Taking a more tangible view of encryption backdoors

US Attorney General William Barr gave a speech Tuesday morning in which he approached the topic of what he called “warrant-proof” encryption. His argument revives discussion about establishing encryption that can be broken or bypassed by law enforcement. Overall, the security community responded with the level of condemnation one might expect. However, looking through the various reactions, opportunity exists to make those arguments more compelling. More can be done convincing the voting public that this is an important issue.

Headshot of William Barr
Photo courtesy of The United States Department of Justice

Many of the responses to Barr’s speech echo previous statements about weakening encryption. They often focus on idealistic privacy concepts or ethereal encryption principles. Unfortunately, those arguments are easily countered with discussion of practicality over security ideals. Indeed, Barr brought out some of those points in his speech. Some cited policy and corruption concerns. They described worst case scenarios where law enforcement would abuse the capability. However, on the whole society still trusts in law enforcement and sees these abuse cases as fringe activities.

Even security pros don’t get it

Security and privacy professionals seem to struggle making compelling arguments on this topic. I myself struggled in a conversation earlier this year with a former member of the CIA. While I could talk about idealistic views, violations of fundamental encryption concepts, etc. I never felt I overcame the counter arguments. It ended as an agree to disagree situation. Furthermore, security professionals actually advocating that backdoors in encryption are not a big deal exemplify the need for a better argument. At least in my opinion.

So I searched my mind for ways we could re-frame the discussion. How can the security community create discussion focused on tangible risks? After all, in theory, weighing the risks ultimately drives decision making. If risk to the public outweighs the risk of not being able to decrypt potential evidence, then we can shape public opinion and in turn the policy making decisions by our politicians.

Centralized key storage and master keys

First we need to understand a fundamental concept of how encryption protects us. Current asymmetric encryption derives a level of security from the distributed storage of the private keys and the 1-to-1 relationship of public and private keys. The owner of the key pair is the only person who has access to the private key. One or multiple private keys impacts only a fraction of the public, from a global perspective. Replacing a small number of affected keys restores security.

Unfortunately, implementation of a backdoor would likely require either a centralized repository of private keys or a single master key. Either way, compromise of that repository or the master key would impact vast numbers of key pairs. The global impact would be tremendous. Compromise of a master key or private key repository would put millions of key pairs at risk.

Exploitation of attacks becomes trivial

Second, and building off this knowledge, the attack vectors against encryption would change. In current implementations, the distribution of private keys and the singular relationship of key pairs makes attacking the keys themselves a high effort, low reward approach. As a result, attackers focus on attacking the implementation of the encryption architecture itself. Weaknesses in encryption algorithms can be very difficult to discover. Even once discovered, executing padding oracle, side-chain, etc. attacks consumes a lot of time and effort for each key pair encountered.

With a backdoor, the attack vector shifts. Attackers could focus all attention on the back door itself. Suddenly, cracking a single repository or key would be a high-reward approach. If attackers find a flaw in the implementation of the back door or worse expose a master key or repository of private keys, exploitation of millions of key pairs would now require only nominal effort.

The door lock metaphor

When explaining this to non-security people, I’ve had success using the door lock analogy. Right now every door in the world has only one key that can open it and those keys are stored separately with their owners around the globe. Attackers aren’t going to try to find as many keys as they can and steal them. It would take a long time and have little reward. However, a master key or key repository allows attackers to focus their attacks on a single location. A successful attack gains them access to millions of doors all at once.

Additionally, as a result of the distribution of keys, attackers have to focus on cracking the lock itself. Even when we know a type of lock can be picked, each one has to be picked individually. That is a time and effort consuming process. If a back door is created, once the master key is stolen or repository is exposed, opening any lock in the world would be as easy as walking up and putting a key in.

As you see, none of this requires fringe case abuse by law enforcement to put the public at risk. The increased public risk extends directly from violation of core encryption concepts but links to quantifiable changes in risk to the public. This is the kind of argument we need to make. Ultimately, establishing a backdoor for encryption collapses two of the primary pillars that provide strength in our current encryption technologies. And that, is a big deal!