180 likes | 369 Vues
Reasons to Support Strong Encryption for a Globally Secure Internet. Professor Peter Swire Ohio State University U.S. Technology Training Institute Washington, D.C. April 11, 2011. Overview. My view – have strong encryption, not weak cybersecurity Short history of wiretaps, phone & data
E N D
Reasons to Support Strong Encryption for a Globally Secure Internet Professor Peter Swire Ohio State University U.S. Technology Training Institute Washington, D.C. April 11, 2011
Overview • My view – have strong encryption, not weak cybersecurity • Short history of wiretaps, phone & data • U.S. history in 1990s and shift to strong crypto • Objection: “We want the keys” • Objection: “There must be a back door” • Why we don’t want weak cybersecurity • Lack of strong crypto as a security and legal violation
Wiretap on Copper Lines 3 Phone call Alice Local switch Telecom Company Local switch Phone call WIRETAP AT a’S HOUSE OR LOCAL SWITCH Bob
Wiretap on Fiber Optic 3 CALEA in U.S. Wiretap ready Phone call Alice Local switch Telecom Company Local switch Voice, not data Mobile & Land HQ gets downloads Phone call WIRETAP Only at LOCAL SWITCH Bob
From Voice to Internet 3 Hi Bob! Alice Alice ISP %!#&*YJ#$&#^@% %!#&*YJ#$&#^@% Internet: Many Nodes between ISPs %!#&*YJ#$&#^@% %!#&*YJ#$&#^@% %!#&*YJ#$&#^@% %!#&*YJ#$&#^@% %!#&*YJ#$&#^@% %!#&*YJ#$&#^@% %!#&*YJ#$&#^@% %!#&*YJ#$&#^@% Bob ISP Hi Bob! Nodes: many, unknown, potentially malicious Weak encryption = many intercepts Bob
Problems with Weak Encryption • Nodes between A and B can see and copy whatever passes through • Brute force attacks became more effective due to Moore’s Law; today, 40 bits very easy to break by many • From a few telcos to many millions of nodes on the Internet • Hackers • Criminals • Foreign governments • Amateurs • Strong encryption as feasible and correct answer • Scaled well as Internet users went over one billion
U.S. Experience 1990’s • Initial inter-agency victory for law enforcement (FBI) and national security (NSA), early-mid 90’s • Clipper Chip – government would have the keys • Fear of loss of ability to wiretap • Over 5 years of debate, to change in September, 1999 • Always had strong crypto within US • Exports were controlled, on idea that crypto = munition • Change to allow strong crypto export, new global norm (except for a few countries) that strong crypto used on Internet globally • Why the change to position contrary to view of law enforcement and security agencies?
Crumbling of Weak Crypto Position • Futility of weak crypto rules • Meeting with Senator or Congressman • Start the clock, how long to search for “encryption download”? • Get PGP or other strong crypto in less than one minute • In world of weak crypto rules, effect on good guys and bad guys • Bad guys – download PGP, stop the wiretap • Good guys – follow the rules, legitimate actors get their secrets revealed • Banking, medical records, retail sales • The military’s communications on the Internet, government agencies, critical infrastructure
Objection – We Want the Keys • The failure of the Clipper Chip • Idea was that all users of strong crypto would “escrow” their keys with law enforcement • Advocates for it had various safeguards, e.g., two people in the government had to agree for the key to be revealed • Devastating technical arguments against this • Some people didn’t trust the government • If do this for 200 nations worldwide, more people don’t trust all the governments • Single point of failure – if the databank of keys is ever revealed, most/all communications can be read
Objection – We Want the Keys • Even apart from key escrow, is useful to walk briefly through how public key encryption works, to show limits of requests for “we want the keys” • Basic approach of public key encryption • Other similar terms are Diffie-Hellman, asymmetrical keys • RSA a well-known instance of this approach • Alice and Bob each have a “public” key that anyone can wrap plaintext with • They each have a “private” key that is the only way to unwrap the encrypted text (unless someone tries brute force or other attack)
Where are the KEYS? 1 Hi Bob! Encrypt Bob's public key Alice Encrypted message – %!#&YJ@$ – Alice's local ISP %!#&YJ@$ – Backbone provider %!#&YJ@$ – Bob's local ISP %!#&YJ@$ Hi Bob! Decrypt Bob's private key The KEYS are with the individuals Bob
Where are the KEYS? 2 Encrypt Hi Fred! Jill at Corporation A Public key of Corporation B Encrypted message – %!#&YJ@$ – Corporation A's ISP Lawful process: Ask Corp A before encryption Ask Corp Bafter decryption %!#&YJ@$ – Backbone provider %!#&YJ@$ – Corporation B's ISP %!#&YJ@$ Decrypt Hi Fred! Private key of Corporation B The KEYS are with the corporations Fred at Corporation B
Limits to Getting the Keys • In many instances, the keys are held by Alice and Bob • No one else has the keys • That can include the software maker • Can be encryption at rest – your laptop • Brickifies if you lose your encryption key, so keep a backup • Can be encryption in communication • You may be only one with access to the private key, in some systems select it yourself or it is created by a one-way function where the originator has no access • Technical experts prefer/insist on this
Objection – Isn’t There a Back Door? • As with Clipper Chip, law enforcement would love to have a back door • Back door = designed security flaw in the system • May be that law enforcement only can read (Clipper Chip) • May be that software/service provider can read (they promise security but keep a secret way in) • Goal of back door: • All the good guys can get in (and know they can ask for it) • No one else, including bad guys, get in: • Criminals and their hackers • Foreign governments and spy services • Ph.D. computer experts • White hat hackers – people who detect flaws and tell CERTs and others about them
The Likelihood of Back Doors? • Let’s think through the likelihood that widely-used strong encryption actually has back doors for some law enforcement/national security agencies • My view – much less likely than many people think • Swire writings on when secrecy helps/hurts security • Key point is that secrecy not likely to be successful when there are many attackers, who can attack repeatedly, and can report successful attacks • A simpler way to say this: Wikileaks • What likelihood that the FBI has been pervasively using a backdoor, with knowledge of software/services companies, and it hasn’t leaked since 1999 approval of strong crypto? • What likelihood that none of the smart Ph.Ds and white hat hackers have ever found an example of this? • What brand effect on Microsoft (Bit Locker) and other global brands if they promised security and secretly broke it? What penalties for fraud?
Why We Don’t Want Weak Cybersecurity • Key point so far – weak crypto is weak cybersecurity • A world full of attackers can and will read data sent over the Internet unless there is strong crypto • U.S., India, and other governments considering the issue of strong crypto have spoken strongly about the need for strong cybersecurity • Numerous quotes about the need for strong cybersecurity • Critical infrastructure open to attack • Financial system • Medical records and other sensitive personal information • Including records used in cross-border provision of services
Lack of Strong Crypto as Legal Violation • Strong crypto increasingly becoming legal requirement • State of Massachusetts computer security law now in effect • Strict penalties for loss of laptop or other loss of data unless strong encryption in place • U.S. funding of $19 billion for electronic health records • Rules for reimbursement to medical providers going into effect on what constitutes “meaningful use” of electronic health records • Major financial incentive to have “meaningful use” • Strong encryption is expected to qualify for funding • More generally, numerous laws worldwide require cost-effective security measures, on pain of penalties • What is “adequate” protection under E.U. law? • For instance, Gramm-Leach-Bliley safeguards rule for U.S. financial services • With strong crypto low-cost and pervasive, its absence violates many laws
Conclusion • In discussion session can address other issues, including: • Law enforcement concerns that they are “going dark” – in fact they have much more access to intercepts than historically • Role of lawful intercept and effective legal structure as predicate for trans-border legal process • The U.S. and why it kept strong crypto despite other legal changes in the U.S. Patriot Act • In conclusion, complexity and disagreement will continue on how law enforcement and national security agencies can/should have access to communications, with what legal process • But a simple point – weak encryption at the heart of the Internet is weak cybersecurity • The debate on this topic took several years in the U.S. • In the end, wide and stable understanding that strong crypto is essential to do serious business on the Internet • Nothing has shaken that position since the U.S. acceptance of strong encryption in 1999