Why Backdoors Break, not Weaken Encryption - DTNS WEEKLY TECH UPDATE 11/22/2017
Added 2017-11-22 17:21:03 +0000 UTCThis is the weekly newsletter companion to Daily Tech News Show at http://dailytechnewsshow.com/
You can get this newsletter by backing DTNS for $5 a month or more at http://patreon.com/dtns
This week's column is out a day early because of the Thanksgiving holiday in the US. Also with the FCC releasing its proposal on net neutrality, a lot of you probably expected me to write about that. But I pretty much said I all I have to say about it 4 months ago when the proposal was first put up for public comment. You can find that column, "A History of Net Neutrality" here: https://www.patreon.com/posts/history-of-net-12946813
This week I'm going to expand on my discussion from Tuesday's show about why a back door breaks encryption.
CLOSER LOOK - From a certain point of view a back door to encryption seems reasonable. We have good solid encryption and we just weaken it a little so that only law enforcement officials under court supervision, can break into encrypted files in order to catch criminals. And if that was how it worked we could have a vigorous and healthy debate about the balance between personal security and public safety. That's not how it works. And public officials casting the issue that way are not acknowledging the reality of the situation.
I think this is truly important to understand because we should move on past back doors to other methods of fighting crime that actually could work with reasonable risk to personal security. We should be spending our time discussing where the line is on those issues rather than spinning our wheels discussing whether we should break encryption for the law-abiding, while leaving it working for criminals. Here's why I think this.
Read Up
First if you really want to read the arguments against backdoors read "Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications"
http://dspace.mit.edu/bitstream/handle/1721.1/97690/MIT-CSAIL-TR-2015-026.pdf?sequence=8
Among its 15 authors, all deeply experienced security professionals, are Ronald Rivest who helped created the RSA cryptosystem in 1977, Whitfield Diffie who helped create the public key exchange system for public key cryptography in 1976, and Bruce Schenier who has developed multiple ciphers and and algorithms in security, works for IBM and has been writing about security topics to make them accessible to the public since 1994. That's just a sample.
Also I'd recommend reading the bipartisan Congressional Encryption Working Group's 2016 year-end report which concluded “any measure that weakens encryption works against the national interest.” The group was established in March 2016 by House Judiciary Committee Chairman Bob Goodlatte (R-VA), Ranking Member John Conyers (D-MI), House Energy and Commerce Committee Chairman Fred Upton (R-MI), and Ranking Member Frank Pallone, Jr. (D-NJ) . They spent most fo the year interviewing ederal, state, and local government entities, former government officials, private industry and trade associations, civil society organizations, consultants and legal experts, academia, and cryptographers.
NOT NEW
Also keep in mind this is not a new fight. It was debated around the Clipper chip in 1997. The idea was to put code on the chip that would allow a back door. After vigorous debate it was determined that the chip would reduce security and innovation and the chip idea was abandoned.
Even though the Clipper chip failed, the US used export controls to encourage software makers like Netscape to use lesser encryption for international distribution. That meant all browsers included support for the lesser encryption and that eventually led to the FREAK and Logjam vulnerabilities, years later.
Also the argument that law enforcement is "going dark" is not new wither. It was used as early as 1992 to say that technology in the hands of criminals was eliminating intelligence sources for fighting crime. Surveillance ability and intelligence sources have increased not decreased since 1992.
RISKS FOR LAW-ABIDING CITIZENS
Let's start with the risks for you. If a back door of some kind was implemented, why is that so bad? Why can't a trusted government agency hold keys securely so that they can unlock encrypted data when needed in pursuit of a criminal investigation?
1. Backdoors undermine something called "Forward secrecy" which ensures communication sessions are secured by randomly generated ephemeral public keys. It is a strategy that prevents an attacker from later using a stolen private key to decrypt recorded encrypted sessions. Think of it this way, forward secrecy means if someone copies my private key somehow they can only use it to open things locked from the moment they copy the key until the moment I discover they have it and change my key. Without forward secrecy, if someone copies my key they can unlock everything I've ever encrypted with that key, ever.
The idea of a back door key used by government is often referred to as third-party escrow. It means, that in addition to my private key, the government would also have a key that could unlock my data should they need to. All known methods of achieving third-party escrow are incompatible with forward secrecy. You can't have ephemeral keys while maintaining the validity of the third party key.
Also, escrow keys could be used to impersonate any sender since the keys are also used for authentication. Yes, you could do separate keys for authentication and encryption but that has proven to be less secure.
2. Backdoors increase system complexity. As the NSA has said, "Complexity is the enemy of security." More complexity means more opportunities for attack. If I have a private key for my encyrptipon only stored on my machine that means an attacker has to get to my machine and my machine only. If it's stored on my machine but also on a service providers server, like Facebook let's say, that means the attacker can either get to my machine or any machine at Facebook that has access to the keys. More choices! More probability of success. If you then also add a third-party escrow service you not only have the key in more places you've also created a system that has to be able to be unlocked by two different keys which means the code is also more complex and means there is more of a chance of some kind of unanticipated vulnerability being exploited. More choices and more ways to attack.
And the whole thing has to be confidential which makes security testing more difficult. You can't do a bug bounty program. So you have less of a chance of finding vulnerabilities.
3. Finally a third-party escrow system represents a concentrated target. If an attacker wants to be able to unblock all encrypted files in use by all citizens under this regime, they can by getting into the third-party escrow system. A breach of the keys means access for all encrypted devices by the thief. This could be achieved by a malicious insider (like an Edward Snowden) or an unwitting accomplice (someone who got phished). Both examples have happened to the NSA. You could mitigate this by keeping the keys offline or stored separately but Law enforcement has stated need for rapid access, making those approaches impractical.
There have been real-life examples of third-party escrow being breached.
- From 2004-2005 100 Greek government members were wiretapped through vulnerability in backdoor in a Vodafone Telephone switch, that was intended only to be used by law enforcement.
- In 2010 an IBM researcher discovered a way into IP networks through lawful intercept built by Cisco.
And there are other side effects of a system like this being implemented even if all the above is ignored. Once one state gives exceptional access to encryption other states will want it. And each state will want its system to be confidential and particular to it. Which means companies making encryption would have to maintain separate banks of private keys for tens possibly hundreds of nations. That raises the attack surface area by quite a lot.
HARM TO CRIMINALS
OK. But even with all those risks, lets suppose it means no more terrorist attacks. No more shootings. We catch bad guys. Isn't that worth it?
It would be. But even law enforcement isn't suggesting this will be the silver bullet that ends large amounts of crime.
Sophisticated actors will use their own encryption not the weakened encryption mandated by law. This is the "math" argument you hear. You can make strong encryption illegal but it is almost impossible to enforce. As long as people can multiply primes into a product that is hard to factor they can encrypt almost anything. Quantum computers will arrive of course that change this, but that changes it for everyone. Until such time as a new encryption scheme is ushered in by quantum computers with new considerations it is impossible to stop someone from encrypting data without a back door.
Bruce Schneier did an estimate of all the encryption products out there and how many would fall under a US law requiring a back door. He estimated that, "Anyone who wants to avoid US surveillance will have 546 competing products to choose from."
SO WHAT SHOULD LAW ENFORCEMENT DO?
Often when I've gone through these facts I hear people begin to complain that I'm making it sound like we should just let criminals off the hook. We do not need to do that at all. This is why I think it's so important to let go of the comforting but false notion that we can somehow effectively reduce crime without endangering law-abiding people by adding a back door. We should be debating and developing the ways that CAN effectively combat crime and do not break safety altogether for law-abiding people.
The Congressional Group report I cited earlier has some recommendations of lines to pursue.
- One involves accessing information from private companies. Yes we need a good system with court supervision but this can be debated. This is along the lines of what has been going on with phone companies for decades. It is not without risks but the risks don't involve breaking something for everyone.
- We can continue to enable law enforcement’s ability to leverage metadata. Same debate of course but again metadata access doesn't break anything. It's a debate about the line between personal privacy and public safety.
- We could help law enforcement agencies exploit existing flaws in digital products. This seems the most promising if the most controversial. It does break things for individual users but not for everybody.
WHAT WOULD A BACK DOOR EVEN LOOK LIKE
I think the problem with forward secrecy alone makes a back door a bad idea. But for the sake of argument a lot of prominent security researchers would like to evaluate an actual back door system. No actual technical specifications for a system have been proposed for evaluation.
And I don't think they should be. We need to stop perpetuating the fiction that a back door is just a compromise. It's not. It breaks encryption and it breaks it for you and your Mom and your neighbor and everyone. That's not a compromise, that's just being compromised.
NEWS RECAP
The US FCC published its proposal for modifying Open Internet Guidelines. The FCC now recommends reclassifying Internet services as Information services like Cable TV rather than common carriers like phone service. This would remove the legal justification for provisions against preferential treatment of traffic from certain sources. The new rules would include transparency requirements around network management practices including blocking and paid prioritization. In a phone briefing a senior FCC official also revealed the FCC order also finds that state and local laws must be preempted if they conflict with the US government's policy of deregulating broadband Internet service. The proposal will be voted on at a meeting December 14. https://arstechnica.com/tech-policy/2017/11/rip-net-neutrality-fcc-chair-releases-plan-to-deregulate-isps/
Hewlett Packard Enterprise announces Antonio Neri to succeed Meg Whitman as CEO. Whitman will resign effective February 1, 2018. She will remain on the board of directors. http://www.businessinsider.com/meg-whitman-is-stepping-down-from-the-ceo-job-at-hewlett-packard-enterprise-2017-11
Uber told Bloomberg that Hackers stole the personal data of 57 million customers and drivers from the company in 2016, Uber fired its chief security officer and one of his deputies for keeping the hack a secret, which included a $100,000 payment to the attackers. Names, email addresses, phone numbers, and driver's license numbers were all part of the breach, but Uber says no social security, credit card ,or perhaps most importantly trip history data were leaked. https://www.bloomberg.com/news/articles/2017-11-21/uber-concealed-cyberattack-that-exposed-57-million-people-s-data
Management firmware on a number of recent Intel PC, server, and Internet-of-Things processor platforms are vulnerable to remote attack, and could allow remote attackers launch commands on some Intel-based laptops and desktops shipped with Intel Core processors since 2015. Intel has posted a detection tool on its support website for Windows and Linux to help identify which systems are vulnerable. The company is also directing users to check for firmware updates from their computer's manufacturer. https://arstechnica.com/information-technology/2017/11/intel-warns-of-widespread-vulnerability-in-pc-server-device-firmware/
Tesla unveiled its electric semi-truck with a range of 500 miles on a charge, capable of pulling 36,287kilograms, the maximum allowed on US roads. Wal-Mart told CNBC it will be one of the first companies to test pilot the new semi-truck. Tesla also showed off a new high-end sports car with a range of 620 miles on a charge and 0-100mph in 4.2 seconds. No price or release date were announced for either vehicle. http://www.bbc.com/news/technology-42021713
-- https://techcrunch.com/2017/11/17/walmart-plans-to-pilot-test-the-new-tesla-semi/
Thursday the San Antonio Express reported that Texas Rangers served a search warrant to Apple seeking photos, messages, documents and other data stored by the shooter in Sutherland Springs. The warrant applies to two phones and an iCloud account. The two phones are reportedly an iPhone SE and LG 328BG. http://www.mysanantonio.com/news/local/article/Apple-served-with-search-warrant-in-Sutherland-12364230.php#photo-14561147
EA made another change to its Star Wars Battlefront II game right before its official launch, temporarily removing in-game purchases of crystals. Using real money to buy crystals could allow people to get in-game credits which otherwise had to be earned by gameplay. https://www.theverge.com/2017/11/16/16668234/battlefront-2-loot-boxes-crystal-microtransactions-removed-ea
Apple and Foxconn confirm that Foxconn used student workers illegally to manufacture parts for the iPhone X. It is illegal for students to work overtime hours in China. Foxconn says the overtime hours were voluntary, and allowed by mistake but that the situation has been remedied." https://www.cnet.com/news/iphone-x-supplier-foxconn-under-fire-over-student-labor/
DJI announced a bug bounty program back in August and security researcher Kevin Finisterre was working within that program to disclose how he found private data and images from DJI customers on an unprotected AWS, instance. At first DJI said he qualified for the highest bounty but when he had issues with the terms of the award, which he feared would silcence him, DJI threatened him with charges under the Computer Fraud and Abuse Act. https://arstechnica.com/information-technology/2017/11/dji-left-private-keys-for-ssl-cloud-storage-in-public-view-and-exposed-customers/
Looking Glass announced a hologram viewing device called the HoloPlayer One. One version of the HoloPlayer One uses HDMI to connect to a PC for $750. A second version has an Intel Core i7 processor to work without a PC and costs $3,000. The device reflects content from a 2560 x 1600 LCD display and uses a depth-sensing camera for interactivity. The process yields an effective 267 x 480 resolution for 3D images. An SDK is being released to help developers discover uses for the display. https://www.theverge.com/circuitbreaker/2017/11/21/16681580/holoplayer-one-looking-glass-holograms
Apple's upcoming HomePod was originally slated for sale in December. But today the company says it'll miss the 2017 holiday shopping season and won’t be available until “early 2018.” Speculation as to why there's a delay centers around the Siri digital assistant service. http://fortune.com/2017/11/17/apple-homepod-delay-amazon-alexa-google/
Volvo has agreed to sell up to 24,000 Volvo XC90 SUVs to Uber for use in a fleet of autonomous cars. The deal would run from 2019 to 2021. The cars would be made to run Uber's autonomous car system which Is being tested in Pittsburgh, Pennsylvania and Tempe, Arizona. https://www.reuters.com/article/us-volvocars-uber/volvo-cars-to-supply-uber-with-up-to-24000-self-driving-cars-idUSKBN1DK1NH
The non-profit Global Cyber Alliance, founded by law enforcement and research organizations announced a new independent DNS service called Quad 9 after the 9.9.9.9 address it uses. The free service, launched in partnership with IBM and Packet Clearing House, promises not to log users. It will use info from 19 threat feeds to block malicious domains. https://arstechnica.com/information-technology/2017/11/new-quad9-dns-service-blocks-malicious-domains-for-everyone/
![J.A.X [Ai art]](https://xaiju.com/istorage/100248.jpg)
![[RV]-Nobunaga](https://xaiju.com/istorage/27726.jpg)
