UK government promotes crypto protocol for VoIP with backdoor
The British government, together with experts from the GCHQ intelligence services, is proposing to adopt a new standard for cryptographically protected voice communications - a protocol called MIKEY-SAKKE. This protocol is supposed to increase the security of VoIP and telephone communications by encrypting traffic. But experts draw attention to the specific features of the protocol that make it vulnerable in its architecture.
MIKEY-SAKKE is an encryption system based on personal data (ID-based system), which necessarily requires a trusted key distribution center. Therefore, the key deposit is essentially built in and there is no perfect forward secrecy. “The only reasonable explanation for designing a protocol with such properties is third-party wiretapping,” says Bruce Schneier.
The general principle of operation of MIKEY-SAKKE is shown in the diagram.
')
Other experts agree with Bruce Schneier. In their opinion, the architecture of the MIKEY-SAKKE system was initially developed with an eye to inconspicuous and untraceable mass surveillance. "This may be a requirement for exceptional cases, such as the transfer of sensitive information between government departments," writes security expert Steven Murdoch. “However, in the absolute majority of cases, the properties of MIKEY-SAKKE actively harm security. They create a single point of failure, requiring tremendous efforts, skills and costs to ensure its safety, such resources are beyond the capabilities of most companies. ”
Stephen Murdoch notes that now there are better technologies for encrypting voice communications. Comparison of different protocols, see the table.
“In general, developers of protocols and systems should evaluate the ethical implications of their actions in terms of political and governmental structures, which will naturally follow after their use,” said Murdoch. “MIKEY-SAKKE is the latest example that raises questions about the policies of many countries, including the UK, which places responsibility on the security services to protect companies and individuals from espionage, creating a conflict of interest.”
It should also be noted that before this, the GCHQ intelligence service rejected the more secure MIKEY-IBAKE protocol, because it did not allow unobtrusive listening of communications.
MIKEY-SAKKE is an encryption system based on personal data (ID-based system), which necessarily requires a trusted key distribution center. Therefore, the key deposit is essentially built in and there is no perfect forward secrecy. “The only reasonable explanation for designing a protocol with such properties is third-party wiretapping,” says Bruce Schneier.
The general principle of operation of MIKEY-SAKKE is shown in the diagram.
')
Other experts agree with Bruce Schneier. In their opinion, the architecture of the MIKEY-SAKKE system was initially developed with an eye to inconspicuous and untraceable mass surveillance. "This may be a requirement for exceptional cases, such as the transfer of sensitive information between government departments," writes security expert Steven Murdoch. “However, in the absolute majority of cases, the properties of MIKEY-SAKKE actively harm security. They create a single point of failure, requiring tremendous efforts, skills and costs to ensure its safety, such resources are beyond the capabilities of most companies. ”
Stephen Murdoch notes that now there are better technologies for encrypting voice communications. Comparison of different protocols, see the table.
“In general, developers of protocols and systems should evaluate the ethical implications of their actions in terms of political and governmental structures, which will naturally follow after their use,” said Murdoch. “MIKEY-SAKKE is the latest example that raises questions about the policies of many countries, including the UK, which places responsibility on the security services to protect companies and individuals from espionage, creating a conflict of interest.”
It should also be noted that before this, the GCHQ intelligence service rejected the more secure MIKEY-IBAKE protocol, because it did not allow unobtrusive listening of communications.
Source: https://habr.com/ru/post/275835/
All Articles