Difference between revisions of "Encryption Backdoor"

From SI410
Jump to: navigation, search
 
(4 intermediate revisions by the same user not shown)
Line 13: Line 13:
  
 
===Apple iPhone Case===
 
===Apple iPhone Case===
Apple Inc. is among the world's  largest information technology companies, developing and designing consumer electronics, software and online services. After the San Bernardino terrorist attack, Apple was asked to assist the FBI in ongoing investigations of the shooter's iPhone, recovered by the FBI. Apple released a statement on February 16, 2016 explaining the implications of creating a court ordered specialized iOS operating system that would threaten current security of iPhone users around the world. Apple argues the implications of creating a backdoor to their operating system poses the threat of duplication and undermines the security features currently in place. The order also raises the issue of an unprecedented government request for user information and weakened privacy and data security.  
+
Apple Inc. is among the world's  largest information technology companies, developing and designing consumer electronics, software and online services. After the San Bernardino terrorist attack, Apple was asked to assist the FBI in ongoing investigations of the shooter's iPhone, recovered by the FBI. <ref> http://www.apple.com/customer-letter/answers/ </ref> Apple released a statement on February 16, 2016 explaining the implications of creating a court ordered specialized iOS operating system that would threaten current security of iPhone users around the world. Apple argues the implications of creating a backdoor to their operating system poses the threat of duplication and undermines the security features currently in place. The order also raises the issue of an unprecedented government request for user information and weakened privacy and data security. <ref> http://www.apple.com/customer-letter/ </ref>
  
[[File:District Court Order Compelling Apple, Inc. to Assist Agents In Search.png|thumb|500px|right|Verizon Voice Cypher Secure Diagram of Encryption]]
+
====Security Implications====
 +
The FBI’s court order motion comes under the All Writs Act, requiring Apple Inc. to technically assist the government through redesigning and implementing a special version of iOS that would undermine three current security features:
  
 +
1. Disabling a safeguard that currently deletes keys after 10 incorrect passcode guesses <ref> Electronic Frontier Foundation: A Technical Perspective on the Apple iPhone Case https://www.eff.org/deeplinks/2016/02/technical-perspective-apple-iphone-case </ref>
  
 +
2. Allowing any number of passcode guesses without the current time delays implemented after set numbers of incorrect guesses <ref> Electronic Frontier Foundation: A Technical Perspective on the Apple iPhone Case https://www.eff.org/deeplinks/2016/02/technical-perspective-apple-iphone-case </ref>
 +
 +
3. Allowing electronic entry of passcodes, bypassing the current requirement to manually enter passcodes on the device
 +
<ref> Electronic Frontier Foundation: A Technical Perspective on the Apple iPhone Case https://www.eff.org/deeplinks/2016/02/technical-perspective-apple-iphone-case </ref>
 +
 +
[[File:District Court Order Compelling Apple, Inc. to Assist Agents In Search.png|thumb|500px|right|District Court Order Compelling Apple, Inc. to Assist FBI Agents In Developing Special Version of iOS for Terrorist Investigation]]
 +
 +
====Ethical Implications====
 +
While the development of phone specific cracking software is not impossible, protecting this secure software is difficult. Developing a key has the potential for increased risk of duplication for other devices. If developed for one iPhone, the FBI court order would create an unprecedented request for compromised user security, as there is no way to guarantee control of this software once developed. <ref>  Electronic Frontier Foundation: A Technical Perspective on the Apple iPhone Case https://www.eff.org/deeplinks/2016/02/technical-perspective-apple-iphone-case </ref>
  
 
==See also==
 
==See also==

Latest revision as of 14:41, 23 February 2016

An Encryption Backdoor is the concept of building in an alternative method of accessing data, allowing an unauthorized user to bypass security precautions and undermine the intended purpose of data encryption. Encryption is a form of Information Security where information is manipulated via algorithms, preventing sensitive information from being read if intercepted by an unauthorized recipient. Successful encryption will involve a pseudo-random and complex key possessed by the intended recipient of the information, allowing them to read it. An encryption backdoor has the implications of creating a master key, capable of being replicated to breach a variety of encrypted devices.

Verizon Voice Cypher Secure Diagram of Encryption

History of Encryption

The first documented display of written encryption was utilized in Egyptian hieroglyphs dating back to 1900 BC. Since then, populations around the world have used various means of altering messages to protect invaluable information from being deciphered. [1] In 1977, the United States adopted the Data Encryption Standard, a 56-bit key algorithm IBM developed, later modified by the National Security Agency. [2] DES was later replaced by the superior 168-bit key Advanced Encryption Standard, approved in 2001 by the United States government for classified information. [3]

Cases

Bernstein v. US Department of Justice

As a Ph.D. candidate, Professor Daniel J. Bernstein developed “Snuffle” an encryption algorithm at the University of California at Berkeley. [4] In 1993, Bernstein confronted the existing government export mandates on encryption software by suing the State Department. The existing policy, dating back to the Clinton Administration, considered distribution of encryption schemes to be a punishable criminal act without government sanction, resulting in up to $1 million in fines and 10 years in prison. [5]Bernstein argued the policy greatly hinders in person collaboration, violating his First Amendment rights and interfering with his cryptography and computer security research. In 1997, Judge Marilyn Hall Patel concluded that source code is protected speech, therefore “the encryption regulations are an unconstitutional prior restraint in violation of the first Amendment.” [6]

Apple iPhone Case

Apple Inc. is among the world's largest information technology companies, developing and designing consumer electronics, software and online services. After the San Bernardino terrorist attack, Apple was asked to assist the FBI in ongoing investigations of the shooter's iPhone, recovered by the FBI. [7] Apple released a statement on February 16, 2016 explaining the implications of creating a court ordered specialized iOS operating system that would threaten current security of iPhone users around the world. Apple argues the implications of creating a backdoor to their operating system poses the threat of duplication and undermines the security features currently in place. The order also raises the issue of an unprecedented government request for user information and weakened privacy and data security. [8]

Security Implications

The FBI’s court order motion comes under the All Writs Act, requiring Apple Inc. to technically assist the government through redesigning and implementing a special version of iOS that would undermine three current security features:

1. Disabling a safeguard that currently deletes keys after 10 incorrect passcode guesses [9]

2. Allowing any number of passcode guesses without the current time delays implemented after set numbers of incorrect guesses [10]

3. Allowing electronic entry of passcodes, bypassing the current requirement to manually enter passcodes on the device [11]

District Court Order Compelling Apple, Inc. to Assist FBI Agents In Developing Special Version of iOS for Terrorist Investigation

Ethical Implications

While the development of phone specific cracking software is not impossible, protecting this secure software is difficult. Developing a key has the potential for increased risk of duplication for other devices. If developed for one iPhone, the FBI court order would create an unprecedented request for compromised user security, as there is no way to guarantee control of this software once developed. [12]

See also

References

  1. SANS Institute InfoSec Reading Room: History of Encryption https://www.sans.org/reading-room/whitepapers/vpns/history-encryption-730
  2. Tech News World: A Brief History of Encryption http://www.technewsworld.com/story/70437.html
  3. National Institute of Standards and Technology: NIST Withdraws Outdated Data Encryption Standard http://www.nist.gov/itl/fips/060205_des.cfm
  4. Electronic Frontier Foundation: Bernstein v. US Department of Justice https://www.eff.org/cases/bernstein-v-us-dept-justice
  5. Electronic Frontier Foundation: Court Declares Crypto Restrictions Unconstitutional https://www.eff.org/press/archives/2008/04/21-37
  6. Electronic Frontier Foundation: Mathematician Challenges U.S. Lid on Encryption Software https://www.eff.org/press/archives/2008/04/21-44
  7. http://www.apple.com/customer-letter/answers/
  8. http://www.apple.com/customer-letter/
  9. Electronic Frontier Foundation: A Technical Perspective on the Apple iPhone Case https://www.eff.org/deeplinks/2016/02/technical-perspective-apple-iphone-case
  10. Electronic Frontier Foundation: A Technical Perspective on the Apple iPhone Case https://www.eff.org/deeplinks/2016/02/technical-perspective-apple-iphone-case
  11. Electronic Frontier Foundation: A Technical Perspective on the Apple iPhone Case https://www.eff.org/deeplinks/2016/02/technical-perspective-apple-iphone-case
  12. Electronic Frontier Foundation: A Technical Perspective on the Apple iPhone Case https://www.eff.org/deeplinks/2016/02/technical-perspective-apple-iphone-case