End-to-end encryption is hailed as the solution to end mass surveillance as it is. This approach is certainly better than previous generations of protocols, but it still falls short on two aspects:
1. Random number generators may be weak
ECRYPT II recommendations state that 96-bit keys are secure only until 2020. 256-bit keys on the other hand are secure to the “forseeable future”.
If the encryption keys have low entropy source, they might be predictable. This would mean the adversary is able to try all different combinations of possible keys and decrypt the communication without attacking the algorithm or devices. NSA was revealed to have undermined the Dual EC DRBG. This might indicate NSA has also undermined hardware random number generators; Such an attack has already been proved to be possible against the ones used in Intel processors.
2. End point security still sucks.
For the longest time, the infosec community thought hacking of clients as a targeted attack. The Snowden leaks however, have shed new light into bulk computer network exploitation (CNE).
The Intercept wrote an article about it. Wired wrote another. It has also been discussed in various conferences and speeches by security experts and privacy advocates. Below is a project where I collected statements regarding (bulk) CNE:
What implications does this have against end-to-end encrypted tools? Let’s take current top-of-the-line protocol, Axolotl and it’s implementation, TextSecure. By exploiting the end point and stealing the private keys before the intial key exchange, the HSA is able to peform an undetectable MITM attack against the users:
The window of opportunity for this attack is very small for TextSecure. However, a persistent malware can exfiltrate messages directly from the device. This can be done at any time.
A smartphone is simply not a secure trusted computing base to perform encryption on. The next article will discuss how to secure the end points against exfiltration of keys and plaintexts.
2 thoughts on “Bulk CNE”