Presented at
Black Hat USA 2015,
Aug. 5, 2015, 3 p.m.
(50 minutes)
Governments are demanding backdoor access to encrypted data - particularly on mobile devices and in the cloud - as strong encryption becomes commonplace. Governments fear going dark with encryption hindering criminal and national security investigations. Privacy advocates have opposed backdoors since the 1990s and the battle is heating up again, this time on a global scale. Backdoors have also been criticized as making systems inherently less secure. Current proposals, such as key escrow, split-key systems, and account mirroring, are complicated and difficult to implement securely. We provide a background on end-to-end encryption, a techno-political history of backdoors, and an update on the current state of affairs. We explore various options for working around end-to-end encryption, focusing on implementation details and potential weakness due to administrative failure in procedures to request and obtain access and technical attacks on the implementation. We conclude with proposals to answer the lingering question of whether there is a solution that does not weaken encryption systems or mandate technological designs while still enabling limited government access to secure communications.
Presenters:
-
Matthew Green
- Johns Hopkins University
Matthew Daniel Green is an expert in applied cryptography and network security. He is an Assistant Research Professor of Computer Science at Johns Hopkins University. He specializes in applied cryptography, privacy-enhanced information storage systems, anonymous crypto-currencies and digital rights management systems. Dr. Green is a member of the teams that developed the Zerocoin and Zerocash anonymous crypto currencies. He has also been involved in the groups that exposed vulnerabilities in RSA BSafe, Mobil Speedpass and EZpass toll collection systems.
-
James Denaro
- CipherLaw
Jim Denaro is the founder of CipherLaw, a Washington, D.C.-based law firm and focuses his practice on legal and technical issues faced by innovators in information security. Jim is a frequent speaker and writer on the subject and has experience in a wide range of technologies, including intrusion detection, botnet investigation, incident response, and cryptography. Jim has a degree in computer engineering and has completed professional coursework at MIT and Stanford in information security. He also holds technical certifications from the Cloud Security Alliance (CCSK) and Cisco Systems (CCENT), and is an Associate of (ISC)2 for CISSP pending certification. Jim is a registered patent attorney and is engaged in graduate studies in national security at Georgetown University.
Links:
Similar Presentations: