It is no secret that the British government has surveillance firmly on its priorities list. The proposed Snoopers Charter has at its heart hugely invasive legislation that would give UK authorities the legal right to put just about anybody under surveillance for just about any reason imaginable – all in the name of national security.
In the US, a similar perspective is often behind the spy agencies animosity towards companies like Apple, which offer consumers strong encryption right out of the box. The NSA’s impression, being that it is sacrilegious for technology firms not to have to leave backdoors in encryption for the intelligence agencies to exploit – should they need to during ongoing investigations.
Now, the British government has attempted to solve that niggling problem by designing a voice encryption protocol that plays right into the hands of its draft investigatory powers bill, by giving GCHQ (the UK’s surveillance agency) a master key to everyone’s encrypted conversations.
This latest revelation comes via research conducted at University College in London, where a security expert has discovered an enormous security flaw in the government designed MIKEY-SAKKE protocol. Steven Murdoch, lead researcher, found the backdoor while working in the University’s Information Security Research Group, where he inspected the encryption protocol developed by the UK’s Communications-Electronics Security Group (CESG) the information security department of GCHQ.
During that research, Murdoch discovered that MIKEY-SAKKE (Multimedia Internet KEYing-Sakai-KasaharaKey Encryption) has a backdoor left in it by design that would allow GCHQ (and anyone else with access to the master encryption key) to perform mass surveillance on everyone that uses it. Problematic because backdoors are a security flaw that run the risk of being accessed by your enemies as well as your chosen friends.
In his detailed blog post on the discovery, entitled ‘Insecure by design: protocols for encrypted phone calls’, Murdoch lays out his concerns about the new protocol – which the British government was hoping to build into a whole range of products. By using the Electronic Frontier Foundation’s (EFF) scorecard system as a recognised benchmark from which to test the British designed protocol, Murdoch ascertained that it passes only one of four of the EFF’s criteria. Specifically that it provides end to end encryption. Other than that, the security expert could find no way of accrediting MIKEY-SAKKE with any positive security features, concluding instead that the protocol was designed to ‘allow undetectable and un-auditable mass surveillance.’
‘This is presented as a feature rather than a bug, with the motivating case in the GCHQ documentation being to allow companies to listen to their employees calls when investigating misconduct, such as in the financial industry,’ continues Murdoch in his startling (but unsurprising) blog.
One of the main problems with CESG’s protocol is that it specifically allows a Telecom provider to perform a man-in-the-middle attack without the knowledge of either of the contacts involved. This, Murdoch explains, is achieved via a master key that allows any of the individual encryption keys unique to a conversation to be unencrypted,
‘The existence of a master private key that can decrypt all calls past and present without detection, on a computer permanently available, creates a huge security risk, and an irresistible target for attackers.’
Also of concern, is the fact that the protocol does not allow either for anonymity or for callers to verify that they are communicating with the correct contact.
What Murdoch has uncovered, is that MIKEY-SAKKE is a total security fail. On the other hand, it is perfect for implementing the Snoopers Charter by forcing Telecom companies to be complicit in helping GCHQ to access any conversation that it desires. Considering that this technology was created at GCHQ, however, it is completely unsurprising that the government endorsed encryption protocol leaves key-escrow in the hands of the intelligence agency by design – a laughably obvious outcome that we all saw coming.
Alarmingly, GCHQ has already started pushing the flawed encryption at technology companies in the form of Secure Chorus: a product spec that it is encouraging commercial companies to adopt and that it is marketing to the technology sector as ‘government-grade security.’ At least now, you know what to avoid with a giant barge pole.