The Lines Drawn ... Encryption Could Be The Battlefield of the Future
Introduction
The battle lines are starting to be drawn on the usage of encrypted messaging applications, with the UK possibly set to go the same way as China and South Korea and banning encrypted messaging.
While WhatsApp has been getting much of the press in the UK, it is Telegram which is currently the focus of attention in East Asia. Overall Telegram integrates into mobile phone applications using API calls, and converts messages in a binary stream. It then uses cryptography to encrypt the communications before sending it over the network using a range of methods (Figure 1), including for Web communications (HTTP or HTTPS) or network communications (TCP and UDP).
Its approach is not to use the traditional methods of creating a secure tunnel (such as with HTTPS), and which uses digital certificates to pass a public key. This makes the application difficult to detect, and thus to block, especially that it does not use the handshaking process that is typical when creating a secure connection over the Internet.
As shown in Figure 1, there is no direct connection between the devices involved in the messaging, and the message is encrypted at its source, and so that insecure communications tunnels can be used. Users can thus just find a port which is open on a firewall, and then send the message through that port. A client connection is created from either side, as firewalls normally analyse the SYN connection packet, and block it, so that a connection cannot be created.
Telegram works by providing a secure messaging infrastructure for mobile phone Apps (Figure 2), and where the App integrates with Telegram to deliver a secure message between the apps. Encrypted the data at its core overcomes many of the weakness in using secure tunnels on the Internet (which can be blocked). For example, VPN connections using IPSec are blocked, by the firewall blocking UDP port 500.
Figure 1: Telegram architecture
Figure 2: API Calls for App
DDoS on Telegram
Telegram has seen a large number of adoptions for its service since Park Geun-Hye (the South Korean President) announced that users could be prosecuted for insulting or generally rumour-mongering messages, including through private message systems. In the past two weeks alone, Telegram's service has seen a three-fold increase in sign-ups.
Since Friday, the Asia Pacific server cluster for Telegram has been under a massive DDoS attack and which has caused a slow-down for users in South East Asia, Oceania, Australia and India. Speeds up to 200Gbps have been measured, and uses the Tsunami SYN flood. This attack is difficult to stop as it uses infected servers as the host of the attack, and which are distributed in many different Cloud infrastructures, including with the Amazon EC2 Cloud (Figure 3). It is thought that 95% of users can still maintain their access to the service, and that the 5% of users are concentrated in East Asia.
Two possible sources are either government agents or through competitors trying to bring down Telegram's network. At present, Telegram is blocked in China, but some traffic is still being generated from the county. It is also seen as "anti-Government" by the authorities, and where human rights lawyers, who used the service, were arrested on Friday. The state media in China has since defined that the lawyers and activists were part of a major criminal gang. The lawyers arrested include Wang Yu and Zhou Shifeng.
Figure 3: Distributed Denial of Service (DDoS)
DRIPA
Theresa May, the UK Home Secretary, will publish the new Data Retention and Investigatory Powers Act (DRIPA) in Autumn, with a view for it to be passed in the New Year. It builds on a previous proposal - the Communications Data Bill - which was rejected in 2012. In the previous bill, service providers were required to store logs of the sender, receiver and time of on-line accesses for up to 12 months. The new bill adds many other things such as social media messages, Web mail, voice calls, emails and phone calls. The ability, though, to collect this information has been called into question, as many of the communications, such as for Web mail, are secured with end-to-end encryption, so that only the end source can view the communications.For example, with Gmail, all of the communications encrypted through a secure tunnel, and the service providers cannot determine the details of the emails, just that the user connects to Gmail.
In the bill, the police and law enforcement agencies could access the information without a warrant, as long as they were investigating a crime or something which related to national security, or could obtain a warrant from the Home Secretary.
The dilemma is that end providers for services, such as for messaging applications, that use end-to-end encryption would have to hand-over their communications, or face being banned. Of particular focus is WhatsApp, who use strong encryption with an encryption key stored on the device, and could face being banned in the UK.
While messaging applications are in the firing line, the major Cloud providers for email, such as Google and Microsoft Live have resisted the Patriot Act in the US at every turn, and are extremely unlikely to hand-over emails for their customers, without some resistance. At present Facebook, which owns WhatsApp, complies with 75% of all requests from the UK Government on handing-over data.
Conclusions
The tensions on encrypted messaging are starting to bubble to the surface. If a country blocks it, and the service runs outside their borders, they can have little control over it, as it is extremely difficult to block the encrypted content, as it just looks like normal traffic with random data.
The Telegram APIs use a range of methods to connect (including a direct network connection) and do not fix themselves to standard network ports than can be blocked by firewalls. So, unless the whole world blocks encrypted messaging, ithe usage of encrypted messaging will be difficult to stop it. The only way to detect its presence is to monitor the servers which the mobile devices connect to, and then aim to block the connection to these servers. The messaging services have a range of methods to overcome this problem too.
Firewalls normally examine the ports that are used to connect and then into the content of the message. If the message is encrypted at its core, the contents of the packets cannot be interpreted, so the firewall cannot determine the service which is being used. Each device uses a client connection to the messaging service, thus the firewall struggles to detect an incoming request for a connection, as it will be the client which dials out.
When this that is for sure, Cyber Space is the battlefield of the future, with many differing agendas using it as a place to make their point. The tension around encrypted messaging is only just beginning, and only time will tell where it will end up. One thing that is sure, it that the genie is out of the bottle, and it won't go back in without a fight.
Many technologists and cryptographers cannot see how it will be possible to ban encrypted messaging in the UK and the scope of it. The only feasible solution is to pick off certain applications like WhatsApp, and ban its usage. This still opens many questions as new applications could easily replace its operation.
Also individuals could use proxy systems to perform the encrypted messaging. To complete ban encryption would force the UK back into the 1980s, where non-protected protocols were used, and would be impossible to implement and police, while leaving businesses and users completely open to hackers.
Crazy scenarios also exist, such as will a Caeser code be banned?
Senior Digital Exchange Engineer - Integration and Enablement
9yThe government will be offering ROT26 as an encryption standard.