Control of Cryptography in an Age of Complexity

Let’s learn about some specific techniques for controlling the use of cryptography in the current age.

We'll cover the following

The Snowden revelations
Changes to the cryptographic environment

This section will look at the problem of controlling the use of cryptography in the modern era. We’ll argue that in some ways, it’s both easier and harder for a government to undermine the protection offered by cryptography than it was in the past. While the approaches discussed remain relevant, we’ll see that the complexity of the modern era introduces new issues.

The Snowden revelations

At the start of the 21st century, it seemed that the arguments for the free use of strong cryptography had prevailed over attempts to control the use of cryptography. If there ever really had been any ‘Crypto Wars’, then in some sense, they had been ‘won’ by the clear benefits of making cryptography available to everyone to protect their data as they best saw fit.

The Snowden revelations of 2013 showed that quite the opposite was true. Rather than open battle, the Crypto Wars had moved underground. The use of cryptography was being at least partially controlled through a whole raft of approaches which all, by and large, arose from the new complexity of the environments within which cryptography was being deployed.

The extent to which cryptography was being undermined was extraordinary. However, there was very little information in the leaked documents, that surprised cryptographic experts. Before 2013, if such an expert had been asked to imagine the various ways in which a cryptosystem could be undermined, most of the leaked methods would probably have been identified. What was astonishing was that almost all of these tactics were being deployed.

We won’t attempt to catalog in any detail the various Snowden revelations concerning cryptography for several reasons:

Many are unconfirmed allegations, and establishing the facts is difficult (although specific programs and their functions have been identified and cross-checked by journalists).
In many cases, the precise details of the methods being used are unclear.
There’s little evidence of how effective the various approaches have been.
Information about the Snowden revelations is widely available from other sources.

What we will do is take a slight step back and look at the bigger picture, focusing on how the complexity of our current use of cryptography creates opportunities to deploy techniques aimed at undermining cryptography’s effectiveness.

Changes to the cryptographic environment

It’s worth recalling the basic model of a cryptosystem. This model relates to a sender converting plaintext into ciphertext and transmitting it to a receiver. The main adversary this model addresses is one who intercepts the ciphertext after it has been encrypted. This model captures the basic idea behind encryption, but there are two significant assumptions that the model relies upon:

The decryption key must be held securely by both sender and receiver and is not available to any attacker.
The plaintext is kept safe from an attacker both before encryption and after decryption.

We’ll now consider how the strength of these assumptions has changed over time.

The world that was

The basic model of a cryptosystem is intended to be conceptual, but it’s also a very reasonable model of the type of environment in which cryptography is deployed. To see this, it is worth considering how a commercial organization might have used cryptography in the 1970s. We’ll imagine the organization as a bank, but it’s important to recognize that the example is fictitious and serves only as an illustration.

Suppose the manager of Bank Alice wants to send important communication to the manager of Bank Bob. This message is important enough that it has been decided to protect it using encryption.

We first consider the security of the decryption key. Since all cryptography at this time was symmetric, we are also discussing the security of the encryption key. The key will reside close to the devices performing the encryption and decryption. For both banks, these will be hardware devices connected to computers. These computers will be large and almost certainly housed in dedicated computer rooms.

The rooms will have physical access control, and the devices will be staffed by skilled operators, who may well be the only people in the banks who know how to use them. These operators are probably the only people with access to the key. The key will have been established by some carefully managed process, possibly involving manual couriers. (We assume that Bank Alice and Bank Bob have a dedicated connection—if they do not, they might have to connect through a trusted switching center, which introduces a different location at which the key might be known.)

We now consider who might have access to the plaintext. The message to be sent was first conceived in the head of the manager of Bank Alice. She possibly wrote it down or maybe dictated it to a secretary. The paper containing the message was possibly then transported to the computer room by a messenger, who handed it to the computer operator. This piece of paper may well have then been destroyed or perhaps filed in a locked cabinet. A very similar process can be imagined for the reception of the message at Bank Bob. The ciphertext would have been decrypted in the computer room, printed off, and manually delivered to the bank manager.

How strong are our two assumptions in this environment? Some might argue this is an insecure environment because these assumptions require the banks to trust several people. In particular, the computer operators in our example have access to both the decryption key and the plaintext. However, there are two features of this scenario that suggest this is a very secure environment:

Simplicity: This is a very simple environment to understand. We know precisely where the keys lie in the system. Furthermore, the flow of information in this model is straightforward. There are several points in the process in which the plaintext could leak, but they are easily identifiable.
Accountability: Most of the points of vulnerability in this environment relate to people. However, they are few, and all are likely to be employed by the organizations involved. If the secret message were to leak, all the suspects could easily be named and held to account.

The point is that even if the security of this scenario isn’t perfect, it’s possible to identify and manage the limited points of vulnerability.

The world that is

Contrast this historical example with the type of environment within which we use cryptography today. We saw earlier that modern applications of cryptography are many and varied. This in itself is a significant change to the use of cryptography compared to the 1970s. Several broad issues illustrate how much more complex the use of cryptography is today.

Complexity of computing platforms: The devices on which cryptography is deployed are much more complex than computers were in the 1970s. Back then, computers were fairly primitive and had limited functionality. It was simpler to understand how they worked, and where data existed and was processed within them. Today’s computers are diverse, extremely sophisticated, and support multiple applications. Information entered into a modern device can exist in many different memory locations. This is partially exacerbated by the fact that, unlike in the 1970s, users of these devices are not expected to understand how they work. This functionality is provided to aid use (for example, cookies, caches, etc.). It’s probably fair to say that few people fully understand all the inner workings of a modern computer.
Portability and mobility: Back in the 1970s, the computers on which cryptography was deployed were large and housed in special protected facilities. Many modern devices supporting cryptography are portable and mobile. We can no longer rely on strong physical protection of the device itself to partially support the protection of plaintext and keys. Keys in particular often reside on highly portable and potentially vulnerable storage devices such as USB tokens or SIM cards.
Complexity of supply chains: There were few suppliers of computing equipment back in the 1970s. Those that did manufacture computers supplied most of the components themselves. When there were other suppliers involved, these components were limited in number since the devices themselves were primitive compared to today. Modern computers are assembled from components that are sourced from many different suppliers. Even more, suppliers are involved in creating the software and applications run on modern computers. This means that it is often impossible to identify all the organizations (and people) who potentially have access to the elements of a modern device.
Complexity of networks: There were relatively few computers around in the 1970s, and thus the networks connecting them were simple and well understood. Modern networks are varied and highly complex. Information from one device potentially passes through a range of different intermediaries as it travels from source to destination, most of which the network users have little awareness of. Unlike those of the 1970s, modern networks also support the connection of ‘strangers,’ so it’s common for one device to connect with a destination it has little trust in or understanding of. This creates the potential for remote exploitation of networks since an attacker doesn’t need physical penetration to interact with a network.

Consequences of the changing environment

Consider now how these changes to the environment within which cryptography is used might affect attempts to control the use of cryptography.

Back in the 1970s, the simplicity of the environment made it relatively easy to control the use of cryptography. From a governmental perspective, restrictive strategies such as backdoors and limiting key lengths were viable. From a user’s perspective, the simplicity of the environment made it relatively easy to understand the risks associated with using cryptography. At that time, it was, broadly speaking, possible to determine where plaintexts and keys were located during any encryption process. Indeed, the cryptography dilemma was almost entirely addressed by controlling the cryptographic strength of the device on which encryption was being performed.

We noted that restrictive strategies are less effective at controlling the use of cryptography today. The widespread and varied modern use of cryptography therefore presents significant challenges to any government that wants to address the cryptography dilemma (as well as possibly fuelling a desire to do so). However, the complexity of today’s cryptographic environment also creates many opportunities to undermine cryptography that did not exist in the past.

While straightforward (blanket) approaches are harder, a rich range of tailored techniques could be applied to obtain plaintext and keys from the many different elements that need to interact in order to support a modern application of cryptography.

Get hands-on with 1200+ tech skills courses.

Introduction

Basic Principles

Historical Cryptosystems

Theoretical versus Practical Security

Symmetric Encryption

Public-Key Encryption

Data Integrity

Digital Signature Schemes

Entity Authentication

Cryptographic Protocols

Key Management

Public-Key Management

Cryptographic Applications

Cryptography for Personal Devices

Control of Cryptography

Mathematics Appendix

Closing Remarks