Lessons in REAL Encryption
Apple’s Tim Cook versus the FBI is surely the top trending story line in the cyber-security market. The first lesson is the near brilliant PR spin being put forth by Apple. The international press coverage is making it seem that Apple is fighting the good fight and that the iPhone is so safe and secure even the FBI can’t break it (and needs Apple’s help now!). This scenario exposes a major problem with cyber-security and that the supply chain never really tells the whole story.
Apple is not built on an open source model and we are led to believe by them that it is secure. Apple has repeatedly told this story to governments and users alike around the world and it has resulted in huge sales of their market leading product. It is certainly not in their best interest to show the world, even if in the name of of fighting terrorism, that they can provide the “hack” to crack it wide open in just a matter of days. If they can break it then what says the hackers wont stop until they find the same path? Then what happens?
The Past Provides Guidance
Back in the day I was involved in the development of software to manage self-encrypting hard drives. This was an at the time market-leading technology where the encryption of the data was done by the drive controller. This software helped initialize and setup the user’s password. The most important question we always asked the engineers was “can you break into the system you have just built?”.
Data at rest is when the system is discovered turned off and is locked (like an iPhone recovered from a crime scene). There are always two discussions when it comes to breaking in to access that data. First is “can you break the system when in use if you infiltrate the setup or during unlock (for example the password was captured/seen when it was being entered”. The second is “can you recover the system after it is locked?”.
Two Scenarios to Consider
Should Apple help to defend the nation if they can? In an ideal world Apple would be happy to have their engineers “help” the FBI all without forcing their hand via the courts. Instead Apple has bent to the marketing challenges that result if their engineers can indeed unlock the phone. If their engineers unlock the phone we fast gain a better understanding of how real the claims are from Apple that “the iPhone is SAFE”. While Apple fighting this makes for great headlines and online debate it may come down to them being forced by the courts. If this phone gets unlocked it proves that there is indeed a weakness in the Apple design that needs to be fixed immediately. This is not much different than the Snapchat claims that the messages go away but really did not which resulted in action from the FTC.
Should Apple build solutions even their engineers can’t break? The answer to this is YES. It is the responsibility of market leading product companies to build great products with valid claims. The technologies exist for Apple to build truly secure phones (and not just marketing spin.).
Data at rest is a simple challenge in a mobile device. Locking of a phone should be so strong that even the Apple engineers can not break it. In the end this comes down to a political issue. Should citizens have the right to bear military grade technology to protect their rights to privacy and even right to peaceful assembly? There should not be a back door for the government or even for Apple. The back door is installed by the owner of the device to either manage or maintain their access. Corporate Mobile Device Management is a sanctioned back door. Raise the quality of protection and clearly articulate the risks for the buyer of the device.
Security needs to be REAL!
The future designs of these systems needs to reach the point where even the engineers “can’t break” the solution. The SED drives are a good example. The engineers who built trusted drive management software built a solution where if an individual user configured their drive there was absolutely no way to recover if the password was unknown. This is a solution that is present on millions of PCs today. It may be possible to re-flash drive software and disable the locking mechanisms but the encryption keys would be destroyed. Any recovery without hardware modification would be next to impossible. The claim has always been that SED drives cannot be broken by software/malware and that the hardware is tamper resistant. Physically attacking a single chip to break the keys may be possible but would destroy the drive in the process and take a near prohibitive amount of time and resources. This is what a customer needs to understand when they protect their data with an SED drive.
It is still early in this debate
The changes in devices and how we communicate around the world are changing the network. The result is that the ability to LISTEN is going away…perhaps within a decade if not sooner. This shift is driven by the move to mobile and IoT where the devices connect to services based on identity and the network simply provides transport. This switch away from the network being smart to the network being just transport will not be comfortable. We will have to find new ways for electronic surveillance and control. It is in our best interest as citizens to constrain government and industries right to listen and watch all the time but we will ultimately need a balance to provide the security and protection we hope for.