Secure messaging for the masses? Part 1
Posted by Seb T in blog on
In this two-part post I discuss text-based instant messaging as a mechanism for people to achieve secure, private communication between one-another. It is my assertion that this is a basic human right and not the exclusive domain of those with a specific need for secrecy, 'something to hide' or criminal intent. One of the most basic freedoms is the ability to communicate without fear of eavesdrop from corporate, business, government or other agencies or individuals.
In part 2, I review specific software tools from this perspective, balancing simplicity, convenience and features in an attempt to find the best tool for secure messaging available today.
In this part I explain, in simple terms, how cryptography is used to secure communication in transit between sender and recipient. I contrast simple password-based encryption with the basics of public-key (or twin-key) cryptography and why it's a good thing, setting the scene for the review in part 2.
(This is layperson's discourse. You might want to skip to Part 2 if you are familiar with the principles of public-key cryptography)
Strong Cryptography, Secure Transmission
Hackers, programmers and the tech-savvy have been quietly in on possibly the world's worst kept secret for decades: effective secure communication of messages using encryption. Thanks to the revelations by Edward Snowden and others, there is a renewed imperative for secure, private communication, accessible to all. For those in the know, it's easy: use GPG, free and open source counterpart of (the once-controversial) tool 'PGP' developed by Phil Zimmerman. GPG and PGP, fully compatible with one-another at the point of use, allow text and other data to be both encrypted and authenticated (digitally signed) before they are transmitted, often over email, using a system known as 'public-key cryptography'. So far as is known, this form of encryption is presently unbreakable using anything other than a brute-force attack. That is, trying every possible key until the right one is found which, when keys are sufficiently large, is a formidable undertaking requiring many years of computing time.
The technology underpinning these tools is clever in design but simple in effect. It's proven: the same system of encryption is used whenever you see a green padlock in your browser; everything communicated between your web-browser and a server providing web-pages is encrypted in both directions. The web-page you see is encrypted by the server, transmitted to you and decrypted by your browser. Any forms you fill or information you submit are encrypted by the browser, transmitted and decrypted by the server. It's important to recognise this doesn't hide the fact that your computer and the remote server are communicating, providing the raison d'être for the Tor project. Also, regardless of the padlock, information held at either end is not necessarily stored securely. The padlock is all about the transmission of data between the two endpoints, including the request itself, the URL and any headers.
How does public-key cryptography work? Let's start by looking at simple, 'conventional' cryptography. Say you want to send a message to a friend securely. You:
- Find some conventional crypto program that gets good reviews and tell your friend. You're both going to use this program to encrypt and decrypt messages to each-other.
- Choose a password and tell it to your friend.
- Run your message through the crypto program, typing in the password.
- Send the crypto-garbage to your friend, who loads it into the same program and types in the same password to decrypt. He then reads your message.
Public-key crypto works differently. Say you're both using PGP/GPG. You:
- Generate a pair of keys which are intimately connected. One is called the 'public' key and the other is the 'private' key. You keep the private key to yourself, safe and secure, and you give the public key to your friend (and any other friends). Your friend does the same, so he gives you his public key.
- Encrypt the message with your friend's public key.
- Send the crypto-garbage to your friend, who decrypts it with his corresponding private key and reads your message.
- If he wants to send you a message, he encrypts with your public key and sends it to you. You then decrypt and read his message with your private key.
It's important to point out that what the public key encrypts can only be decrypted by it's corresponding private key. It's one way, so your public key can be used to encrypt things that only you can read. The same goes for when you use your friends' public keys to encrypt messages: only they can read them.
There are numerous (mostly positive) ramifications to this system of secure communication. Some key points to remember include:
- You never told your friend any passwords ie. there's no 'secret knowledge' that needs to be transmitted from you to your friend for him to be able to read your messages. And the same in reverse. Eavesdropping passwords by various means is a big weakness of conventional crypto.
- Public keys can only encrypt messages, not decrypt them. Only the corresponding private key can decrypt these messages.
- Keys are typically large and contain very random information. Think of a key like a 512 character password, where all the characters are completely random.
- Open-source. Not all public-key systems are open-source, but many (including GPG) are. This might seem like a bad thing but it's really, really good. It means that the software used to encrypt and decrypt messages can be scrutinised by anyone for security flaws and back-doors. We can verify that the program we're using is the same as the code we can see. It keeps things honest because we're not relying upon anyone's word that the system really is secure. Closed source usually means a company or corporate product, and we've all seen how even the largest corporations have been found wanting with respect to people's privacy.
So why isn't this form of encryption used by everyone for communicating, all of the time? The reasons are many but essentially boil down to this:
- You have to give your public key to anyone who might want to send you a message securely. They need to know it belongs to you, otherwise their message could be read by someone else.
- You need the public keys for anyone whom you might want to send secure messages to. You need to know it belongs to them, otherwise your message could be read by someone else.
- Sending a message involves two manual steps, writing it, then encrypting it to send.
- Simplifying the two steps involves using an email program which integrates PGP/GPG, otherwise you'd need to use one program to to encrypt and decrypt messages and another to email them.
- Every device you use would need such an email program, and every device would need a copy of all the public keys for your contacts, in addition to your private key.
- Private keys need to be kept secure by each individual communicating.
For the average Joe, this is hassle, both to understand and in use. Some email programs have PGP/GPG capabilities built in, but most don't. Cloud-based email services like Gmail, Msn etc. don't include such facilities, nor do popular corporate email systems like Outlook and Exchange. To top it all, these days everyone want access to send and receive email on a host of different devices in different locations: several computers, laptops, tablets and phones. Cloud-based storage, which offers the convenience of synchronisation across devices, complicates things: messages are stored on third-party servers, not just your own device(s). Such convenience comes at the expense of security, but by how much?
For secure communication public-key crypto is safe and proven. It's well understood, easy to control for those in the know and widely used by many for specific communication about subjects which might be sensitive or require authentication. However, complicated setup and use for non-technical people - ie. the masses - makes it prohibitive for general communication. Secure communication should be simple, available to all and the technicalities should melt away. It is perhaps for this reason, together with the aforementioned imperative for secure communication as a basic human right, that alternative systems of messaging have exploded recently.
In part 2, I'll review a few of these systems, comparing and contrasting them from a number of perspectives including security, convenience, usability and simplicity. For our purposes, the goal of such systems is to balance security and convenience so that private communication is assured, whilst being appealing, convenient and straightforward enough for mass adoption.
We'll take a look at the following software which touts security as a feature in order to find the king of secure messengers for 2015: WhatsApp, Telegram Messenger, TextSecure/Signal, Viber, Facebook Messenger and Skype. Drop us a message below or tweet us if you think we've missed anything.
Part 2 Coming soon!