Better Cyber Security Problematic, Says US Financial Industry: Power Struggle Over Encryption

A decision to keep third party listeners out of communications on the internet taken by the Internet Engineering Task Force (IETF) at their recent meeting in London elicited an alarmist message from the US financial industry. The premier internet standardisation body would provide “privacy for crooks,” and practically prohibit “bank security guards from patrolling and checking particular rooms” online, BITS, the technology division of the Financial Services Roundtable, argued in a press release last week. Has standardisation gone rogue?

At the heart of the debate lies a protocol that secures traffic streams on their way through the internet, called Transport Layer Security (TLS). Being an old-timer already, the protocol allows a server and a client, for example the browser of an internet user and the web server of its favourite destination, to negotiate keys to encrypt the packets. To ensure that the web server is who he tells you he is an authentication mechanism is provided, using certificates or alternative proof. Once authenticity is proven and keys agreed upon, the content of the packets is eclipsed from the view of observers on the net stream.

The world was fine before the IETF started to overhaul the existing TLS 1.2 standard, driven not the least by Edward Snowden’s revelations.

Superior Security: TLS 1.3

For the new version of TLS, TLS 1.3, engineers tightened up some loose ends of the protocol. They excluded older crypto standards. Some were known to have weaknesses for years already. Also, the math behind existing, so-called RSA key generation, was attractively simple, but with longer keys for better security being necessary, key management became more onerous and capacity eating. The answer was new algorithms and new ciphers based on the mathematical complicated, but less burdensome elliptic curve cryptography. A combination of authentication and key exchange also allowed the speeding up of the process to open the actual data stream.

Another major change was to move information from the packet header into the encrypted body. This helps to prevent manipulations, for example, of the list of crypto-standards the client tells the server he supports. A man in the middle manipulating this list can make the server use a less secure crypto mechanism.

On 20 March, the Internet Engineering Steering Group (IESG) gave the green light to the new version to be shipped to the RFC editor, allowing for publication of the new standard in just a few weeks from now.

Inspection Impossible

Celebrated by many security experts, the features of the new TLS1.3 bring considerable changes and cause considerable anxiety in some parts of the operating community, namely the financial sector in the US.

The new cipher suites of TLS1.3 prevent, according to Russ Housley, former IETF chair and consultant technologist for the financial service providers, “the use of current enterprise network monitoring tools such as intrusion detection systems (IDS) and application monitoring systems.” These systems had relied on the current protocol for passive decryption and monitoring their intranet TLS connections, the space “between endpoints under the enterprise’s control.”

Here BITS Director Andrew Kennedy comes in. “The capability to inspect encrypted custodial data has been available for nearly a quarter of a century and serves to protect customers and enterprises against data breach from phishing attacks, advanced persistent threats, and insider threat, and to expedite the diagnosis and resolution of critical network anomalies,” Kennedy wrote in his flame message.

Enterprises could still make use of a system of TLS proxies, the opponents argue, decrypting connections inside their data centre for inspection before sending the traffic on to the PCs of their employees. But another feature of TLS 1.3, the “emaciation” of the packet header – meta data about what service is used for example – makes it more difficult for the data centre guardians to choose from all the traffic. Peeking into the traffic will therefore be much more costly, as everything has to be decrypted and encrypted once more to be sent on to the final destination. “It will cost millions,” Housley said.

Not Favouring Pervasive Encryption: State Agencies

The financial services sector and its representatives got stout support from law enforcement. The British National Cyber Security Centre (NCSC) stepped up its engagement during the London IETF meeting, and voted (“hummed”) loudly in favour of a proposal presented by Housely that would keep an inspection key solution for enterprises, allowing to break the end-to-end-security envisaged.

NCSC, which is a part of the British surveillance authority, the General Communications Headquarters (GCHQ), in a statement before the IETF had laid out its reasoning on TLS 1.3. The agency argued that the new protocol does add more robust security for individuals against pervasive monitoring, but that “we appear to be in the weird position where well-designed, well-intentioned crypto will have a downside for cyber security.”

“Absolute secrecy” and “absolute privacy”, which technology in general rushed to provide, is “not a value we would uphold,” said Sujit Raman, associate deputy attorney general at the US Department of Justice, during the Global Privacy Summit in Washington, DC last month. The panel with Raman and another Justice Department representative illustrated the ongoing power struggle over encryption.

Raman called on the industry to keep access to increasingly encrypted communication for law enforcement. “We don’t in any way want to hurt cyber security,” he said. “We are intent for the providers to come up with their own solutions.” The government does not want the keys and contrary to countries like the UK, others like Australia and China currently have no respective plans. “But we want to ensure that we have access to the information in the same way as we had in the past,” he said.

[Update: While legislative steps have not yet been taken, four indictments against a provider of encrypted communications for drug dealers were announced recently by the DOJ, clearly illustrating the battle over encryption.]

Defining Cyber Security?

Despite Housley’s conciliatory proposal to allow for an explicitly opt-in traffic inspection mechanisms – a proposal from last year had not offered such transparency – there was no consensus in the meeting of the TLS 1.3 Working Group (WG) at the IETF. After the WG decided against his “visibility” proposal, Housley noted that the financial industry could seek standardisation at another standards body, for example the European Telecommunications Standards Institute (ETSI).

The engineers voting against the extra key for the data centre operators clearly felt that such a mechanism would weaken security for users on the net, be it for banking, health or other more or less private data travelling through networks all the time. While Housley and his customers underlined the decryption they had in mind should be happening in the data centre, once in the world the additional keys would easily fall into the hands of all kinds of attackers, too.

Ted Hardie, chair of the Internet Architecture Board (IAB), warned that the number of actors that will receive the keying information under such a model, to break into the secure connection might not be the administrators in the data centre, and might not be limited to one.

“There are a fair number of state actors who might require that particular operators share such information within their territories, and in that case that key information might go to them for later analysis,” he said. That very pervasive monitoring had, incidentally, been the trigger for hardening TLS in the first place.

Perhaps, Hannes Tschofenig, another long-time IETF engineer and former IAB member said, there is a need to engage in a more serious discussion over internet security: How is it affected by the growing farms of security middle boxes – “which sometimes increases the attack vector,” said Tschofenig.  And what government hacking into secure systems meant for security is a question, too.

 

Image Credits: Monika Ermert