Four Questions For: Jean-Philippe Aumasson

Long term, who wins: the cryptographers or the code breakers?
Nobody breaks codes anymore, strictly speaking. When you hear about broken crypto, it’s most of the time about bugs in the implementation or about the use of insecure algorithms. For example, the DROWN attack that just won the Pwnie Award of the Best Cryptographic Attack at Black Hat USA exploits weaknesses in: 1) a protocol already known to be shaky, and 2) an algorithm already known to be insecure. So we’ve got unbreakable crypto, we just need to learn how to use it.
What innovations in cybersecurity should companies implement today?
The hot topic in my field is end-to-end encryption, or encryption all the way from the sender’s device to the recipient’s device. This is therefore the strongest form of encryption. WhatsApp and Facebook recently integrated end-to-end encryption in their messaging platforms for the benefit of their users’ privacy. Enterprise encryption software lags behind, however, with encryption solutions that often expose the unencrypted data to an intermediate server. That’s acceptable, for example, for compliance or controllability reasons, but otherwise you should make sure that you use end-to-end encryption to protect sensitive information, such as VoIP phone calls (telecommunication standards, including the latest LTE, are not end-to-end encrypted).
What are the implications of mobile technology and wearables in personal security?
Companies creating those products often neglect security and privacy concerns to save cost (or through ignorance) while security experts tend to exaggerate these concerns. We’ll have to find a middle ground between the needs and expectations of users and regulations. Meanwhile, the lack of security in IoT systems creates great opportunities for conference talks and marketing FUD.
In the Internet of things, is everything hackable, and if so, will someone hack all the pacemakers some day and turn them off?
The “everything is hackable” mantra is actually less scary than it sounds. Literally everything is hackable: from your refrigerator’s micro controller to your mobile phone, as long as you put enough effort in it. One shouldn’t think in terms of mere possibility but instead in terms of risk and economic interests: if I spend X days and Y dollars to hack a pacemaker, will my profit be worth the X-day and $Y investment? A secure pacemaker is obviously better than an insecure one, but the scenario you describe is unlikely to happen; it would just make a great movie plot.
Jean Philippe Aumasson
Jean-Philippe (JP) Aumasson is Principal Cryptographer at Kudelski Security, and holds a PhD in applied cryptography from EPFL. Switzerland. He has talked at top-tier information security conferences such as Black Hat, DEFCON, and RSA about applications of cryptography and quantum technologies. He designed the popular cryptographic algorithms BLAKE2 and SipHash, and organized the Password Hashing Competition project. He wrote the 2015 book “The Hash Function BLAKE”, and is currently writing a book on modern cryptography for a general audience. JP tweets as @veorq.

Peerio is a chat and storage service with big security claims

A Canadian outfit called Peerio has put its eponymous secure messaging and cloud storage app into public beta, promising a much more usable alternative to PGP email and file encryption.

Peerio was released on Wednesday for Windows, Mac and Chrome (which also gives Linux users an option) – apps for Android and iOS are in the works. It’s not quite perfect just yet, but it’s an intriguingly user-friendly take on secure cloud communications and storage.

“Our goal is for Peerio to succeed PGP in the use-cases of mail and file sharing,” co-founder and lead cryptography designer Nadim Kobeissi told me via a Peerio encrypted conversation. “We’ve developed a system built on foundations that are more modern, stronger, and simpler than PGP. Anyone who uses Peerio for a few minutes will quickly see how it’s years ahead of using PGP with Thunderbird, and never go back.”

Open-source and audited

The two-decade-old PGP is certainly a pain to use — at least, if you want to get it right — largely because of the complexity of PGP key management. Rather than requiring users to have their private key file to hand, Peerio requires them to create memorable (and long) passphrases that are then used to locally generate private keys for each session. The passphrase is used to log into Peerio for the first time on each new device. After that, a shorter, easier-to-type password can be created for that device, and two-factor authentication is also available.

Peerio incorporates the encryption technology of Kobeissi’s Minilock file encryption app. Users have usernames rather than email addresses and their client-generated, abstract avatars are used to verify their cryptographic identity (the client can automatically detect changes.)

From a functionality perspective, Peerio is a cross between email (albeit without the universality) and instant messaging. Files can be attached to messages, and conversations are threaded and searchable. There’s no draft functionality at the moment, which can be a pain when jumping between conversations mid-message, but Kobeissi said this will come soon and drafts will be safely encrypted.

Kobeissi, a PhD student in applied cryptography, is best-known as the creator of the Cryptocat chat app, which had a nasty security scare in 2013 (a bug left group chats vulnerable for months). However, this time round his co-creation has been audited by “expert cryptographers and system penetration testers” (Germany’s Cure53, per Wired). What’s more, the client code is open source and available on Github for scrutiny by whoever can offer it.

Metadata issue

Kobeissi seems pretty confident about Peerio’s security. When I asked whether it was tough enough to be a secure channel for leaking information, he replied: “I think people doing something like leaking state secrets should not depend on the internet at all, personally. But I would say that Peerio can protect the content of people’s communications, even if they’re operating from a highly surveilled context.”

However, the service’s end-to-end encryption only protects the contents of communications, not the metadata about who contacted whom and when. Peerio’s Canadian servers still hold users’ contact lists, the number of files and messages sent, and message timestamps. Kobeissi told me access to this metadata is “quite minimal and well-guarded” and he and his colleagues “pledge to fight any overreaching government requests”, but still, the information is there and, unlike the contents of messages, available to Peerio itself. Will Peerio create a way to encrypt this metadata? “One thing at a time,” Kobeissi said.

Peerio’s team includes four permanent staff, but numbers 12 with hired contractors – the outfit has $250,000 in seed funding. The plan is to make money by charging for premium features such as more than a gigabyte of storage, and by targeting the business market at some point.

For a product just entering public beta, Peerio seems admirably clean, functional and user-friendly. As long as people don’t find nasty vulnerabilities – and the firm deals with its metadata-related issues — it could be a viable mass-market encrypted communications and collaboration service. (A minor warning, though: If you import a contacts list, Peerio will send out an invite to everyone on it.)

UK’s Cameron won’t “allow” strong encryption of communications

The British prime minister David Cameron has suggested that if his Conservative Party wins the upcoming general election, it will not allow encrypted communications that cannot be read by the security services.

On Sunday, Cameron told ITV News: “I think we cannot allow modern forms of communication to be exempt from the ability, in extremis, with a warrant signed by the home secretary, to be exempt from being listened to. That is my very clear view and if I am prime minister after the next election I will make sure we legislate accordingly.” He repeated the sentiment again on Monday (video embedded below.)

The Tory leader has already said that he wants to bring back the Communications Data Bill, a.k.a. the “Snooper’s Charter,” if his party wins the upcoming general election in May. This is not news as such; the only reason the bill is on ice is that the Conservatives’ current coalition partners, the Liberal Democrats, refuse to allow it to be tabled. (The Lib Dems did, however, allow the “emergency” passage of the DRIP Act, which brought in the main planks of the Snooper’s Charter – mandatory data retention for various kinds of internet communications – on a temporary basis.)

However, the Tories’ rhetoric has predictably ramped up in the wake of the Paris killings. The idea of banning secure communications is a recent development (though it follows on from the frustration of U.K. intelligence chiefs) and is utterly flawed. Even armed with a warrant from the Home Secretary, security services would be stymied by a basic WhatsApp text chat, an email exchange properly encrypted using PGP, or an [company]Apple[/company] iMessage or FaceTime conversation – all of which use end-to-end encryption.

These, we must assume, would be the services that Cameron would not “allow” if voted back in. However, it is hard to see the British government succeeding in stopping the use of such tools. Even if (a big “if”) the government got some kind of concession from the big commercial players (key escrow?), systems such as PGP don’t even have a centralized company behind the curtains. And then there’s the issue of anonymity — monitoring the communications of someone using the anonymized browsing tool Tor, for example, is difficult to say the least. Would online anonymity also be banned?

It’s just not a sensible idea, but that doesn’t always stop the introduction of new laws. Labour leader Ed Miliband, the head of the opposition, has said he would resist the immediate reintroduction of the Snooper’s Charter and would give a “cautious and considered” response to security chiefs asking for more powers. That doesn’t mean he won’t cave in — Labour has a bad record on this stuff, and the current government took power in 2010 promising to “reverse the substantial erosion of civil liberties under the Labour government and roll back state intrusion.” But, particularly after Snowden, this is clearly going to be a live issue on the campaign trail.

https://www.youtube.com/watch?v=u_kqM0gn63M

Google’s alpha-stage email encryption plugin lands on GitHub

Google has updated its experimental End-to-End email encryption plugin for Chrome and moved the project to GitHub. The firm said in a Tuesday blog post that it had “always believed strongly that End-To-End must be an open source project.” The alpha-stage, OpenPGP-based extension now includes the first contributions from Yahoo’s chief security officer, Alex Stamos. Google will also make its new crypto library available to several other projects that have expressed interest. However, product manager Stephan Somogyi said the plugin still wasn’t ready for the Chrome Web Store, and won’t be widely released until Google is happy with the usability of its key distribution and management mechanisms.