End-to-end Encryption, Today – Loophole Closed or Moved?

This blog is an excerpt of an article that is currently available on InfoSec Island.
Please join us for the free PARC Forum (in Palo Alto, CA) on May 5, Keeping Secrets from a Mind-Reading Adversary, with Professor Amit Sahai.  Click here to register!

Instant messaging is a big part of today’s digitally connected era, and there are a plethora of instant messaging apps, offering various features. Security, especially because of the latest developments with the Apple “back door” discussion, has become critical for these apps. The top apps with vaunted security features include iMessage and Snapchat. Despite the attention that app developers bestow on security, these apps possess vulnerability that is fairly easy to exploit.

It was recently shown (by security researchers at John Hopkins University) that attackers could intercept encrypted messages sent through iMessage and retrieve texts, photos and videos by exploiting a specific security weakness in iMessage. Snapchat messages, or snaps, delete themselves after a short period of time. But, it was recently shown (by security researchers at Gibson Security) that Snapchat also suffers from weak security, allowing attackers to poach usernames and phone numbers of users.

Thanks to increased security awareness, companies are making strides toward offering better security. Following in the footsteps of Apple, WhatsApp (owned by Facebook) and Viber recently enabled end-to-end encryption to their millions of customers, with the objective of securing privacy of their customers’ conversations.

What is End-to-End Encryption?

End-to-end encryption has been the go-to security solution for instant-messaging apps. It aims to add a shield where nobody other than the sender and receiver of a message can see the message, not even the company offering the instant-messaging service. This is performed by encrypting the message with keys derived from passwords of the sender and receiver.

Is the Loophole closed or just moved?

The current end-to-end encryption implementations raise a number of questions. If a user needs to reset her password (perhaps after losing her device or forgetting the password), the chat histories will no longer be available, to anyone. Because of the encryption method, the history is encrypted with keys derived from the old password, which cannot be decrypted with any other keys, including those derived from the new password. This holds true even if the app server has backed-up the encrypted chat histories.

Currently, this issue is addressed by allowing users to easily back up chat histories on storage from third-party vendors such as Google Drive, iCloud, or by using the device’s internal memory. Having the ability to access previous chats is a crucial feature in most instant-messaging apps, and resorting to third-party storage providers has been the usual method of addressing this ‘loss of history’ situation.

Because there are now third party services in the picture, the overall security is now only as secure as the external services. This is extremely concerning, especially for companies that staunchly support security and privacy, since now, the responsibility of securing customer data has fallen on external shoulders. What if WhatsApp data is stored in a cloud server owned by a third party, and a hacker steals personal WhatsApp chat history? Who is held accountable — Facebook (WhatsApp) or Apple (through iCloud storage)? Legal teams will have to define this clearly. Furthermore, Apple has direct access to the data of WhatsApp’s customers on iCloud. This is because, the keys to encrypted data on iCloud are owned and held by Apple — not the users, like in most other cloud storage providers. So, WhatsApp can no longer hold an independent stand on protecting customer privacy against providing access to the government. However, requiring storage is inherent in the functionality of end-to-end encryption.

Can technology help solve the issue?

If the instant-messaging service company stores encrypted chat histories, then control on securing data back is up to itself, forcing it to answer the same legal question: who owns the encryption keys? If the company owns the keys, it can’t claim that it holds no access to content. If customers own the keys (passwords), then the original issue of forgetting the keys and being locked out of encrypted data still exists. For this reason, I believe this solution isn’t viable. It is clear that using traditional keys (passwords), which are easily forgotten, does not work either. The solution to the problem at hand necessitates key derivation that does not involve memory.

Let’s use our fingers

Biometric cryptography is an active area of research, and many recent advances provide secure tools to perform biometric secure key derivation. Also, backing up keys need not be performed after every message; but perhaps, every time the device is accessed is reasonable frequency. With biometric identification technology already implemented in devices such as iPhones, technology overhead might be minimal. With a key derivation method that does not require memory and with the technology already in place for use, I believe biometric cryptography offers a potential solution to the problem.

An alternate approach for password management is to use Password Managers. A Password Manager is a software, using which a user only need to deal with a single master secret; using this master secret, the Password Manager derives passwords for all the user’s accounts. The master key is either stored on the user’s device or on the service provider’s cloud. If stored on the user’s device, the issue of losing the password upon losing the device still persists. Also, storing the master password on the provider’s cloud gives clear access to the provider, defeating the original objective of securing user’s privacy.

It is, however, important that instant-messaging service providers invest in research and development of a viable solution that patches the loophole and gives full control of data to its customers.

One thing is clear: end-to-end encryption does not solve the problem, despite the common perception that it is the holy grail of instant-messaging security. It is necessary that service providers shift their attention toward non-traditional key-derivation mechanisms to close the loophole. Biometric cryptography is a potential candidate because it is the embodiment of storing information that doesn’t require memory. Also, biometrics is already mainstream, and it’s being embedded on our devices now and into the future. 

By Vanishree Rao, Security and Cryptography researcher, PARC, a Xerox Company .