Introducing Backdoors To VoIP Networks Makes Them More Secure?
from the run-that-past-us-again dept
The ruling that VoIP providers must make their networks wiretap-ready under CALEA legislation has caused some consternation, both because of the additional costs it generates, as well as the technical complexity of devloping a solution to meet the May 2007 deadline. In June, an IT trade group issued a report outlining many of the problems VoIP providers face in implementing a CALEA-compliant solution, and in response, a group representing companies selling wiretap systems -- so there's surely no bias -- has issued a rebuttal that appears to be little more than saying "no it isn't" to every claim from the first report. Among their claims of varying dubiety, one stands out: that adding in wiretap back doors for law enforcement makes networks more secure, rather than less. This is totally unclear, as adding a back door to eavesdrop on calls, even if it's meant for law enforcement alone, would certainly appear to introduce a new vulnerability in the network and a target for hackers. While the costs of implementing CALEA for VoIP providers can really be seen as a cost of doing business, the idea that providing the ability for anybody to intercept calls makes a network more secure is pretty outlandish.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Reader Comments
Subscribe: RSS
View by: Time | Thread
Welcome to 1989
[ link to this | view in chronology ]
Re: Welcome to 1989
[ link to this | view in chronology ]
Re: Re: Welcome to 1989
It's still newspeak. Until that is done away
with it's difficult to discuss such subjects.
Of course it's LESS secure but I don't believe
a knee-jerk reaction that it's bad makes any
more sense than trying to claim it's more secure.
[ link to this | view in chronology ]
Of course
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re: Re: Welcome to 1989
[ link to this | view in chronology ]
Re: Re: Re: Welcome to 1989
[ link to this | view in chronology ]
oh...
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Re: To Scott...
[ link to this | view in chronology ]
geeze
[ link to this | view in chronology ]
[ link to this | view in chronology ]
Without the ability to provide intercept, maybe 25 guys actually get on planes in the UK today.
[ link to this | view in chronology ]
Re: Anonymous Coward
As has been stated before. VoIP is not your average phone service. There are no wires running to the phone company or anything else of the sort. It is all sent straight from your house to the internet. If there is to be a backdoor, it seems there are only too possibilities. 1: Make it basically a trojan waiting for the correct set of parameters before it allows the "law enforcement agency"(or hackers) access. or 2: Install monitoring software at every point where the voip data gets converted into standard phone service data. Of course the latter is much closer to a 1984 -esque situation since the only way the monitoring software would be able to work is to look at every phone call and analyze it asking 'Is this something I should be listening to?' and a portion of the first method would need to be introduced in order to catch VoIP to VoIP calls as the second method would only catch calls that transfer from the internet to the phone network.
So, in short, the internet would be the access point and as of the moment, it is not highly regulated.
[ link to this | view in chronology ]
Can you hack a VoIP network? Yes, you can, you can do it easier than getting into the PSTN, but providing lawful intercept has nothing to do with that.
Funny thing is, if you don't allow law enforcement to intercept calls, the only one that could would be criminals.
[ link to this | view in chronology ]
[ link to this | view in chronology ]
The police (or law enforcement) don't access the networks from their office, they do that at the carriers location.
[ link to this | view in chronology ]
Re:
All the technologies required to make VoIP secure have been around for years, most of them are unpatented, so there is no major cost difference required. Unfortunately for the FBI, NSA, etc.. the technologies used are pure end-to-end encryption, which prevents them from having any method to listen in.
I'll discuss a couple of ways to build in 'lawfull intercept':
Possibility #1: The main connection is encrypted via public/private key pairs(Probably one of the best possibilities). Those asymmetric key pairs are only used to encrypt the connection setup, they are far too procssor-intensive to be used for the main encryption, so a one-time random session key is created and shared using the public/private keys. The NSA could require that their public key be included in all endpoints, and encrypt a second copy of the session key using the NSA's public key. The NSA just has to intercept the encrypted packets, and can get the session key from their special packet. The problem with this, and this is a problem with ALL public/private key systems is: If the key is ever compromised, it is compromised for every instance ever, future and past. So even though it would take YEARS to break that key, once it is broken, any communications that had that key would be compromisable. Second, it only takes one good hacker or corrupt NSA agent to smuggle that key into the wild, so that it might be 'broken' sooner. Any hardware/software that still has that key would be vulnerable. And if the NSA doesn't know their key was stolen, they might keep using it, after all.. THEY don't use that key, so it doesn't hurt them any... it just hurts our privacy even more.
Another possibility: Per-session keys chosen the way SSH/SSL/TLS handles theirs (And this does NOT require any kind of certificate. SSL for webpages uses certificates to prove the identity of the website, but the certificate is not required for high-strength encryption.)
How could the FBI get into this? Either building a back door into each VoIP program/hardware endpoint that they could access to either get the SSL/TLS session keys, or get a second SSL/TLS session for an ongoing call. Or to force each endpoint to call them with every call to give them the session key.. or many other possible ideas. However, none of those ideas involve the kinds of secret rooms that the NSA has been accused of putting into phone company offices, because those rooms would only be capturing encrypted packets, which would be useless to the FBI(And the NSA) without any kind of back-door to get the encryption keys. So, fundamentally, anything that allows the government to break into the conversation, also allows other smart people to do the same thing. The only way to ensure the security of the communication is to prevent ANYONE from breaking in. Yes, governments have been afraid of this for a very long time, but the supreme court defended our right as United States citizens to have the technology to hide our speach from the government.
They all have the problem that, since VoIP endpoints are talking on the public internet, that anyone that can communicate with the endpoint could use this back door. Sure, only the government would be TOLD how to use it, but do you think anyone TOLD hackers how to break into windows the way Code Red did? Or SQL Slammer? Or 90% of the other viruses/exploits that have been out there - nope, they figured it out themselves. Any time you allow for a third party to surreptitiously log into a system, you allow the possibility that a fourth party will figure it out too. There MAY be possible ways for this to be implemented in a secure manner, but if the government isn't going to share the details of how with us(So that security researchers can take a look and make sure any flaws are FIXED), I won't be able to support this. If the government(or anyone else) tries the argument 'if they told you how it worked, it wouldn't be secure anymore', is relying on an ad-hominem argument. Security that relies on secrecy of the implementation is fundamentally flawed. Secrecy of the implementation only hides flaws, it does not fix them, it leaves them there to be found.
(I wonder if anyone will read this whole thing..)
[ link to this | view in chronology ]
If they are conducting an investigation, they can get a warrant and plant a bug in someone's house/office and listen that way.
Or maybe we should just call it like it is - data mining or trolling for anyone doing something Big Brother doesn't like.
[ link to this | view in chronology ]
point to point encryption
[ link to this | view in chronology ]
[ link to this | view in chronology ]
You are at greater risk driving to the airport than of a terrorist taking out your plane. I for one am willing to take my chances rather than sacrificing freedoms.
The government needs to get back to old fashioned field work like in the good old days. We didn't have all this technology and our intel was as good or better.
[ link to this | view in chronology ]
araemo, I read it all
Also, your argument is true, but the fact is, the VoIP networks of today are not secure, so lawful intercept won't really make it any less secure, hackers can get into it now, why would they bother to go after a hardened lawful intercept access point?
Phil Z does have the Z phone, so there are options out there, but that gets back to the question of allowing the govt. access to communication? After yesterday, do we want to restrict the govt"s ability to gather intelligence?
Communications have changed, now things like email, chat rooms, drafts of emails have to be looked at, because thats what terrorists are using. VoIP is not different than any of the other things, its communication.
[ link to this | view in chronology ]
Re: araemo, I read it all
You mention the Z phone, and there are other products out there(Though I don't know of any quite as polished as the Z phone), but would this make the Z phone illegal?
"After yesterday, do we want to restrict the govt"s ability to gather intelligence?"
Show me evidence that the ability to tap americans' phones lead to the intelligence necessary to stop the attempted attacks yesterday. Bringing up the spector of terrorism is not a free win, and it does a disservice to actual efforts to stop terrorism, because it makes it hard to separate the good arguments from the bad, when they both start with 'We need to stop terrorists' 500 times.
Communications have indeed changed, and I'll tell you two big reasons why allowing american companies to provide truly secure telephony will not hamper real terrorist investigations at all:
#1: Real terrorists likely use strong encryption, or steganography(And I don't mean microdots in newspapers), to hide their communications, instead of relying on normal channels.
#2: Even if the call is encrypted, both endpoints need to be secure for that to matter at all. More often than not, it is easier to plant a program to 'bug' a computer than it is to perform a proper man-in-the-middle attack on a good cryptographic session.
#3: None of that matters at all when the programs/devices used for VoIP over the internet are not made or sold in america. Nothing is stopping terrorists from buying chinese, russian, or norwegian cryptography products that are not legally bound to allow the NSA/FBI/whoever in.
Ok, so I gave you 3 reasons. I am not convinced that compromising the privacy and freedom of american citizens in this manner will help catch competant terrorists. The ones that are not competant enough to use non-american security systems will likely be setting off enough flags to get caught by other means too. Yes, it's possible they won't. But it's also possible that even if the government could eaves drop on everyone's phone calls, all the time, and flag all terrorist discussion on those phone calls.. that terorrists could still pull off their plans. I am not going to roll-over and give up my freedoms because they MIGHT help catch someone.. especially when the logical argument for me to do so is so weak.
(For the record, I'm leaving the lawfullness of these intercepts as a matter for the courts. I'm only discussing the idealogical/logical argument and likely outcomes.)
Also, for many 'cryptographically secure' systems(SSH, most IM encryption, etc.), they are only secure for the 2nd+ connection. If your first connection is to a man-in-the-middle, they can simply pass on your data.. For known terrorist suspects, this is amazingly easy for the gov to do, if they have equipment installed in most major backbones in the US. Again, this won't hurt smart terrorists, because they will use public/private keys that they share beforehand to verify eachother's identity..
And there are also all those 'perfect forward secrecy' systems that I still don't believe are possible, but many people are pushing. I admit I don't understand the math well enough to even start to understand the claims, so I am not putting my faith in them until they have been around a good while longer.
[ link to this | view in chronology ]