The Fallacy of Controlling Encryption

David Cameron has announced that he intends to try to prevent encryption in the interests of protecting Britons from terrorism. It seems to me that he has not thought this through. In less than 10 minutes I came up with at least one plausible method to not only provide encryption, but to provide it in such a way that David’s spooks can’t detect that you are using it. At least they can’t be sure that you are using it from watching  your traffic.

What Cameron is Apparently Saying

Cameron is apparently saying that he is going to require that all commercial services provide back doors into their services to allow the government to snoop on your traffic. And presumably he would make it illegal to employ other software to communicate. He would need to introduce penalties for using Open Source software to communicate using encryption that does not have a known back door.

For the sake of brevity later, let’s call these new laws “Anti-Encryption” laws. These laws apparently will have to

  1. Put back-doors into all commercial services accessible inside the country,
  2. Discard all encrypted traffic entering or leaving the country with an Anti-Encryption law that had a source not known in advance to the spooks of the country. If we can’t tap the bad guys, we need to make it impossible for them to communicate. Just capturing their traffic is not enough.
  3. Log all such discarded traffic from inside the country with its source so that the sender can be charged with circumventing the Anti-Encryption law and make the penalties high enough that basically no one will break this law. If you send gibberish, we will break down your door and throw you in jail, because you are the bad guy.

This would require back doors in many commonly used software packages including:  All PGP [Pretty Good Privacy email plugins and programs] and all it’s variants, all virtual private networks software  [VPNs] including the Open Source versions used by many companies to allow secure remote access by their employees working at home [except those at Yahoo who must all appear in person already.], and all screen sharing, remote control and conferencing software such as LogMeIn, TeamViewer and GoToAssist.

Well, of course, this will only allow the spooks to snoop on the “Good Guys” or Bad Guys that are so inept that they can be easily duped into falling into a honey trap. Let us start by assuming that the real bad guys are smart enough to know that they will need to not use publicly available communication services because Cameron has very publicly announced that they are being tapped.

So what will the smart bad guys use? And what will those of us who are good guys use who just don’t want to be snooped by Cameron and his Spooks, probably because we don’ t believe for a moment that his protestations about Warrants will be true?

Properties of Un-Snoopable Encrypted Communications

Clearly Encrypted communications looks like gibberish and has headers that say SSL/TLS and so forth.  So if you want to avoid detection, you need to look like normal communication. There is a solution to this problem and it’s called Steganography. Steganography is the mathematics of hiding things in other things. The simplest example is to hide a text message in a photograph. But the mathematics can be used to hide anything in anything. Let’s define the “Host Data Stream” as the carrier data stream and the “Client Data Stream” as the message to be hidden. The key  [no pun intended] requirements are as follows:

  1. The addition of the client stream does not change the host stream in such a way that software that does not know about the client stream will fail to process it normally.
  2. The client stream can be recovered from the host stream without any errors being introduced.
  3. The host stream can be corrupted in minor ways by the addition of the client stream. The client stream can appear as unwanted noise or encoding artifacts in the host stream.
  4. The addition of the client stream to the host stream cannot be proven to be in the host stream unless you have the recovery key. This property achieves “plausible deniability” which is the property which completely blows. Cameron’s assumption.

Plausible Deniability

Number 4 is a very important property of this type of Un-Snoopable Encryption. It means that the users of the new technology cannot be charged with circumventing the anti-encryption law based in snooping the host stream alone. Possibly one might be charged by finding the crypto software on your machine, but it must not be possible to just watch the host stream and know you are communicating securely. At least not without a very large amount of work – Computer CPU cycles.

This is probably not as hard as it might sound.

If the client stream does not start in a standard place with a standard header, like TLS, it’s more difficult to detect, but the receiving computer is very fast these days so a complicated search for the stream and based on knowing the public key pair in advance will inform the search.

One will certainly start with a design that uses Public Key encryption for authentication – you have to know you are talking to the right bad guy and not a good guy acting like a bad guy. And the public key encryption will almost certainly wrap a symmetric cypher key to encrypt the rest of the client stream. The symmetric key will change frequently. And for any two way communication methods, Perfect Forward Secrecy will be employed so that captured messages will be useless. Although for messages left in posted videos this may not be practical since in that case the idea is to be able to decrypt the content long after the conversation has ended.

I admit that this is only an outline for a design, but it certainly sounds plausible. And tweaking the encoding of a video to add apparently random encoding artifacts in just the right places to encode the client stream sounds entirely reasonable.

Basically the challenge would be to do something like encode a client stream of a possibly frame rate reduced quarter size video with mono sound in a host stream of an HD video with stereo or higher sound in such a way that there is plausible deniability that the client stream exists and the client stream cannot be recovered unless a public key of sender and private key of receiver is available.

How Much Compute Power Does the NSA Have?

Any such law anywhere in the world would cause the software described to appear in a matter of months. Cameron has no way to control that just as the Video Studios have no way to control the ripping software for DVDs and BluRay disks. In fact, the making of this speech may have started various folks on the trail of making the software, just as the Snowden disclosures have caused major changes in data traffic among the parts of Google and the creation of many of the software features that Cameron so decries.

It seems clear that if large amounts of such traffic – images, video streams and voice streams – with such embedded traffic were to appear on the network all with 2048 or 4096 public key encryption, the NSA computers would be very busy decoding all images and video streams looking for such information.

It seems clear the recoding a video, such as may be done by YouTube when you upload the video, would probably destroy the embedded client stream, so some sources would not work for transferring these streams.

It also seems clear that David Cameron did not talk with this experts and Blechley Park – or where ever they now work – before he made these pronouncements about the future of terrorism protection in Britain. It would seem that the spooks in Britain, and I would guess the NSA as well, are both shouting “Shut Up! Will You?” to this video as it plays for them the first time.

– ww