Privacy has taken a huge hit since the introduction of the Internet. Google and Facebook are data mining our lives for information they can sell to advertisers and marketers. Our own government spies on us illegally without stop. Our information is stored on websites, and scoped up in huge data breaches, ending up in the hands of cyber-criminal gangs. What can we do about it? Today we publish the second of a three part series of guest posts on the subject of privacy.
by Douglas Crawford
The United States National Institute of Standards and Technology (NIST) developed and/or certified AES, RSA, SHA-1 and SHA-2. NIST works closely with the NSA in the development of its ciphers.
Given the NSA’s systematic efforts to weaken or build backdoors into international encryption standards, there is every reason to question the integrity of NIST algorithms.
NIST has been quick to deny any wrongdoing (“NIST would not deliberately weaken a cryptographic standard”). It has also has invited public participation in a number of upcoming proposed encryption-related standards in a move designed to bolster public confidence.
The New York Times, however, has accused the NSA of introducing undetectable backdoors, or subverting the public development process to weaken the algorithms, thus circumventing NIST-approved encryption standards.
News that a NIST-certified cryptographic standard – the Dual Elliptic Curve algorithm (Dual_EC_DRGB) had been deliberately weakened not just once, but twice, by the NSA destroyed pretty much any existing trust.
That there might be a deliberate backdoor in Dual_EC_DRGB had already been noticed before. In 2006 researchers at the Eindhoven University of Technology in the Netherlands noted that an attack against it was easy enough to launch on ‘an ordinary PC.’ Microsoft engineers also flagged up a suspected backdoor in the algorithm.
Despite these concerns, where NIST leads, industry follows. Microsoft, Cisco, Symantec and RSA all include the algorithm in their products’ cryptographic libraries. This is in large partbecause compliance with NIST standards is a prerequisite to obtaining US government contracts.
NIST-certified cryptographic standards are pretty much ubiquitous worldwide throughout all areas of industry and business that rely on privacy (including the VPN industry). This is all rather chilling.
Perhaps because so much relies on these standards, cryptography experts have been unwilling to face up to the problem.
Perfect Forward Secrecy
One of the revelations in the information provided by Edward Snowden is that “another program, code-named Cheesy Name, was aimed at singling out SSL/TLS encryption keys, known as ‘certificates,’ that might be vulnerable to being cracked by GCHQ supercomputers.”
That these certificates can be “singled out” strongly suggests that 1024-bit RSA encryption (commonly used to protect the certificate keys) is weaker than previously thought. The NSA and GCHQ could therefore decrypt it much more quickly than expected.
In addition to this, the SHA-1 algorithm widely used to authenticate SSL/TLS connections is fundamentally broken. In both cases, the industry is scrambling fix the weaknesses as fast as it can. It is doing this by moving onto RSA-2048+, Diffie-Hellman, or Elliptic Curve Diffie-Hellman (ECDH) key exchanges and SHA-2+ hash authentication.
What these issues (and the 2014 Heartbleed Bug fiasco) clearly highlight is the importance of using perfect forward secrecy (PFS) for all SSL/TLS connections.
This is a system whereby a new and unique (with no additional keys derived from it) private encryption key is generated for each session. For this reason, it is also known as an ephemeral key exchange.
Using PFS, if one SSL key is compromised, this does not matter very much because new keys are generated for each connection. They are also often refreshed during connections. To meaningfully access communications these new keys would also need to be compromised. This makes the task so arduous as to be effectively impossible.
Unfortunately, it is common practice (because it’s easy) for companies to use just one private encryption key. If this key is compromised, then the attacker can access all communications encrypted with it.
OpenVPN and PFS
The most widely used VPN protocol is OpenVPN. It is considered very secure. One of the reasons for this is because it allows the use of ephemeral keys.
Sadly this is not implemented by many VPN providers. Without perfect forward secrecy, OpenVPN connections are not considered secure.
It is also worth mentioning here that the HMAC SHA-1 hashes routinely used to authenticate OpenVPN connections are not a weakness. This is because HMAC SHA-1 is much less vulnerable to collision attacks than standard SHA-1 hashes. Mathematical proof of this is available in this paper.
The Takeaway – So, is Encryption Secure?
To underestimate the NSA’s ambition or ability to compromise all encryption is a mistake. However, encryption remains the best defense we have against it (and others like it).
To the best of anyone’s knowledge, strong ciphers such as AES (despite misgivings about its NIST certification) and OpenVPN (with perfect forward secrecy) remain secure.
As Bruce Schneier, encryption specialist, fellow at Harvard’s Berkman Center for Internet and Society, and privacy advocate famously stated,
“Trust the math. Encryption is your friend. Use it well, and do your best to ensure that nothing can compromise it. That’s how you can remain secure even in the face of the NSA.”
Remember too that the NSA is not the only potential adversary. However, most criminals and even governments have nowhere near the NSA’s ability to circumvent encryption.
The Importance of End-to-end Encryption
End-to-end (e2e) encryption means that you encrypt data on your own device. Only you hold the encryption keys (unless you share them). Without these keys, an adversary will find it extremely difficult to decrypt your data.
Many services and products do not use e2e encryption. Instead they encrypt your data and hold the keys for you. This can be very convenient, as it allows for easy recovery of lost passwords, syncing across devices, and so forth. It does mean, however, that these third parties could be compelled to hand over your encryption keys.
A case in point is Microsoft. It encrypts all emails and files held in OneDrive (formerly SkyDrive), but it also holds the encryption keys. In 2013 it used these to unlock the emails and files of its 250 million worldwide users for inspection by the NSA.
Strongly avoid services that encrypt your data on their servers, rather than you encrypting your own data on your own machine.
The next post completes the theme of privacy, looking at the the types on end-to-end encryption that anyone can use to keep their lives and business private. And thanks to Best VPN for their permission to republish this article.Share