Post-Snowden cryptography and network security

Math is your friend – security and cryptography experts told the more or less paranoid users after former NSA contract employee Edward Snowden revealed the intelligence services' mass surveillance programmes. The Post-Snowden Cryptography conference organised by cryptography experts Tanja Lange and Daniel J. Bernstein at the Technical University of Eindhoven last week pondered over repairing or replacing core parts of the net, the morale of cryptography and the nihilism of the surveilled society.

There are a lot of holes in the networks, Kenny Paterson, Professor at the Information Security Group, Royal Holloway, University of London, described the status quo. “We need to plug all holes, those in network security, in crypto and also those in law.” The sheer multitude of issues that needs mending served as a welcome excuse for different groups who were quick in passing the buck around. 

As an example, Paterson pointed to discussions between those technical experts developing the standards for the domain name system (DNS) and those working on a new version for transport layer security (TLS) which hides website content traveling through the network. Websites fetched via https (instead of http) are protected with TLS. Deciding for a watertight, yet more complicated TLS version, while the DNS would remain chatty about the very “secrets” hidden by TLS, is like closing a mouse hole in a barn without walls on three sides. 

Advances in cryptography

Yet Paterson reported some success in closing loopholes in crypto standards in post-Snowden times. Reiterated successful attacks by cryptographers (including Paterson) against Rivest Cipher 4 (RC4), a stream cipher suite used for TLS finally had resulted in big internet players finally moving away from it. By now use of the RC4 had not only dropped to 7 percent for TLS connections worldwide (compared to still 50 percent in 2013, one year after the publication of the attack). There is also a proposed standard document deprecating it as a standard.

Also organisationally some things have changed with the Internet Engineering Task Force (IETF) moving away from the National Institute of Standards and Technology (NIST) as its source for crypto standards. NIST had been found to allow the NSA intervening in its crypto selection and standardisation process, thereby allowing for example a  random number generator to become not so random any more. The standards body since started to have algorithms for its standards selected by the Crypto Forum (CFRG) of the IETF's academic sister body Internet Research Task Force. Curve 25519 created by the Brussel conference's co-chair Dan Bernstein has been selected as one of the first non-NIST standards to be used for TLS. 

NIST, privacy and security expert Susan Landau noted, meanwhile has decided for a reform of its own processes to stem compromises. Under the new regime NIST was not allowed to put things  into a specification without a written and public comment from somebody, Landau noted. The book author at the same time argued for an attempt to win people in law enforcement and intelligence agencies for better security instead of “demonising” them. “If we pull these guys on our side, we win,” Landau said with regard to the renewed political debates about the danger of unbreakable crypto. 

Unbreakable encryption here to stay

The crypto conference reflected on the rising calls from politicians and law enforcement agencies that strong cryptography would help “terrorists” in the first place. Privacy researcher and activist Chris Soghoian, from the American Civil Liberties Union (ACLU), pointed to pressures from law enforcement agencies against companies to not deploy technologies that made communication more secure. 

Despite the trickling down of hacking technology from the rich spies to the poor local law enforcement level, it is local law enforcement which would go dark with technologies such as Signal for secure messaging on the Iphone or WhatsApp. And it is local law enforcement, Soghoian warned, that is calling for the backdoors in crypto, and the NSA providing for it. 

“Unbreakable crypto is here to stay,” Paterson said, “it has been invented and we cannot un-invent it.” With a hint at the situation in the United Kingdom, the researcher also pointed out that a ban could result in a break-down of a rather important economy. “Financial institutions would move out,” he said. 

Crypto researchers in post-Snowden times also have to reconsider their work, Paterson pointed out quoting Phillip Rogaway, a cryptography professor at the University of California. Rogaway has engaged in “a community-wide effort to develop more effective means to resist mass surveillance” and in a paper, he pleaded  did “for a reinvention of our disciplinary culture to attend not only to puzzles and math, but, also, to the societal implications of our work.” 

The small fixes approach

Like Paterson there are still those academics who consider upping security in existing protocols is the best option for now. Proposals presented at the post-Snowden conference included a privacy preserving presence protocol, DP5 (Dagstuhl Privacy Preserving Presence Protocol). Instead of trusting an application provider with one's list of buddies - a rather valuable piece of metadata, such lists could be kept locally and presence be established by enhanced private information retrieval (PIR). The server side of the protocol is ready to be used, yet people are still to deploy from the client side, Ian Goldberg, Associate Professor at the University of Waterloo, explained. 

Another jump in the cat-and-mouse game between the users of the Tor browser and their hunters was introduced by Claudia Diaz from the University of Leuven who explained how to blur the website “fingerprints” collected and used by attackers to check on where Tor users were going on the web. Adaptive padding was the way to go, according to Diaz. The option would add bits to the stream of packets to make it look like a generic traffic stream. 

The radical approach

There are also those who think the internet is pretty broken and needs more radical solutions. “We know that almost all software breaks under attack,” said Jon Solworth from the University of Chicago. For many years Solworth, together with colleagues, has been working on a new operating system. Ethos, academics say, would be simpler and more secure. Combined with Qubes, yet another new operating system, Ethos could now be tested, as Qubes via virtualisation would allow it to run side by side with other software. 

It was not easy to develop, combine and deploy systems developed from scratch, said Christian Grothoff, leader of the Décentralisé research team at Inria in Rennes. Grothoff presented GNUnet as an alternative to the network you know. All of the GNUnet parts (from communication, to voting or payment) cry decentralised, peer-to-peer and anonymity. 

Will surveillance become so much of an integral part of the internet that only such radical solutions will help to get protection against Big Brother? Grothoff certainly thinks we are past that point already.