Menu
British voice encryption protocol has massive weakness, researcher says

British voice encryption protocol has massive weakness, researcher says

The UK government is requiring suppliers to implement the protocol

A protocol designed and promoted by the British government for encrypting voice calls has a by-design weakness built into it that could allow for mass surveillance, according to a University College London researcher.

Steven Murdoch, who works in the university's Information Security Research Group, analyzed a protocol developed by CESG, which is part of the spy agency GCHQ.

The MIKEY-SAKKE (Multimedia Internet KEYing-Sakai-KasaharaKey Encryption) protocol calls for a master decryption key to be held by a service provider, he wrote in an analysis published Tuesday.

"The existence of a master private key that can decrypt all calls past and present without detection, on a computer permanently available, creates a huge security risk, and an irresistible target for attackers," Murdoch wrote.

Cryptography engineers seeking to build secure systems avoid this approach, known as key escrow, as it makes whatever entity holding the key a target for attack. It also makes the data of users more vulnerable to legal action, such as secret court orders.

The approach taken by the British government is not surprising given that it has frequently expressed its concerns over how encryption could inhibit law enforcement and impact terrorism-related investigations.

The technology industry and governments have been embroiled in a fierce ongoing debate over encryption, with tech giants saying building intentionally weak cryptography systems could provide attack vectors for nation-state adversaries and hackers.

Murdoch wrote CESG is well aware of the implications of its design. Interestingly, the phrase "key escrow" is never used in the protocol's specification.

"This is presented as a feature rather than bug, with the motivating case in the GCHQ documentation being to allow companies to listen to their employees calls when investigating misconduct, such as in the financial industry," he wrote. 

The endorsement of the protocol has wide-ranging implications for technology vendors. Murdoch wrote that the British government will only certify voice encryption products that use it. The government's recommendations also influence purchasing decisions throughout the industry.

"As a result, MIKEY-SAKKE has a monopoly over the vast majority of classified U.K. government voice communication, and so companies developing secure voice communication systems must implement it in order to gain access to this market," he wrote.

GCHA has already begun certifying products under its Commercial Product Assurance (CPA) security evaluation program. Approved products must use MIKEY-SAKKE and also Secure Chorus, an open-source code library that ensure interoperability between different devices.


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

​Ingram Micro’s Hooked on Lenovo incentive programme recently rewarded 28 of New Zealand's top performing resellers with a full-on fishing trip at Great Barrier Island for the third year​ in a row.

Tight lines as Hooked on Lenovo catches up at Great Barrier Island
Inside the AWS Summit in Sydney

Inside the AWS Summit in Sydney

As the dust settles on the 2017 AWS Summit in Sydney, ARN looks back an action packed two-day event, covering global keynote presentations, 80 breakout sessions on the latest technology solutions, and channel focused tracks involving local cloud stories and insights.

Inside the AWS Summit in Sydney
Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Ingram Micro hosted its third annual Cure Kids Charity Golf Tournament at the North Shore Golf Club in Auckland. In total, 131 resellers, vendors and Ingram Micro suppliers enjoyed a round of golf consisting of challenges on each of the 18 sponsored holes, with Team Philips taking out the top honours.

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day
Show Comments