Lessons in REAL Encryption
Apple’s Tim Cook versus the FBI is surely the top trending storyline in the cyber-security market. The first lesson is the near brilliant PR spin initiated by Apple. The international press coverage is making it seem that Apple is fighting the good fight and that the iPhone is so secure that the FBI can’t even break into it (and needs Apple’s help now!). This scenario exposes a major problem with cyber-security; the fact that the supply chain never really tells the whole story.
Apple is not built on an open source model and we are led to believe that it is secure. Apple has repeatedly told this story to governments and users around the world and it has resulted in huge sales of their market-leading product. It is certainly not in their best interest to show the world—even in the name of fighting terrorism—that they can provide the “hack” to crack it wide open in just a matter of days. If Apple can break it, then who’s to say the hackers won’t find the same path?
The Past Provides Guidance
Back in the day, I was involved in the development of software to manage self-encrypting hard drives. This was an at the time market-leading technology where the encryption of the data was done by the drive controller. This software helped initialize and set up the user’s password. The most important question we always asked the engineers was “can you break into the system you have just built?”.
Data at rest is when the system is found to be turned off and is locked (like an iPhone recovered from a crime scene). There are always two discussions about breaking in to access this data. First, is “can you break the system during the unlock process or if you infiltrate the setup (for example the password was captured/seen when it was being entered”. The second is “can you recover the system after it is locked?”.
Two Scenarios to Consider
Should Apple help defend the nation if they can? In an ideal world, Apple would be happy to have their engineers “help” the FBI without forcing their hand via the courts. Instead, Apple has bent to the marketing challenges that result if their engineers can indeed unlock the phone. If their engineers unlock the phone we will gain a better understanding of how real the Apple’s claims are that “the iPhone is SAFE”. While Apple fighting this makes for great headlines and online debate, it may come down to them being forced by the courts. If this phone gets unlocked it proves that there is indeed a weakness in the Apple design, this must be fixed immediately. This is not much different than the Snapchat claims that the messages that “go away” really did not, which resulted in action from the FTC.
Should Apple build solutions even their engineers can’t break? The answer to this is YES. It is the responsibility of market-leading product companies to build great products with valid claims. The technologies exist for Apple to build truly secure phones (and not just marketing spin.).
Data at rest is a simple challenge in a mobile device. Locking of a phone should be so strong that even the Apple engineers cannot break it. In the end, this comes down to a political issue. Should citizens have the right to bear military grade technology to protect their rights to privacy and even right to peaceful assembly? There should not be a back door for the government or even for Apple. The back door is installed by the owner of the device to either manage or maintain their access. Corporate Mobile Device Management is a sanctioned back door. Raise the quality of protection and clearly articulate the risks for the buyer of the device.
Security Needs to Be REAL!
The future design of these systems needs to be established so that even the engineers “can’t break” the solution. The SED drives are a good example. The engineers who built trusted drive management software built a solution where if an individual user configured their drive, there is absolutely no way to recover if the password was unknown. This is a solution that is present on millions of PCs today. It may be possible to re-flash drive software and disable the locking mechanisms, but the encryption keys would be destroyed. Any recovery without hardware modification would be next to impossible. The claim has always been that SED drives cannot be broken by software/malware and that the hardware is tamper-resistant. Physically attacking a single chip to break the keys may be possible, but it would destroy the drive in the process and take an exhorbitant amount of time and resources. This is what a customer needs to understand when they protect their data with an SED drive.
It Is Still Early in This debate
The changes in devices and how we communicate around the world are changing the network. The result is that the ability to LISTEN is going away…perhaps within a decade, if not sooner. This shift is driven by the move to mobile and IoT where the devices connect to services based on identity and the network simply provides transport. This switch away from the network being smart to the network being just transport will not be comfortable. We will have to find new ways for electronic surveillance and control. It is in our best interest as citizens to constrain government and industries right to listen and watch constantly, but we will ultimately need a balance to provide the security and protection we hope for.
Image Credit: CC by Johan Larsson.