Perfect Forward Secrecy
When thinking about the possibilities and problems with cryptography when it comes to protecting from a large and resourceful eavesdropping organization such as FRA i found myself asking this question: If someone passively snoops encrypted web communication, is it possible to decrypt the information at a later date, if the secret key of the website somehow gets in the hands of the eavesdropper?
Why is this important? Well, if you have a scenario when for example a government agency has the ability to eavesdrop on and store vast amounts of data it might come to a situation when said agency gets really interested in decoding some of the encrypted information that is has snooped. If you are a government agency it might be enough to send a nasty letter to for example a webmail or social networking service demanding the key, or even break into the hosting facility that holds the secret key and obtain it, legally or illegally.
Anyway, back to my question. After some research I have found the somewhat dissatisfying answer is most of the time, stored encrypted traffic can be decrypted if the key is obtained. There is however a technique that effectively prevents such a scenario called Perfect Forward Secrecy. It is available when using the the DHE key exchange protocol, which is part of some of the cipher suites that can be used with TLS, the protocol used when connecting to a website with an address starting with https.
DHE stands for Diffie-Hellman key exchange with Ephemeral parameters, a method for a server and a client (in this case a web browser) to find a common session key that is used to encrypt the actual data without ever sending the actual session key in clear text. The key, as well as the Diffie-Hellman parameters used by the client and server to calculate the key is (hopefully) never stored on disk, but created for each connection (or, in the case of session caching, each couple of connections between the same server and client) and then discarded. The long term secret key used to authenticate the server and hopefully prevent man-in-the-middle attacks can not be used to re-create the session key even if it is known by an attacker.
To be able to use DHE to set up the encrypted connection, both web server and web browser need to support it. All modern web browsers that I have tested supports it, but for some reason many web servers doesn’t. Why? I’m not really sure, but I think that it might have to do with several factors. It it requires a bit more server resources to set up a DHE key exchange than it does to set up a straight RSA one. Also, I think that many people making decisions about which cryptos to provide has too much confidence that a secret key will remain secret.
Anyway, if you want to test if your web browser supports Ephemeral Diffie-Hellman key exchange, feel free to visit my cryptography test page that I set up to try this out. If you want to avoid certificate warnings you might want to install the CACert root key in your web browser. It is as least as secure and well maintained as the other root certificates that are already bundled with your web browser or operating system.
Filed under Cryptography | Comment (0)Why cryptography matters
Ever since the the discussion began about the FRA legislation I have thought about the implications of a large, secret organization eavesdropping on Internet communication. After the law was decided upon by our parliament here in Sweden I have researched more and more about encryption systems and techniques as a means to divert the feelings of hopelessness and sadness about the political system and the process that lead to the awful law.
I sometimes say, half jokingly, that my motto is There is no problem that doesn’t have a technical solution. This is of course false, but when it comes to privacy on the internet, technology can be helpful.
For those of you that doesn’t know about FRA and the new law, it is the Swedish equivalent of the NSA and they have traditionally provided the swedish government with military intelligence gathered from intercepted radio traffic. Since the airwaves has become kind of boring to listen to over the years with people using new means of communication, our politicians has come up with a new law that grants the FRA access to all Internet and telephone communication that crosses Sweden’s borders.
Many people has seen the problems with this new situation. FRA is an organization that is impossible to subject to efficient regulatory oversight, and with vast amounts of personal data being collected it is obvious that invasion of privacy can happen and probably will happen on on a massive scale. Why? Because FRA works in secret and their continued existence is conditioned on their ability produce interesting information. So, my theory is that you can pretty much assume that FRA will do the things that are most efficient to get information about criminal or suspicious activity, regardless of wether it invades someone’s privacy or not, and regardless of what the official FRA rhetoric says about the right to privacy.
What is the most efficient information gathering techniques you can use with massive amounts of internet traffic? I believe the answer is by profiling individuals. Find out what websites you visit, find out who you send emails to. Who are your friends on Facebook? If we assume that FRA does not have any limits internally as to what it does with the information it collects, my guess is that all political activity that is considered somewhat extreme will be investigated, and not only the people actually members of suspect policial parties but also their friends, neighbours and relatives. Also, it would lessen the efficiency of the system to discard user profiles that the organization finds no use for, so everything even remotely interesting will be saved and can be revisited if a suspicion arises sometime in the future.
Does this sound scary? Well, I think it is, and that is why I advocate the use of cryptography for all types of communication, as often as possible. The history is full of examples of governments that has gone from good to somewhat abusive to totalitarian and evil. The internet activity that seems innocent now might not be seen as innocent in the future. Done right, the use of cryptography can bring a great deal of protection from eavesdropping to internet users. So, please do.
Filed under Cryptography | Comment (0)