1. 程式人生 > >How Public Key Cryptography will continue to liberate a global society

How Public Key Cryptography will continue to liberate a global society

How Public Key Cryptography will continue to liberate a global society

Summary

Public key cryptography is at the heart of the privacy provided by HTTPS and the security of BitCoin wallets. The continued application of public key cryptography to our internet communications will continue to liberate global society. Here’s a look at some current application areas where you should already be using a product and also some areas where we see innovation.

Insidious Information Loss

A growing scourge of the digital age is information loss. We lose information either through a naive attitude towards social media, such as publicly posting personally identifying information on facebook, or through the hacking of organisations that hold our information such as clubs, banks, retailers etc. We have recently seen the hacking of databases held by recruitment organisations, engaged to deliver probity checks for new employees. When one is in the final stages of signing a contract with a new employer, one is unlikely to drop out of the race to protect one’s personal information. I have heard of it happening though — by a senior hire in information security no less, when strong-armed to accept all losses should the probity provider fail to keep that information secure. That perhaps indicates that the insiders appreciate these risks more than the general public.

When society demands we release our personal information to third parties but does not protect us against their loss of it we should question the equity of that arrangement. Eventually, I expect we will see that question asked in the courts. Regardless, there are some strategies we can adopt to improve our privacy.

Reliable Information Protection

Public key Infrastructure (PKI) using strong asymmetric key algorithms which themselves have proven essentially impenetrable despite concerns with new techniques such as quantum computing. For instance the Bitcoin blockchain has billions of USD in value secured by nothing other than these algorithms — the entire blockchain, complete with the associated wallets’ public keys, is publicly viewable.

Should anyone find a way to derive the private keys to those wallets they could presumably use the wallets as their own with impunity, the only governing law being the cryptography itself.

So long as we encrypt our information using the same algorithms and keep safe our private keys we afford ourselves at least as much protection as this multi-billion USD opportunity. Software applications to achieve this are already available, mature and free.

Our Opportunity to Protect Information

If the software to protect our information is already available, what’s stopping everyone from using it to protect themselves? It’s not licence costs. What then? I’d say two things, (i) education on the risks of information loss and (ii) the convenience of using the tooling.

Education on the first front is progressing. Think how far we have come. News of major information loss by large organisations keeps hitting the headlines and the public are becoming more aware of how large organisations sell or otherwise monetise the information they collect on us and there are often stories in the mainstream press on identity theft and the availability of stolen identities on the dark-net. What of the second front?

A Proposition

If one could have all the benefits of increased privacy and protection by always having one’s data encrypted, with practically no downside to convenience, would one? I think everyone would.

Take for instance the history of the HTTPS (HTTP over SSL or TLS) protocol, the encrypted form of HTTP. This was initially developed to facilitate financial transactions online but there is increasingly encouragement to have all websites use HTTPS instead of HTTP and browsers to automatically use the encrypted form. When websites automatically switch to HTTPS there is no inconvenience to the end user other than perhaps seeing the change in the URL window of the browser. Once HTTP is adopted, that session is protected from eavesdropping and tampering. Surveillance will know that communication is taking place but not the content of the communication, only its size and time. Other than that there should be no information loss.

Encryption and Passwords

As stated previously, data encrypted with modern high-quality encryption is essentially considered impenetrable for the foreseeable future. There will always be some residual risk though. Maybe in 50 years time there will be quantum computers and new techniques to derive private keys from public ones. Personally, I don’t believe there will be, but there is a risk which will in time be addressed by the adoption of cryptography algorithms resilient to quantum computing cryptanalysis.

Passwords on the other hand are a known weakness and everything should be done to improve the quality of the passwords and their use. Essentially, if possible, avoid using passwords by adopting other authentication schemes instead. Some schemes now permit authentication by private key rather than a password. When passwords are used, always have a unique, very long passwords for every account. Password managers are the only way I know to achieve this and their encrypted databases can also be used to encrypt, and therefore keep private, other information as well as the passwords, such as private keys.

When to Encrypt?

Data should be encrypted when

  1. it is ‘at rest’ — e.g. stored on a local computer such as a laptop or mobile phone, or stored in the cloud such as dropbox, or stored in a third party’s system.
  2. it is ‘in transit’, i.e. being communicated — e.g. email communications, messaging, etc. This is to prevent snoops from reading messages you had intended to be private communications.
Just because today your communications appear to be protected by access controls, don’t believe they are now or ever will be.

Again, what is crucial here is convenience. Since most of us imagine that 99% of the time these precautions will not be necessary, it is difficult to convince anyone to adopt onerous procedures — better they be as convenient as today using HTTPS instead of HTTP is.

Encryption Tools

So, what reliable and mature tools already exist to achieve this with the maximum convenience? Here’s some I have experienced.

Password Managers

Password Managers hold your database of password for all your systems in an encrypted file. Generally a password or passphrase is used to encrypt the file. I have used the proprietary 1Password across Apple Mac’s iPhones and Windows for many years. An Android client is also available. There are many open-source password managers available as well with similar features.

To encrypt your passwords file (database), choose a long password that can be remembered reliably as you never, ever want to forget it and since you may fall victim to a brute force attack of the file if it is ever stolen, the password needs to be long to help protect against that. Password managers generally have facilities to store things other than passwords such as notes, licence details, bank details etc. Even though they provide structure for all types of information I find I can hold everything I want in either plain text or attached files. Integration with browsers facilitates capturing passwords and using stored passwords. The password manager’s encrypted file can usually be stored on a cloud-shared drive such as dropbox , providing synching across potentially all your devices and systems.

I can’t claim that using a password manager is altogether as transparent and effortless as using HTTPS. It isn’t. Initially I found the transformation irksome but now I’m used to one, I would never go back to not using one. Any extra time taken to learn to use it I gain back by never losing or forgetting passwords anymore. I also get very significant peace-of-mind knowing that being compromised on one system will not affect the others as it is so simple to use long, complex passwords on all systems. My password manager has become the one place I store all confidential information across all the systems I use, making it a tool I use every day. It’s an investment in time but one I think most folk would feel is worthwhile and probably even end up saving time in the long-run.

Data File Encryptors

Having better password management doesn’t encrypt your data at rest or your communications. For that you need encryption tools.

Data at rest may be encrypted with symmetric algorithms, but if you are using public key encryption for the data communicated in email or messaging, it simplifies things to use that same tool for data at rest as well. Using as few tools as possible will surely help improve the efficiency of using encryption.

File-by-File Encryption Approach

Gnu’s PG, an implementation of Pretty Good Privacy (PGP), is a well regarded open-source public key encryption facility. It has facilities for encrypting messages prior to sending, or providing the facility to provide a digital signature to ensure that messages are not tampered in transit, and their authorship cannot be repudiated. On a Mac, Encryption and decryption facilities are available integrated into the Mac’s finder application. While straightforward and it being clear when a file is encrypted, this is far from being transparent or without the cost of administering files. It works, is free and Gun PGP has a good reputation for the quality of its encryption, but it is not the most convenient solution available.

Cloud Services

Cloud Storage, Encryption and management of private keys

If your encryption strategy includes your service provider holding the private keys, that may seem very convenient but it does not provide sufficient assurance for most of us. I don’t think it should provide sufficient assurance for anyone.

You need to be the only holder of your private keys or you are exposed to the very real risk of your service provider being hacked, as is so often the case with cryptocurrency exchanges’ wallets private keys being compromised, and additionally, secret disclosure of private keys to government surveillance agencies. You need to create your private keys on your device. You need to be sure that the software doing that is not transferring those keys elsewhere without your knowledge. That is a more common situation than you might think. I know of situations where cryptocurrency exchanges supplying cryptocurrency to customers, provide them with a supposed “private” key that actually is not private at all and then later raid that account.

So, if a cloud service provider advises that they encrypt data stored on servers, that is really of very little value unless the end user alone holds the private keys.

End-to-end encryption where the end-user alone holds there private key is the case with mega.nz, but that’s rare. If you hold sensitive or confidential information on cloud storage, I advise having your own encryption of that information. This can be on a file, directory or your entire storage service basis.

Automatic Directory Encryption and Cloud Services

Viivo by PKWare was a similar facility to Gnu’s PGP but with more convenient facilities. It was retired on 1st July 2018 but I am pleased still functions even though it is out of support now. It provided a good facility to have selected directories automatically encrypt any files stored within them. It was particularly targeted at encrypting some or all files stored on cloud service providers such as dropbox and iCloud. On a Mac, integration seamlessly kept documents encrypted on disk but decrypted when read into applications. That’s easier than Gnu’s PGP’s approach where users manually encrypt and decrypt each file as part of their workflow.

There are alternatives to Viivo such as boxcryptor with has a similar approach.

Cloud Encryption Workflows Compared

Mega enforces public key encryption for all the files when stored on their servers — they don’t provide an option for storing files unencrypted on their servers. Your files are stored unencrypted on your local drive and then encrypted with your private key when sent to Mega’s cloud storage; Viivo and boxcryptor integrates with many cloud service providers, encrypting the files in-place locally so that when it is synced “in the cloud” it is already encrypted. This might be more cumbersome and has the characteristic of local files being encrypted, which might be what you want. You choose your approach.

Enterprise Class File Encryption

Enterprises have different needs to individuals when it comes to file encryption. They really need a solution that integrates public key encryption with role-based access controls. It needs to work end-to-end — at rest, in transit and in use. It needs to integrate with workflows. Encryption keys (perhaps we can’t call them ‘private’ any more) need to be managed across teams and responsibilities. What to do when employees leave? Re-encrypt with fresh keys? How can a file’s role-based access profile be mapped to an encryption keys management scheme? All encrypted files need to have this encryption status visible to administrators. These are hard problems that I think are hardly ever addressed adequately in enterprises. The only solution I know in this space is PKWare’s SmartCrypt platform.

Social Identity, Web of Trust and Encrypted Communications

Public Key Infrastructure (PKI) includes the challenge of authenticating the identity of the key holder. This is because the creation of a private-public key pair is trivial and without cost.

Just because an actor claims to be a certain person and holds a key pair, are they really that person or an imposter?

Gnu PG uses a web of trust rather than accredited Certificate Authorities (CA) used by website authentication. There are some concerns that web of trust may not be sufficiently reliable if all participants are not diligent enough — consider the problems when we trust an unknown connection request on a social network.

The problem with establishing identity and trusting certificate authorities

When one interact with another party on the open internet, one needs to ensure the identity of that party. That is often achieved via the web of trust or certificate authorities. They are both points of weekness. Certificate Authorities can and indeed have made mistakes that can be exploited.

There is always a challenge of ensuring that the identity of the other party has been correctly established. Successful encryption brings no benefits when identity has been spoofed either via a break down in the trust of Certificate Authorities or via similar with name services such as DNS itself.

Also when one uses a corporate LAN one is generally required to accept that organisations additional certificate authority — their private root certificate. This diminishes the ‘Privacy’ provided by HTTPS. The additional certificates installed facilitates the corporation’s man-in-the-middle (MiTM) intrusion adding the corporation’s, and through information loss potentially other party’s, surveillance of your communications. It additionally facilitates altering your communications if the organisation is so inclined.Where the user accepted the additional Certificate Authority, they should be aware that their privacy is compromised by the network proxy. I personally dislike this practice as it is all too common for those using the corporate LAN with the additional certificates to be aware that all their communications are now visible to the corporation including those over HTTPS.

Keybase — Public Key Encryption, PKI, Chat ++

Using the principle that fewer tools potentially means more efficiency, a file encryption tool with integrated messaging and file encryption should provide more facility more efficiently. This is a part of the concept behind Keybase which also provides a web of trust based on proving ownership to a limited number of social networking accounts, such as facebook, twitter and reddit. It does not encrypt and decrypt local files or integrate with cloud storage providers but it does provide its own cloud storage in a similar way to Mega and provides private, public and team (i.e. collaborators) storage spaces. With its group chat facilities it’s probably more of a competitor to Slack, which doesn’t provide user’s public key encryption unless you use the Shhlack app, or Telegram Secret Chat which provides end-to-end encryption but also no user’s public key encryption. Keybase also includes a rudimentary git repository hosting service, where one can create encrypted repositories. Keybase also includes the convenience and protection of device authentication as well — you need to authenticate every new device you use your account on — that’s a good thing from the perspective of security. My take on Keybase? A modern PGP — an encrypted storage and social chat client.

What I find exciting about Keybase is the concept that they are building a platform based on public key cryptography and PKI (specifically PGP) and then building the “Apps” on that platform — currently, team messaging and file storage. They also have Git and torr integration, but they don’t have to stop there. They could add a password manager and new protocols and services. It’s as if the internet should always have been built on a platform of PKI, but it wasn’t. Now that the demand for privacy and security are ever increasing, this seems to be the right strategy.

The Future of Public Key Cryptography

With the advent of Bitcoin in 2008, public key cryptography, which is key to securing transactions on the blockchain, unleashed a system of revolutionary liberation — a global currency, a global bank available to that half of the world’s population who don’t have access to western banks. A system that is accessible to anybody with a smartphone or a feature phone. That population is growing hugely. Bitcoin’s USD exchange rate has rocked up, it has edged forward in facility also, but the greatest gain has been paving the way for other blockchains using the same, or very similar, technology. Other cryptocurrencies abound yes, but also we now have platform technology for the new protocols to power the decentralised web 3.0. That new web is highly integrated with blockchains that are inherently decentralised in a similar way that Bitcoin is decentralised. The race is now on to create new protocols and new decentralised applications that benefit end-users, preventing the power-hold that the large organisations have had once they won their network effect race leading them to dominate, monopolise and gouge their market. When Youtube and Facebook started out end users where glassy-eyed at the potential of the new technologies with little concern for privacy and individual liberty. Now they are wiser and likely to value the benefits of decentralisation sufficiently to switch to services based on that architecture.

Public Key Tooling for the Decentralised Age?

So what of the personal use of public-key cryptography? Privacy concerns will increase the use of end-user private keys and so those keys will need to be managed, but also holding and using blockchain crypto tokens is an application of public-key cryptography. You need to keep those private keys private and deploy them when required for crypto transactions. Something similar to password managers and file encryption tools will be required to manage this, a form of middleware integration with Web 3.0 protocols and services in the same way that Keybase manages its own application of your private keys, integrating with its own applications and the way 1Password holds all your passwords in the one place and integrates with browsers and more recently other Apps as well. I think we might already have such a service with Essentia. Check it out, it uses decentralised encrypted storage and just might be the future of private key managers for the decentralised age.

Access via password or private key?

Passwords are weak; Private Keys are strong.
We can remember a password; We can’t remember private keys.
If we could remember private keys, and everything used public key cryptography with private keys which we alone held, the whole world would be a lot more secure.

Essentia uses the concept of the user’s (entity’s / account’s) single passphrase to encrypt everything else in the same way as 1Password and Keybase, but that initial passphrase is actually a private key, not a password. There is no account name and traditional account password, only a public-key-cryptography private key realised as a mnemonic phrase, seed, private address etc. The point is that there is not the attack surface of a weak password because they don’t use traditional passwords at all. That might seem a little less user-friendly than traditional systems but real friends don’t encourage you to be vulnerable to losing your things.

Recommendations

  1. Get a quality password manager and commit to learning to use it effectively. Figure out a master password that’s long, easy-to-remember, but difficult for others to guess. Store private keys etc. within the password manager’s encrypted file. Make it your one, single place to keep all passwords. Store the encrypted file on a cloud drive for syncing and backup.
  2. Never trust encryption where you alone do not hold the private keys.
  3. For your sensitive information, store it encrypted, either directly within your password manager, or else using Gnu PG or Keybase, or equivalent products, such as Boxcryptor.
  4. Back up everything that is critical, even it is held within a cloud service provider and remember encryption does not protect you from ransomware further encrypting your files, so have a comprehensive backup solution for critical data.
  5. If you are a corporation requiring encryption consider PKWare’s SmartCyrpt.
  6. If you are looking for a solution for managing your blockchain wallets and accounts, take a look at essentia.
  7. For private messaging consider Keybase. I think it is worth effort of adoption and is growing into a great platform.