
requires a Complex Action.<br />
The extra threshold applies only to the attacker against which<br />
it is directed. The attacker may clear the threshold penalty by restarting<br />
his decryption attempt, but this causes him to lose any hits<br />
already accumulated against the encryption.<br />
Once an attacker has fully decrypted a subscription, node, or<br />
file, this technique may no longer be used. Dynamic encryption is<br />
not compatible with strong encryption.<br />
decryption<br />
Most of the time, encrypted subscriptions, files, and nodes<br />
are decrypted with a key. Often they are decrypted by hackers<br />
who crack the encryption with the Decrypt program. Using the<br />
Decrypt program requires a Complex Action to start the process,<br />
but thereafter the program continues the Extended Test (p. 225,<br />
SR4) autonomously. Once a file is decrypted by any user, it remains<br />
decrypted, but when a subscription or node is decrypted by a user,<br />
it remains decrypted only for that user. However, the encryption<br />
may be re-instated under certain circumstances:<br />
Signals encryption may be restored by closing the subscription<br />
(a Log Off action), re-establishing the subscription (a Log On<br />
action), and then re-encrypting the subscription (a Simple Action<br />
from each side of the link).<br />
File encryption is restored merely by encrypting the nowdecrypted<br />
file.<br />
Node encryption is restored by rebooting the node (a<br />
Complex Action, plus boot time), and re-encrypting it (a Simple<br />
Action).<br />
Unwired<br />
Simon Wentworth (order #1132857) 9