(By Thomas Baignères and Matthieu Finiasz, OLVID)
When Ray Tomlinson sent “QWERTYUIOP” over the ARPANET in July 1971, he probably did not suspect that this would be the beginning of a communication system that would be used by billions of people for more than 40 years. Today, six billion addresses exchange more than 150 million emails every minute (two out of three of which are of a dubious nature), based on communication standards that were developed before the break-up of the Beatles and the invention of modern cryptography.
In 1977, Rivest, Shamir and Adleman (RSA) of MIT invented the first public-key encryption system and the first digital signature. They then suggested using their algorithms to secure “electronic mail” and bank transfers. However, only with the democratisation of the Internet in the 1990s did electronic communications become an indispensable business tool. At that time, the matter of email encryption gained real prominence.
Two standards emerged, PGP and S/MIME. They are primarily concerned with authenticating the initial exchange of cryptographic keys, thereby enabling the content of an email to be encrypted and the identity of its sender to be secured. These two standards must respect the ageing SMTP protocol, which requires the exchange of unencrypted metadata in email headers. Furthermore, using email as expected (e.g. storing messages on the server) requires being able to decrypt messages at any time in the future. In other words, users who have conscientiously taken the time to purchase an S/MIME certificate, exchange it with their contacts and install it in all their email clients nevertheless have no guarantee that their communications will not someday be decrypted. Since email encryption is condemned to use techniques that predate Michael Jackson’s solo career, solutions must be sought out elsewhere.
The advent of the mobile device has paved the way for new modes of communication, in particular instant messaging applications such as WhatsApp and Telegram. This marks an opportunity to break free from existing protocols and leverage 40 years of innovation in cryptography. The “static” encryption imposed by email is being replaced with the notion of a “secure channel,” a sort of living medium that evolves in the course of exchanges.
The incorporation of Signal technology into WhatsApp places within everybody’s reach a technology that promises to protect all exchanges well beyond the conceivable limits of email, for “free.” The Double Ratchet algorithm, forward secrecy, backward secrecy — each of these technical terms encapsulates an advance in privacy protection, a response to a very real threat.
Does this mean that WhatsApp technology is superior in all respects to what was done before? Unfortunately, it does not. In focusing exclusively on the properties of this “secure channel,” WhatsApp has forgotten an essential element: ensuring the security of the very creation of this channel — that is to say, ensuring proper authentication of the initial exchange of the cryptographic keys that are so dear to S/MIME and PGP.
The result is that WhatsApp users are, often unwittingly, entrusting the job of retrieving their conversation partners’ cryptographic keys to an all-powerful central server. At any moment, this server may target these users and decide to decode whatever messages of theirs it chooses, with them being none the wiser. This involuntary “trusted third party” is the cornerstone of all security architecture. This is not just a risk if Facebook (or the US government) decides to “spy” on conversations. It is also a single point of failure in the event of a breach of this server. Such a security model is no doubt sufficient for exchanging holiday photos, but certainly not enough to protect the interests of a fine company or the destiny of France.
Work environments have changed in recent years. WhatsApp and Slack offer new ways to collaborate online. While email remains indispensable at present, its days are numbered. Today, the matter of how to secure these new tools is arising, just as the matter of how to secure email arose in the 1990s. We must learn from past mistakes. We must take security into account as early as the design phase by embedding modern cryptographic measures into exchanges. This will have to involve end-to-end encryption of exchanges, made possible by two essential steps: secure distribution of cryptographic keys and digital identities, coupled with proper use of these keys to establish dynamic channels for secure communication.
American communication giants such as Google and Facebook fundamentally owe their existence to the exploitation of the personal data for which they serve as conduits. They must not be expected to become the new pioneers of encryption. Flush with expertise, France undoubtedly has quite a good hand to play.
Thomas Baignères and Matthieu Finiasz, CEO and CTO of Olvid, https://olvid.io/