End to End Encryption is useless

There is a lot of news about end-to-end encryption. Every chat app and
their neighbours are implementing it, even the big names: the Russians
with Telegram, the Americans with Allo, Facetime, Skype, Whatsapp and
what not. So that’s good, isn’t it?

Yes, end to end encryption is good! It makes sure that your message,
your love letter, voip or telephone call can only be read by the one you
intend it for and no one else.

End to end encryption is easy

End to end encryption is easy. All the tools have been
written in the last 30 years. As programmer, just use the latest
version, follow some do’s and don’ts and you’re done. Your users can
generate and exchange keys and enjoy privacy of end to end encryption.

Google, Facebook, Apple, VKontakte, they provide the ways for people
to find each other. Just sign up at their platform, create an acccount
and you’re done. With some platforms, signing up is implicit as your
phone number is your identity. Easy and secure, right?

Who holds the address book?

No. Regrettably it might not be so secure. You see, what happens is
this: If I were to send a private message to a friend, I need his
public key to encrypt it. Now, public keys are those big unwieldy
numbers around 200-300 digits long. No way he’s going to read it over the
telephone to me, let alone that I can type it in without errors. I
need to get that key some other way.

No problem, my device asks the service for the public key of my
friend. I encrypt the message using that key and hand the encrypted
message to the service for delivery.

Wait … a … minute.

Let’s state that again: I use the key I get from THEM to encrypt a
message and hand it to THEM for delivery to my friend - without any
verification. That’s a classic Man-in-the-Middle attack scenario.

Here is how that attack goes: I request the platform to provide me the
key of my friend but instead of handing me that one, they could send
me a different key - one of their own. I’d encrypt the message and
hand it to them. Now they decrypt the message, store it, hand it to
NSA or whatever. Then they re-encrypt it with my friend’s real public
key and send it on for delivery. I’d be none the wiser, nor is my
friend.

The problem is threefold:

  1. I use the address book of the platform to fetch my friend’s key;
  2. I use them to deliver the message to my friend;
  3. I use their software to write and encrypt the message.

This means, I have to trust the platform to do all three correctly to
be sure that only my friend is able to read my message, not them. If
they mess with either the address book or their software I’m using,
they can read or even modify my messages to my friend.

Aside: This is already a step ahead from the unencrypted past. In the
past almost everyone could read my message to my friend. My ISP,
every network operator along the path up to my friend’s ISP could read
along, and the spies who wiretap the cables. Now only the message
platform can read along - if they would decide to do so. So I would
have to trust a lot less people. But I still have to trust the platform.

Is that trust warranted?

That’s a question that each of us has to answer. For the stuff I write
to my colleagues - if the boss is OK with that - it’s ok for me
too. It’s his decision, I can only advise. On he other hand, pillow
talk to my wife, I don’t want that to leave the bedroom ever, so I
wouldn’t trust these platforms for that, so on business trips I’ll
have to refrain from pillow talk.

Solutions

The key to solve this trust issue is to separate the three
components: address book, delivery platform and client software.

We need End to End Authentication

What we need is End to End Authentication, a way for end points, like
you and me, to verify that there is no tampering with the public keys
of our communication partners.

With that verification in place, it eliminates the risk of a Man in
the Middle-attack by the platform operators. With the push from
governments to backdoor communications, this could be a welcome
improvement.

How to achieve end to end authentication? There are many ways. This
website is devoted to one proposal: eccentric authentication. It’s a
protocol designed to make people interact publicly while remaining
anonymous. The key exchange happens transparant as part of the
interaction, no explicit actions are needed to validate keys.

But there are many more ways to exchange keys in a way that instills
confidence that there is no hidden tampering. Expect more in future
blogs. Or read those alreade there…