Analysis: Keeping things safe

When you access your online banking you expect that only the bank can read your instructions to make transfers to other accounts. To do that the link between the two computers – yours and the bank’s – is encrypted. The same goes for other confidential things you want to send over the internet.

Unfortunately, the right to use secure encryption is under attack in many countries at the moment. Both the leaders of the US and UK are currently running campaigns to insist that a ‘back door’ be built into encryption, so that various parts of the state can read the information being sent. All sorts of excuses are being given – terrorists use encryption, child pornographers use encryption, criminals use encryption – the list is endlessly inventive.

One reason you don’t hear, is the suggestion that the lessons of history show that we need to allow the government to read everything we write or say. Politicians are remarkably well armoured against the outrageous slings and arrows of history. Especially when those lessons show something has been tried before and didn’t work!

So, for a look at the historical lesson of ‘back doors’ in encryption, I’d like to take you back to the days of the 1990s in the USA, but first I need to explain a bit about encryption itself. Don’t worry – it’s all non-technical!

Encryption has been around for a very long time. It consists of two things – a method of encrypting something and some sort of key (or pair of keys) that can be used to encrypt and decrypt the message. Theoretically, you could try and keep both the method and the key a secret, although experience has proved that it’s not that easy to keep the method a secret. The important thing therefore is keeping the key a secret. This is fine for secret agents – you give them the key before you send them off, and hope they don’t lose it or get captured.

The key, of course, must be long enough, and arbitrary enough, that you can’t break the code just by trying all possible variations of the letters and numbers making up the key. Assuming you get all that correct (and you’d be surprised how many amateurs fail to get everything right), and your method has no built in weaknesses, it should be possible to communicate securely. That applies even over a public, open, service like the internet, where, at least theoretically, anyone can listen in.

However, there is one problem: what happens if the parties involved (traditionally known as Alice and Bob) have never met, and so don’t have a shared key? Think about it – you want to access your bank account on the internet, you wouldn’t really want to pop down to the bank to give the several thousand noughts and ones to use as a key, would you?

Nope – not unless you have strong masochistic tendencies. Fortunately, in the 1990s Whitfield Diffie and Martin Hellman came up with a mathematical method for Alice and Bob to share keys, even if they’ve never had physical contact to share the key. it’s called, unsurprisingly, Diffie-Hellman key exchange. You don’t need to know the details of how it’s done, but the system is now used as part of the HTTPS protocol. That means that you use it every time you log on to a secure web site (like your bank) with your browser. It also part of SSH, used by system administrators to log on to servers remotely, and VPN used by employees to log into servers remotely.

OK. So still back in the 1990s, we have a problem with this key exchange. Not a technical problem, I hasten to add, but a political problem. It’s too good, and too difficult to break the keys generated, if implemented properly. Because of this, the US government, especially the then little known NSA, were not allowing US companies to sell encryption software, especially the key exchange software, abroad. (As an aside the NSA up to that time had successfully stifled the use of encryption by not allowing research into it to be published, and issuing gagging orders.)

Eventually companies were permitted to sell abroad after an addition was made to the protocol so that if a special sequence was injected into the traffic, a new key would be computed, and that this key would only be a very short key, which would be easy to break. This sequence was, of course known to the likes of the NSA. The problem is, of course, that now everyone knows about it: it’s the Logjam Attack (also known as the Diffie-Hellman Downgrade Attack) that’s been in the news recently.

In this case it was found and publicized by a researcher. But who knows who else has found it and used it in the last 20 or so years? The UK? China? Russia? Germany? Israel? Al-Qaeda? ISIS?

Which brings us to the point that the likes of David Cameron and Barack Obama fail, or refuse, to understand. There is no such thing as a ‘back door’ that’s just for the ‘good’ guys. If there’s a back door, sooner or later the bad guys will discover and use it. And the bigger the bad guys are – think, perhaps, China – the sooner they will discover the back door into the encryption.

There are many other reasons why the organs of government shouldn’t be able to pry into your encrypted traffic, but this is, if you like, the main technical reason – it opens it to everyone, not just law enforcement – for being opposed to ‘back door’ plans. The other reasons are much more in the realm of politics, and outside the remit of this newsletter.

Coda: If anyone uses the other, fatuous, ‘What have you got to hide?’ argument, just ask them if they have any objection to you installing a web camera in their bathroom. When they say they do have objections, ask them what they’ve got to hide...
http://arstechnica.com/security/2015/05/https-crippling-attack-threatens-tens-of-thousands-of-web-and-mail-servers/
https://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
https://en.wikipedia.org/wiki/Clipper_chip

Alan Lenton
14 June, 2015