RSA: Panel calls NSA access to encryption keys a bad idea
Speaking at RSA 2015's Cryptographer's panel, Whitfield Diffie, who pioneered public-key encryption, says key escrow schemes where government could gain access to encrypted data works mainly to the benefit of government. "They want you to be secure but not against them," he says.
+ Follow Network World's show coverage +
Ron Rivest, an MIT professor and the R in RSA encryption, says key escrow has problems in that it opens many parties to messages that are encrypted for passage across public networks, not just the U.S. government. Other governments would take advantage of it, too, destroying any real hope of privacy. "This is going to be a house of many doors and many parties and it's just not going to work," Rivest says.
Ron Rivest
Key escrow would give the government, under legal rules, the right to access keys from third parties. The idea came up in a different form in the 1990s with the Clipper Chip that would be used by telecom operators to encrypt voice calls, but had a built-in back door.
The NSA has called key escrow a front-door to information it needs to defend the U.S. against terrorists, trying to put a different spin on the idea than is conjured up by the more sinister-sounding back door.
Adi Shamir, a member of the crypto panel who teaches at the Weizmann Institute in Israel and is the S in RSA, says the front-door designation is just semantics. "There's no difference between a back door and a front door. The NSA will just turn your house around," he says.
And multiple agencies within the federal government will have the right to use the same subpoena power to get the keys to crack encrypted data. He says he sees no privacy advantage to taking the secret key and splitting it among many parties who can make use of it separately.
Diffie says crypto systems ought to be made strong enough for the NSA to crack without any help if it needs to but only with great effort - so much work that it can only afford to crack important select traffic, not decrypt everything wholesale. "They can get at individual things but can't do it at scale," he says.
Diffie says if key escrow came into effect, people seeking privacy would encrypt it before it was re-encrypted to cross carrier networks. In that case, if the keys were used on the traffic, they would reveal an encrypted message for which the NSA would not have the key. Diffie says in that case, the government might make such pre-encryption a separate crime.
Ed DiGiorgio, a panelist who has worked both as the NSA's chief of encryption and as its chief encryption breaker, says that this issue keeps coming up and is likely to keep coming up because the NSA and other government agencies believe it is necessary to break all encryption for the purpose of investigating criminals and terrorists.
The panel weighed in on other security issues including chip and PIN technology that embeds a security chip on credit cards to encrypt card data that is shared with merchants at the time of sale. It's used in Europe and Canada and is set to become the standard in the U.S. in October.
Rivest noted that along with chip and PIN, the liability for making up card-holder losses in case of a breach falls to merchants rather than the banks that issue the cards. That makes merchants responsible for implementing best cryptographic practices. That model might be a good one to apply in other areas where losses can be traced to entities that don't follow best practices, he says.
Shamir says chip-and-PIN technology will make credit-card transactions more secure but won't make credit card theft go away, it will just make criminals adapt and attack elsewhere. DiGiorgio agreed. "There will be new attacks and they will come up with them very quickly."
The issue came to the forefront last year when major breaches of credit card information from retailers cropped up over and over. Diffie dismissed chip-and-PIN adoption by U.S. credit card firms as something with "nice visibility they can do in a year of embarrassment."
The group says ransomware poses problems for victims because they can't decrypt their hard drives after attackers have broken in and encrypted them. (Read: Ransomware: Pay it or fight it)
Rivest noted that the criminals behind popular ransomware use the RSA crypto system he helped invent to lock victims out of their computers unless they pay up. He says cryptography is double-edged and can be used for good or bad, and he feels bad about RSA being used in ransomware. "I feel like a mother whose son has been brainwashed and is off to become a jihadist in Syria."
Shamir said ransomware could spread beyond just PCs as the Internet of Things becomes more pervasive. If someone's smart TV is ransomed, "Would you pay someone in Moldavia to get the service back" he asks.
He says the security community has "failed miserably" in preparing end users for recognizing spear phishing, which is the most common method ransomware criminals use to attack PCs. He imagined an automated system that analyzed a person's past 1,000 emails and used that analysis to create a test spear-phishing attempt that would help users be more wary.
DiGiorgio says that even if the current extortion model is defeated by backing up data so compromised machines can be reimaged, criminals will have gained access to all the data on the machine from which they will cull something that will present extortion opportunities.