In
the world of encryption, assume anyone can view your communications. That is
the basis behind the Diffie-Hellman public key exchange (DHE), a method of
encrypting digital communications between two parties. The DHE works like this:
two parties, "Alice" and "Bob", want to send secret data to
each other over the internet. They know that anyone could be listening in on
what they are saying, so they use the DHE so that, even though someone can see
what they send, it will appear as an undecipherable jumble. The DHE can be analogized
like this: Alice and Bob both want to send each other documents back and forth
to each other in a secure manner. They decide on using a safe, which has two
locks. Alice has the key to one of the locks, and Bob has the key to the other.
Alice puts her document into the safe and closes it, locking both of the locks.
She then unlocks her lock using her own private key, and sends the safe over to
Bob. Along the way, the safe is examined, but because it is still locked no one
can see the document inside. When it gets over to Bob, he uses his key to open
the safe and read the document. This can continue indefinitely, with no one but
Alice and Bob being able to open the safe.
There
are two main vulnerabilities in the DHE system, called the Logjam
vulnerabilities, and both potentially being exploited by the NSA. The first
vulnerability is categorized by 512 bit DHE public keys. If the NSA exploited
this vulnerability, they could decrypt communications from 8.4% of the top one
million web domains and 3.4% of all HTTPS websites (websites secured by
encryption). This in and of itself is a huge deal, but the main problem with
this vulnerability is how easy it is to exploit: a reasonably-well funded enterprise
only needs two weeks to generate the key needed to decrypt all of those
communications. Thankfully, this was fixed after it was discovered, but
unfortunately the fix led to the second of the Logjam vulnerabilities,
involving 1024 bit DHE public keys. Most businesses that used 512 bit keys
began to use 1024 bit keys, which are much, much harder to crack. However,
documents released by Edward Snowden have revealed that the NSA has been able
to spy on the communications protected by these 1024 bit keys. How is that
possible, when they are supposed to be impossible to crack? Researchers
crunched the numbers, and found that it would take someone approximately $100
million, as well as a year of time, to break one 1024 bit key and use it to
spy. Since there are only a couple of 1024 bit keys in use, $100 million and a
year of time would be worth it for some agency to be able to eavesdrop on
trillions of encrypted connections. Researchers have concluded that they are
"almost positive" that the NSA has already done this, and is using
these public keys to decrypt a startling large percentage of all
communications.
These
discussions of wrong-doing on the NSA's part also bring up a little-discussed
question: isn’t the NSA supposed to protect us from these kinds of vulnerabilities?
Part of the founding goals of the NSA was to protect the US from intelligence
gathering and cyber-attacks launched by those outside of the US. If the NSA
cannot help companies prevent and prepare for a China-based cyber attack, then
who can? Any time these vulnerabilities are discovered by the NSA, they face an
ultimatum: go public with these vulnerabilities and teach us how to protect
ourselves, or keep them secret and use them for their own good. We will never
know exactly how many vulnerabilities the NSA has uncovered, but from the
documents leaked so far, we know that they will not hesitate to exploit.
Sometimes, when they do reveal and help us make encryption stronger, they still
work for their own benefit. An example of this is Dual_EC_DRBG, an
cryptographic algorithm. The NSA developed and pushed for standardization of
this algorithm, which included a backdoor that allowed them and only them to
decrypt anything encrypted with this algorithm. The revelation of this backdoor
has made security experts wary of trusting the advice of the NSA in the future,
which is counterproductive to their goal of helping us stay safe.
With
this knowledge made available, we must ask ourselves, what do we do now? We are
almost certain that the government is using hundreds of millions of dollars to
break encryptions that we as Americans rely on. The government is able to
access trillions of communications across the globe, with the entire process
shrouded in secrecy. Many argue for heavier and more secure encryptions. While
breaking a 1024 bit key is possible but extremely difficult, breaking a 2048
bit key is impossible with today's technology. There are also different
encryption technologies that do not have the vulnerabilities that the DHE does.
However, the true difficulty lies in the arms race between encryption and
decryption technology. A 2048 bit DHE may be secure for a time, but in the
future processing power will advance far enough that even these can be easily
broken. Instead of simply trying harder and harder to create cryptographically
secure technology, the power and scope of the NSA should be reeled in. They
could work towards making our technology safer against foreign governments,
instead of keeping it unsafe for their benefit.
This process could be done through the courts, but because the NSA is
shrouded in so much secrecy, we have no solid proof or evidence that these
things are being done, and even if we did the case could be thrown out on state
secrets grounds. There is no right answer to what needs to be done about this
problem, and most likely there will be a multitude of different solutions
before it is actually solved. Until then, we can simply fight the good (legal
and technological) fight.
Sources:
http://arstechnica.com/security/2015/10/how-the-nsa-can-break-trillions-of-encrypted-web-and-vpn-connections/
https://www.lawfareblog.com/nsa-and-weak-dh
No comments:
Post a Comment