The VICE Channels

    Crypto Pushed By the UK Government Has a Big Security Loophole

    Written by

    Joseph Cox


    Image: Defence Images/Flickr

    As the second crypto war rages on, with law enforcement and policy makers demanding access to encrypted communications, new research has found that an encryption standard pushed by the UK government allows third parties to decrypt communications.

    The standard in question is “Secure Chorus,” which relies on the protocol MIKEY-SAKKE; a way of handling encryption keys. By design, MIKEY-SAKKE forces so-called “key escrow,” which means the encryption keys are handled by a central authority, which can then decrypt all communications.

    According to one document published by CESG, the information security arm of GCHQ, Secure Chorus is “for protecting OFFICIAL and OFFICIAL SENSITIVE communications,” and the organisation is committed to “supporting the Secure Chorus standard.”

    The crypto is approved for secure government communications, but because the keys are handled by a central server, they could be potentially accessed by a third party. The issue is to do with how the encryption keys are generated.

    “In end-to-end encryption, each person generates their own private keys so only they can decrypt conversations. In MIKEY-SAKKE the central network provider generates everyone's private keys so can decrypt all conversations,” Steven Murdoch, a researcher at University College London and security company VASCO, who conducted the analysis told Motherboard in an encrypted chat. Murdoch came to this conclusion from publicly available documentation, published by GCHQ and the Internet Engineering Task Force (IETF), he said.

    However it is not totally clear who has the power to decrypt communications. A central network provider is not specified in the documentation, Murdoch said, meaning that “for government communication it would likely be GCHQ or an organisation controlled by GCHQ,” he added. “For corporate communications, it could be the company itself or it could be delegated, perhaps to GCHQ.”

    This sort of power is already hinted at in the documentation, giving the example that “In banking, some areas of government, and a number of other industries, there are regulatory requirements that require communications between employees to be recorded so that the enterprise can support any future investigation into misconduct.”

    But crucially, because the private keys to decrypt communications are stored centrally, they “may be more vulnerable to hacking, intimidation of employees or insider abuse, as well as allowing less oversight,” Murdoch writes in this analysis.

    Another problem with MIKEY-SAKKE is that it does not provide forward security, so once a key has been compromised, all past communications can be accessed.

    Secure Chorus is supported by CESG, and is used in encrypted communication products and apps, which, if they pass a certain standard, are then stamped with a Commercial Product Assurance (CPA) mark of approval.

    As of November 2015, only one CPA-approved secure voice product exists: Cryptify Call, an app for iOS and Android.

    “The security is based on well proven, state-of-the-art cryptography such as MIKEY-SAKKE for key exchange and Advanced Encryption Standard (AES) for media protection,” according to one of Cryptify's brochures. Cryptify products are also approved for communications in NATO, up to an RESTRICTED level, according to the company’s website.

    Johan Wagné, chief executive officer of Cryptify, did not respond to phone calls and emails. Micael Berg, the company's chief sales officer, when reached by phone, declined to comment without first coordinating with Wagné.

    The Home Office declined to comment, instead delegating to CESG.

    A CESG spokesperson said “We do not recognise the claims made in this paper. The MIKEY-SAKKE protocol enables development of secure, scalable, enterprise grade products.”

    Update Jan 20: Cryptify, in response to Murdoch's analysis, wrote on its site that the system used to generate keys is offline most of the time, and that it is controlled by the user organisation.