Recent developments in the political arena have reignited the debate over intentionally placing backdoors into encryption technologies. Most experts in the security community are opposed to this for various reasons. However, some have suggested such backdoors really aren’t a big deal for businesses. On the contrary, there are significant tangible risks to the security provided by encryption if backdoors are introduced. These risks extend beyond questions of whether law enforcement could protect their secret access methods and not abuse them.
How Encryption Works
Let’s begin by using a simple metaphor to help explain encryption technology. In current asymmetric encryption algorithms, public and private key pairs function much like the lock on a door. The public key acts like the thumb turn piece you turn to lock the door while the private key is like the key you use to unlock the door. The public key is easily accessible, so anyone can lock (encrypt) the door, but only someone with the private key can unlock (decrypt) it. In asymmetric encryption, only one private key can unlock a door locked using the public key.
Part of the strength in the design of public/private key encryption is that private keys are only provided to the key owner and, as such, are stored in a distributed fashion. Because of this, it is extremely difficult to compromise a large set of private keys. Even in the case where an organization stores private keys in a repository, a compromise of that repository only affects that company, and switching to a new key pair is like changing the locks. It restores security once they’re changed out.
The result is that attackers typically focus on attacking the algorithm itself because there’s more reward at a wide scale than trying to steal individual keys. We see this occur as attackers and researchers find weaknesses in encryption architectures. Exploits such as side-chain attacks, padding oracle attacks, etc. are focused on weaknesses in the algorithm itself. However, because of the strong design of asymmetric encryption, these attacks are time- and resource intensive.
Additionally, they must be repeated for each key pair the attacker wishes to crack. In the door lock metaphor, this is like trying to pick a lock. It takes some time and a degree of expertise to pick a lock, and each new lock an attacker targets would have to be picked. The result is that, again, the impact is mitigated to a large degree.
Why Backdoors Are a Problem
The problem with creating a backdoor is that it destroys those pillars of encryption fundamentals that make it strong. Either master keys would be needed that can decrypt data encrypted with a vast number of public keys (like a master key for door locks that unlocks many doors), or all private keys need to be stored in a large repository that law enforcement could access when needed (much like a secure cabinet of keys for all the doors in a building).
This changes the attack vector for cybercriminals. Rather than attacking weaknesses in the algorithm, they could attack the backdoor itself. For instance, if they can discover the master key, they now can open a massive number of doors. The negative impact to the public would be tremendous. In the case of a repository, a breach of one repository would have a similar wide-scale impact.
The ease of exploit in turn changes as well. Since the attackers are now able to steal a master key or repository of keys, they no longer need to individually exploit (pick) each lock. Instead, breaching the lock is as simple as walking up, inserting and turning the key. This means that a compromise of the encryption backdoor would instantly make all doors insecure without any form of mitigation.
Keeping Encryption Secure
Therefore, it is crucial to defend our encryption technology. It’s not about whether we trust law enforcement to protect the backdoor and not abuse it (although there are legitimate concerns there too). Instead, it comes down to the simple fact that just by designing a backdoor this way, the encryption technologies would become inherently less secure. The risk of wide-scale failure of encryption and, therefore, exposure of private and sensitive data would be exponentially increased. There is much to be discussed here from a policy perspective, but from a security and public safety perspective, backdoors are a bad idea.