Encryption Backdoors: Can they work?
Bestimmte Ereignisse in der Vergangenheit haben immer wieder zu Forderungen von Regierungsstellen und Strafverfolgungsbehörden nach ausgefeilteren Tools zur Online-Überwachung von Verdächtigen geführt. Eine Idee, die immer wieder für Aufmerksamkeit sorgt, sind so genannte “Backdoors“ bei der Verschlüsselung. Eine Verschlüsselungs-„Hintertür“ ist eine Methode, um die Verschlüsselung oder Authentifizierung in einem System zu umgehen.
Hintertüren können aus legitimen, praktischen Gründen existieren. Ein Beispiel dafür ist die Möglichkeit, dass ein Hersteller oder Dienstanbieter den Zugriff auf einen Benutzer wiederherstellen kann, der sein Passwort vergessen hat. Durch Verschlüsselungs-Backdoors können aber auch Dritte wie z.B. Regierungen oder Geheimdienste normale Sicherheitsmaßnahmen umgehen. Dies geschieht dann, um Zugang zu einem Konto oder Gerät und seinen Daten zu erhalten. Im Wesentlichen sind dies Möglichkeiten für den Hersteller, bestimmten Parteien den Zugang zu Komponenten eines Gerätes zu ermöglichen. Andererseits schützen robuste Verschlüsselungsverfahren diese Gerätekomponenten. Eine einfache Analogie ist, ein sehr teures, schwer zu knackendes Schloss an Ihrer Haustür zu haben, das nur Sie öffnen können. Sie können aber auch Ihren Hausschlüssel unter einer Topfpflanze verstecken (das Versteck kennen aber nur sehr wenige andere Personen).
Dieser Blog wird sich mit der Technologie rund um die Verschlüsselung und deren Umgehung befassen. Wir werden auch die Vor- und Nachteile solcher Verschlüsselungs-Backdoors untersuchen, die in Kommunikationsgeräte wie Telefone und Laptops und andere Client- und Enterprise-Technologien (Messaging, E-Mail, Cloud, etc.) eingebaut werden.
But first, a quick history lesson
The backdoor encryption is a concept that could be hard to comprehend without the actual encryption history. The concept of encryption itself is thousands of years old. Ancient civilizations in Mesopotamia and the Levant used simple methods of alphabetic substitution to encode sensitive information. In the 19th century, the poet Edgar Allen Poe was a keen amateur cryptographer. At that time he demonstrated his ability to decipher encoded messages submitted to him by the public. Any study of the Second World War must mention the decisive effects of breaking the German Enigma codes. The success of pioneering computer scientist Alan Turing and his many colleagues at Bletchley Park, 50 miles north-west of London, shortened the war by at least two years. More recently, the invention of the computer and the internet has led to more advanced methods of encryption.
Encryption: how does it work?
Modern encryption consists of two components: public and private keys. When a user sends a message to another, the sender’s computer uses the receiver’s public key to encrypt the contents of the message. This encrypted message will decrypt into its original state by using the receiver’s the private key. A system that utilizes end-to-end encryption, like Mailfence, uses a public key system, OpenPGP to be exact. Alongside of OpenPGP based end-to-end encryption, it also supports secure message escrow, or simply password based end-to-end encrypted messages.
The product of two prime numbers create a public key (in case of RSA algorithm). The two prime numbers that generate the public key, make up the private key. Due to the mathematical complexity of finding the prime factors of a large number, private keys could take decades to decrypt using a brute force attack. Conversely, knowledge of a private key would mean that the public key could be calculated in a split second. This as a result of it’s simple multiplication. Therefore, it is strictly important to keep the private keys hidden. Private keys are very difficult to crack. Therefore, the only practical way of gaining unauthorized access to encrypted data, is to obtain the private key itself. In order to access that private key, encryption backdoor concept kicks in.
Encryption backdoors are implemented in the design and manufacture stage of devices or software. They serve as a way to access these private keys. Proponents of encryption backdoors support allowing limited access to parties such as law enforcement. The mass shooting in San Bernardino, California in December 2015 thrust this issue into the spotlight. Police recovered the iPhone of one of the shooters. However, due to its passcode was not possible to access the device. Initially, law enforcement unsuccessfully requested Apple executives to grant exceptional access to the device. The government then filed a court order to compel Apple to install an encryption backdoor in a new version of the operating system so it could then be loaded onto the device. Apple CEO Tim Cook rejected these calls, saying that this demand had “implications far beyond the legal case at hand.”
If such an encryption backdoor were available, there is some debate as to its effectiveness. Former Microsoft CTO Ray Ozzie proposed an idea to allow law enforcement access to a ‘secure’ database of private keys, commonly referred to as a key escrow system. The police can access the encrypted device by using the private key. However, the device would then enter a irreversible recovery mode and couldn’t be used again. However, as others have pointed out, this system wouldn’t work because there wouldn’t be a way to guarantee the security of the database containing backdoor keys.
The case against encryption backdoors
The Electronic Frontier Foundation, a digital privacy advocacy group, argues that there is no middle ground when it comes to encryption backdoors. They argue that exceptional access “erodes encryption security, granting law enforcement either its own set of private keys for every encrypted device and individual who sends and receives encrypted messages,” or requires the creation and secure storage of duplicate keys” that can be handed over by the service provider upon request. The middle ground demanded by law enforcement between ‘good’ and ‘bad’ encryption is still bad encryption.
Where do we go from here?
The FBI’s failed request to get Apple to grant an encryption backdoor was arguably an attempt at setting a legal precedent. If Apple had acquiesced to this demand, there would be a legal precedent. As a result, it would create additional encryption backdoors in the future. Creating encryption backdoors from manufactures in emergency cases like this leads into consequences. As a result, all kinds of devices would immediately be at greater risk of attack from criminals and other bad actors.
As our lives increasingly rely on technology, the potential consequences of encryption backdoors only worsen. With the emergence of the Internet of Things, the existence of an encryption backdoor in one device could jeopardize security of other devices connected to it. As the saying goes, a chain is only as strong as its weakest link. Bad actors could compromise a seemingly innocuous IoT appliance. Therefore, this will put much more critical devices and data at risk of compromise. When we consider the large amount stored of our personal data on our devices and cloud services, the potential for abuse from repressive governments becomes more clear.
Is there a safe way to build encryption backdoors?
A hot debate about encryption backdoors has been going on for decades. In one camp are cryptography experts and privacy advocates fiercely defending the need to maintain strict encryption standards and practices. On the other side, governments and law enforcement agencies maintain a strong interest in establishing encryption backdoors in the name of public safety. Regarding the feasibility of a truly secure key escrow system, cryptography expert Matthew Green stated “we’ve thought about it and we don’t think it will work.”
– Mailfence Team