On Thu, Nov 07, 2013 at 07:23:44PM +0100, Florian Weimer wrote:
* Eugen Leitl quotes:
The traffic shown in the slides below is now all encrypted and the work the NSA/GCHQ staff did on understanding it, ruined.
Encryption is not a solution to the problem. The attack on Google shows that NSA/GCHQ that companies in Western countries and their employees are legitimate targets for covert operations by their intelligence services (same for the BND attacks on 1&1 and other German ISPs, we don't have to single out the Obama administration or the British here). Once that is established, those intelligence services can use all the tools in their portfolio. This includes turning employees against their colleagues and their employer, and things far worse. Suddenly, passive eavesdropping might not have been so bad after all.
If you are their target, you lose. The solution is to make it illegal that they target you, reign in executive privilege (again, a global issue) and restore the rule of law. Obviously, that's a bit more difficult to turn on some crypto.
Also large scale encryption deployments mostly use hardware acclerated crypto offloading which (I think for historical reasons) are not as easy to audit and recompile as open-source code (at least currently). I guess some companies can work around that and do their own ASIC designs but most companies don't have the resources to do that. I wonder how Google deals with the encryption of their links between datacenters. Either this could be done on a per node basis, i.e. opportunistic encryption, or centralize encryption to their border routers. My guess is that per-flow ipsec state resolving is too costly, processing and memory wise, because either packets get dropped or get buffered (leading to a waste of memory in case of a high peer count) before keys could be resolved leading to degeneration in performance or having impacts to the programs error handling, thus not being transparent. Maybe this can be dealt with in some time but is certainly no drop-in replacement. This makes me believe that centralizing approaches are mostly in use today which use unverifiable crypto implementations in hardware and it depends on how far we trust these implementations to protect us from goverment spying activities. IMHO target dispersal is something one should strive for especially when encryption is in use, but this is difficult and I don't think it is possible to realize this currently in the scale it would be needed. Thus large-scale interception programs must become illegal, otherwise it is just a matter of how much the intelligence services can throw at it to technically break down such easier to implement centralized encryption approaches. Certainly there are other subsystems on such a router to exploit on those routers to make the encryption meaningless. Greetings, Hannes