The MIKEY-SAKKE encryption protocol being promoted by the UK government is their official encryption standard for voice; one that they plan to build a portfolio of products and solutions around.
The problem is, it has a massive security flaw. The built-in backdoor is designed with undetectable mass-surveillance in mind and based on mandatory key-escrow. Putting the keys under the mat is not the basis for a secure system.
The UK government’s official voice encryption protocol, around which it is hoping to build an ecosystem of products, has a massive backdoor that would enable the security services to intercept and listen to all past and present calls, a researcher has discovered.
Dr Steven Murdoch of University College London has posted an extensive blog post digging into the MIKEY-SAKKE spec in which he concludes that it has been specifically designed to “allow undetectable and unauditable mass surveillance.”
He notes that in the “vast majority of cases” the protocol would be “actively harmful for security.”
Murdoch uses the EFF’s scorecard as a way of measuring the security of MIKEY-SAKKE, and concludes that it only manages to meet one of the four key elements for protocol design, namely that it provides end-to-end encryption.
|EDH with IBE||YES||PARTIAL||NO||YES|
However, due to the way that the system creates and shares encryption keys, the design would enable a telecom provider to insert themselves as a man-in-the-middle without users at either end being aware. The system would also allow a third party to unencrypt past and future conversations. And it does not allow for people to be anonymous or to verify the identity of the person they are talking to.
In other words, it would be the perfect model for the security services, who can apply pressure to a telecom company and then carry out complete surveillance on an unidentified individual.
MIKEY-SAKKE is unusual in that unlike most secure messaging and phone systems, it makes no effort at all to protect the identity of the people communicating with one another, providing easy-to-access maps of metadata.
That metadata can be used to specifically identify individuals and then, using the backdoor, access all their calls past and present. In other words, it is the perfect spying system.
Murdoch highlights in his post a number of occasions in which the UK security services have successfully compromised mobile phone networks – instances that were revealed by Edward Snowden – and notes that this is likely only the tip of the iceberg.
Senetas High-Assurance Encryption Comments
An essential component of so-called “unbreakable” encryption is that the encryption keys themselves should not be accessible to anyone but the owners of the encrypted data.
True to the saying: “Never leave the keys under the mat”, the same advice applies to voice and data encryption. When encryption keys are exposed to access by unauthorised parties, the solution is greatly weakened. It is no longer a robust security solution. Because the robust encryption solution is also providing true end-to-end encryption security, there is no weak point.
Governments’ continued calls for encryption “back doors” is a contentious issue. The main problem is, you cannot hope to control access to encryption back doors – they would be as accessible to the bad guys as the good. If back doors are mandated, who would provide the oversight necessary to ensure there is no abuse of power?
Weakening robust encryption is simply counter-intuitive. The small gains made from undetectable surveillance would be significantly outweighed by the potential impact on today’s digital economy.