The 'Crypto Genie' Won't Go Back In the Bottle

Attempts to legislate backdoors into encryption systems add little value to anti-terrorist efforts and undermine efforts to keep the Internet safe for consumers and e-business, and to protect corporate privacy.

In the aftermath of the 11 September terrorist attacks, there have been renewed calls for encryption technology controls, particularly in the United States. Although there has been no public disclosure of encrypted communications by the terrorists who carried out the attacks, we can assume that somewhere in the vast terrorist network, authorities will find a strongly encrypted disk or e-mail message. This scenario has led the FBI to ask for a "software key" allowing it to decrypt encrypted messages in the event of an emergency. In addition, New Hampshire Senator Judd Gregg is proposing amendments to an anti-terrorism bill calling for a ``back door'' in encryption products to allow law enforcement and intelligence agencies easier ways to decrypt messages and files suspected of containing information critical to investigations or the national interest.

These calls are not new. Throughout the 1990s, police and intelligence agencies called for steps to weaken U.S.-manufactured cryptographic products intended for export through back doors or mandatory key escrow routines. Strong cryptographic products were classified as "munitions" under export laws to regulate their distribution. No restrictions existed on domestically used encryption. Although some restrictions remain in place, particularly for export of encryption products to nations suspected of sponsoring terrorism, the regulations were gradually eased in recognition that they were not effective in stopping malicious use of cryptography, but instead crippled the U.S. software industry, enabled international sources of strong cryptographic products to flourish, and weakened protection for transactions in e-commerce and e-business.

Strong encryption has long been available to threat agents from non-U.S. sources, and some has been available as freeware from Internet bulletin boards. Terrorists and criminals are not inclined to use weakened encryption and would not agree to escrow their keys in any case. The battle for strong encryption has been well-documented in books, articles, symposia presentations and the like. Increasingly stronger cryptography has been built into Web browsers supporting Secure Sockets Layer to protect Internet transactions and also into virtual private networking products. These products enableindividuals and businesses to safely expand their use of the Internet while protecting financial, corporate and personal information. If restrictive legislation were to be put in place now, the security of business-to-consumer and business-to-business transactions would be weakened by a much greater factor than any benefit that would result from easing the monitoring of terrorists and criminals.

There are two overriding principles in security design: 1) The overall level of security is only as good as the lowest common denominator, as attackers will always find the weakest link; and 2) complexity is the enemy of security. Any means of implementing a back door into crypto systems that law enforcement or intelligence agencies could exploit violates both of these prime directives. If the "good guys" can exploit a back door, so can the "bad guys." Worse yet, any back door or key escrow scheme gives an attacker more places to attack, as the knowledge of how to open the back door or obtain the escrowed keys allows an additional avenue of attack. Any back door or escrow scheme also introduces several layers of processing requirements and adds complexity, especially to graft such capabilities onto existing standards such as SSL, IPSec for virtual private networks (VPNs) or S/MIME for secure e-mail. The history of software in the Internet age has shown that as products get more complex, the number of security vulnerabilities skyrockets, as does the testing time required to find security holes. Any back door or escrow scheme will result in a weakened cryptographic system. Because the use of any security technology (such as seat belts or anti-lock brakes) has been proven to lead to riskier behavior by users (by driving faster), the use of weak encryption leads to the worst of both worlds: riskier behavior with reduced protection.

Does this mean that civilized societies are doomed to allow terrorists and criminals to communicate using unbreakable technologies? No, it means that the intelligence community will need to increase its investment in people, technologies and techniques to break what today are considered unbreakable codes. There is a long history of code breakers finding weaknesses in encryption systems and algorithms, aided by conventional intelligence information, supercomputing capabilities and innovative breakthroughs. Without knowing the key, encrypted files are broken by brute-force attacks — by trying every number in the key space until the right combination is found. It has been speculated that advances in factoring, or the ability to detect repetitions in a vast amount of ciphertext as clues to the prime numbers used to encrypt, may lead to easier cryptoanalysis. However, most mathematicians familiar with the subject are not optimistic. Rather, advances in the esoteric area of quantum computing, with machines operating in the petaflop and exaflop range, and based on the performance of individual atoms, may prove more fruitful. Work being done by the National Security Agency, the Defense Advanced Research Projects Agency, academic institutions and Hewlett-Packard has already demonstrated the potential of these machines to search keyspace very rapidly to decipher strongly encrypted messages.

What About Corporate Key Recovery or Escrow?

Enterprises could suffer data loss from the use of encryption with no key recovery and management mechanisms in place, as from a security breach. For example, data can be inaccessible when employees leave the company, suffer an untimely accident or lose their keys; managers seek to inspect the files and e-mail of an employee under suspicion; or an enterprise needs to provide stored e-mail or encrypted documents for a court case or to comply with industry regulations. However, managing spare copies of encryption keys used for every encrypted communication or encrypted file is burdensome and adds significant complexity to systems. Digital signature keys should never be backed up, and sessions keys for link encryption and other types of transmissions do not need recoverability, as the data is generally available before and after entering the pipeline. Most mature public-key infrastructure products have facilities for recovering private keys under management approved and vendor suggested procedures.

Well-intended legislation to fight terrorism by weakening encryption systems will have unintended consequences that will more likely make malicious attacks on government and commercial communications easier. Gartner recommends that investments and resources be dedicated to making law enforcement and intelligence capabilities stronger rather than making security technologies weaker.

This research is part of a set of related research pieces. See AV-14-7221 for an overview.