Crypto Wars 2.0: Let the Trolling Commence (and don’t trust your phone)

That was a nice bit of trolling. A rough timeline: (1) Apple and later, Google announce modest improvements to a security building block of their respective mobile device platforms, device encryption. (2) Government officials in the US publicly complain how this would obstruct law enforcement and request means to access encrypted device data. (3) The usual suspects are all up in arms and reiterate their arguments why crypto backdoors are a bad idea.

What is wrong with this debate, apart from it being a rerun? First, encryption is not as secure as claimed. Second, encryption is not as important as assumed.

Device encryption is just one small security building block. It protects data stored on the device against access without the encryption key if the adversary encounters the device in the turned-off state. Attacks against encryption typically go for the keys. As we were just reminded, police can compel suspects to hand over their fingerprints and unlock a device. Some countries have key disclosure laws.

Against running devices there are further attack options. If any key material is held in RAM, it can be extracted, at least in principle, with a cold boot attack. Whether Apple’s Secure Enclave design does anything to protect against such attacks remains unclear. As we’ve learned with Microsoft’s encryption scheme, Bitlocker, even hardware-supported encryption can leave a number of loopholes (Trust 2009 paper).

Encryption has its limitations. It protects data subject to several conditions. In particular, the adversary must be unable to obtain the key or subvert the execution environment. While plug-and-play forensics would be more convenient for law enforcement, there are ways around device encryption.

Mobile platforms extend beyond the individual device. Not only do devices communicate liberally with other devices and with Internet services, they also depend on the platform operator. Apple and Google run appstores and supply software updates. Whatever the software of a device can or cannot do may change at any time.

Encryption protects files against access bypassing the operating system, not against access from within. Protection against rogue users or applications is a matter of authentication and access control — software making decisions, software that can be modified. While this channel entails some tampering-with-evidence problems for law enforcement, it seems technically quite feasible to use it.

Encrypted equals secure only from a microscopic perspective. I have advocated before to pay more attention to systemic and macroscopic aspects, and the crypto wars 2.0 debate illustrates nicely how a too narrow focus on a single security mechanism skews our debate. Encryption matters, but not as much as we allow them to make us believe it would.


About Sven Türpe

Sven Türpe is a computer scientist. His current research focus is on security engineering methods, techniques, and tools. All opinions expressed in this blog are his own.

One thought on “Crypto Wars 2.0: Let the Trolling Commence (and don’t trust your phone)

Comments are closed.