Slashdot Mirror
UK Voice Crypto Standard Built For Key Escrow, Mass Surveillance (benthamsgaze.org)
Trailrunner7 writes: The U.K. government's standard for encrypted voice communications, which already is in use in intelligence and other sectors and could be mandated for use in critical infrastructure applications, is set up to enable easy key escrow, according to new research. The standard is known as Secure Chorus, which implements an encryption protocol called MIKEY-SAKKE. The protocol was designed by GCHQ, the U.K.'s signals intelligence agency, the equivalent in many ways to the National Security Agency in the United States. MIKEY-SAKKE is designed for voice and video encryption specifically, and is an extension of the MIKEY (Multimedia Internet Keying) protocol, which supports the use of EDH (Ephemeral Diffie Hellman) for key exchange.
"MIKEY supports EDH but MIKEY-SAKKE works in a way much closer to email encryption. The initiator of a call generates key material, uses SAKKE to encrypt it to the other communication partner (responder), and sends this message to the responder during the set-up of the call. However, SAKKE does not require that the initiator discover the responder's public key because it uses identity-based encryption (IBE)," Dr. Steven Murdoch of University College London's Department of Computer Science, wrote in a new analysis of the security of the Secure Chorus standard. "By design there is always a third party who generates and distributes the private keys for all users. This third party therefore always has the ability to decrypt conversations which are encrypted using these private keys," Murdoch said by email. He added that the design of Secure Chorus "is not an accident."
"MIKEY supports EDH but MIKEY-SAKKE works in a way much closer to email encryption. The initiator of a call generates key material, uses SAKKE to encrypt it to the other communication partner (responder), and sends this message to the responder during the set-up of the call. However, SAKKE does not require that the initiator discover the responder's public key because it uses identity-based encryption (IBE)," Dr. Steven Murdoch of University College London's Department of Computer Science, wrote in a new analysis of the security of the Secure Chorus standard. "By design there is always a third party who generates and distributes the private keys for all users. This third party therefore always has the ability to decrypt conversations which are encrypted using these private keys," Murdoch said by email. He added that the design of Secure Chorus "is not an accident."
This may be reading too much into the whole thing. IBE by design (there's no way to avoid this) relies on a third party to do the keygen for you. This isn't some evil key-escrow conspiracy, it's just the way IBE works. Academic cryptographers have had a hard-on for IBE for years, conveniently ignoring the fact that it has key escrow built in (I've had some pretty weird conversations with some of them over this, "it's not key escrow, lalalalalala, it's not key escrow").
The cited paper isn't necessarily an evil government key escrow paper, it's just another in a long string of "isn't IBE wonderful, it will solve all our problems" papers. I've seen the same thing come from academics at universities (over and over again, IBE is just so cool), the only thing that makes this one stand out is that it was published by someone with government affiliations so it's possible to turn it into an evil conspiracy.
The only redeeming feature of IBE is that it's so obviously academic wank that the industry has stayed away in droves. There have been a few experimental-status drafts put forward from the academics for inclusion in standards, but they've been largely ignored.