Resultados 1 a 3 de 3
  1. #1
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010

    [EN] Insecure by design: protocols for encrypted phone calls

  2. #2
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010

    GCHQ Developed Encryption Software 'Has Backdoor'

    Tom Jowitt, January 22, 2016

    Do we believe them? GCHQ denies software it developed to encrypt VoIP calls has a backdoor

    A security researcher has claimed there is a backdoor that will allow undetectable mass surveillance in a piece of software written by GGHQ used to encrypt Voice Over Internet Protocol (VoIP) calls.

    The claims of a backdoor were made by Dr Steven Murdoch, a Principal Research Fellow at University College London’s Information Security Research Group, in a blog post.

    At the moment, the protocol is designed for use by the British government. But it is open source, so the concern is that it could be adopted by commercial entities.

    Backdoor Claim

    The MIKEY-SAKKE (Multimedia Internet KEYing-Sakai-KasaharaKey Encryption) protocol allows for a master decryption key to be held by a service provider, according to Murdoch.

    “MIKEY-SAKKE is the security protocol behind the Secure Chorus voice (and also video) encryption standard, commissioned and designed by GCHQ through their information security arm, CESG,” he wrote.

    According to Dr Murdoch, the advantage of MIKEY-SAKKE is that it doesn’t use digital certificates. Rather it uses identity-based encryption for key exchange. But this means private keys for users are generated by network providers with a master private key.

    And herein lies the problem. These master private keys are valid indefinitely, and make the crypto algorithm vulnerable to silent interception and future decryption, the researcher warned.

    “The existence of a master private key that can decrypt all calls past and present without detection, on a computer permanently available, creates a huge security risk, and an irresistible target for attackers,” he wrote.

    “We do not recognise the claims made in this paper,” a spokesman for GCHQ told the BBC.

    Expert Comment

    “It’s interesting that GCHQ has developed its own VoIP encryption protocol, although like any form of technology, ‘key escrow’ is not inherently evil,” commented Justin Harvey, chief security officer at Fidelis Cybersecurity.

    “The UK Government is currently advocating backdoors in encryption products that can supposedly only be used by law enforcement to enable them to read secure messages, such as text messages, emails and internet traffic,” said Harvey.

    “The Government should come to the realisation that the inclusion of backdoors in encryption isn’t merely a legislative or privacy mandate, however, it is technically impossible to control the use of a backdoor in this way,” he said.

    “I liken the pro-backdoor encryption movement to complaints about the weather; some people complain about rain, snow or sunshine and wish it were otherwise, but in the end, we can’t do anything about it,” he said. “The same is true for strong encryption.”

    Encryption Battle

    Encryption remains a very touchy subject at the moment. Leading technology companies and privacy campaigners have consistently opposed efforts to weaken encryption systems.

    Last June a number of leading technology companies including Google, Apple, IBM, Microsoft and Facebook wrote a strongly-worded open letter to President Obama, calling for him to respect the privacy rights of consumers by not weakening encryption systems.

    Prime Minister David Cameron has previously said that he wanted British intelligence agencies to be able to monitor the encrypted communications of terror suspects.

    GCHQ have announced that they will only certify voice encryption products through their Commercial Product Assurance (CPA) security evaluation scheme if the product implements MIKEY-SAKKE and Secure Chorus. As a result, MIKEY-SAKKE has a monopoly over the vast majority of classified UK government voice communication and so companies developing secure voice communication systems must implement it in order to gain access to this market. GCHQ can also set requirements of what products are used in the public sector and as well as for companies operating critical national infrastructure.

  3. #3
    WHT-BR Top Member
    Data de Ingresso
    Dec 2010

    Secure Messaging Scorecard | Electronic Frontier Foundation

    Which apps and tools actually keep your messages safe?

Permissões de Postagem

  • Você não pode iniciar novos tópicos
  • Você não pode enviar respostas
  • Você não pode enviar anexos
  • Você não pode editar suas mensagens