Proof A Government Crypto Backdoor Is A Really Bad Idea
It was really only a matter of time. As the FBI (but interestingly NOT the CIA or NSA) keeps pressing for a crypto backdoor – or whatever they would prefer to call it to make it seem more palatable – and security experts keep saying this is a really, REALLY bad idea, the universe decided this week that it was time to explain why it is such a bad idea.
In this case, it didn’t even involve a back door but rather a challenge in keeping secrets secret. Keeping secrets secret is really what a crypto backdoor is all about. What the government would like is a secret key that only they would have that would allow them to unlock any crypto that they wanted unlocked.
Ignore for the moment the warrant issue – that is to say, can we trust the government to only use that key when they should use it – but instead focus on whether the government – which seems to have trouble keeping anything important secret – can keep something as sensitive as that secret. FOREVER! If the secret key is compromised 10 years for now, then anything protected with that key in the previous ten years would be exposed. And that assumes that somehow you could change the key going forward INSTANTLY in a couple of billion users systems so that new data would be safe. Not likely to be possible.
OK. So what happened?
For the last few years something called UEFI or Unified Extensible Firmware Interface allows software vendors to better protect the software that is loaded into our computers. Using the UEFI spec, vendors can make sure that the software that is loaded when we boot our computers hasn’t been changed since it left the factory.
They do that with encryption and, as is usually the case, this requires something that is secret. In this case, a secret key. Anyone who has that secret key can sign any piece of software that they want and the UEFI boot process will say that the software is valid and secure, even though it is not.
As a result, that key has to be kept really, really secure.
Only one problem. Microsoft kind of blew it.
Without going into the technical details (if you are interested in that, click on the link for the source article and you will get those details), Microsoft let some “policies” loose in the wild that allows anyone who has access to them to bypass this cryptographically secure booting process for Windows computers. Technically, this isn’t a “golden skeleton key” problem, but rather something related to it,
When the researchers contacted Microsoft in March, Microsoft, apparently, declined to do anything about it.
In July, after Microsoft decided that letting the golden skeleton key out of the bag, so to speak, they released a patch, MS16-094, which adds these policies that were accidentally exposed to a “revocation list” that is checked during boot. The revocation list is there just in case something like this happens.
It turns out that really doesn’t solve the entire problem, only part of it. So this month Microsoft released patch MS16-100 to revoke more stuff, but, apparently, that doesn’t really solve the problem either.
So, we are told, Microsoft is going to release yet a third patch next month to try and get the genie back in the bottle.
Remember, all this time that Microsoft is trying to rebottle the genie, our systems are exposed.
According to sources, someone is scheduled to release a tool next week that will bypass this month’s patch and allow hacked code to be loaded.
This article is not really about Microsoft’s blunder. While it is bad, it is not horrible and for most people, they don’t really care.
What the article is about is the challenge of keeping something that is really, really important secret for a really, really long time. The reality is that it is not possible to do. To be fair, if you put the secret in a vault in Fort Knox and never opened that vault, then your odds of keeping the secret are much better. But in this case, the secret will be used to unlock thousands or millions of data objects over the years, so the Fort Knox analogy won’t work.
If the government decides to go along with this, besides the fact that enforcing it against companies that make software and who are not located in the United States is going to be a tad bit difficult, I predict a breach will occur within the first couple of years that will make the Target, Home Depot, Anthem and OPM breaches look like no big deal. Just sayin’.
Information for this post came from The Register.