British voice encryption protocol has massive weakness, researcher says

The UK government is requiring suppliers to implement the protocol

150902 encrypt android
Credit: Martyn Williams

A protocol designed and promoted by the British government for encrypting voice calls has a by-design weakness built into it that could allow for mass surveillance, according to a University College London researcher.

Steven Murdoch, who works in the university's Information Security Research Group, analyzed a protocol developed by CESG, which is part of the spy agency GCHQ.

The MIKEY-SAKKE (Multimedia Internet KEYing-Sakai-KasaharaKey Encryption) protocol calls for a master decryption key to be held by a service provider, he wrote in an analysis published Tuesday.

"The existence of a master private key that can decrypt all calls past and present without detection, on a computer permanently available, creates a huge security risk, and an irresistible target for attackers," Murdoch wrote.

Cryptography engineers seeking to build secure systems avoid this approach, known as key escrow, as it makes whatever entity holding the key a target for attack. It also makes the data of users more vulnerable to legal action, such as secret court orders.

The approach taken by the British government is not surprising given that it has frequently expressed its concerns over how encryption could inhibit law enforcement and impact terrorism-related investigations.

The technology industry and governments have been embroiled in a fierce ongoing debate over encryption, with tech giants saying building intentionally weak cryptography systems could provide attack vectors for nation-state adversaries and hackers.

Murdoch wrote CESG is well aware of the implications of its design. Interestingly, the phrase "key escrow" is never used in the protocol's specification.

"This is presented as a feature rather than bug, with the motivating case in the GCHQ documentation being to allow companies to listen to their employees calls when investigating misconduct, such as in the financial industry," he wrote. 

The endorsement of the protocol has wide-ranging implications for technology vendors. Murdoch wrote that the British government will only certify voice encryption products that use it. The government's recommendations also influence purchasing decisions throughout the industry.

"As a result, MIKEY-SAKKE has a monopoly over the vast majority of classified U.K. government voice communication, and so companies developing secure voice communication systems must implement it in order to gain access to this market," he wrote.

GCHA has already begun certifying products under its Commercial Product Assurance (CPA) security evaluation program. Approved products must use MIKEY-SAKKE and also Secure Chorus, an open-source code library that ensure interoperability between different devices.

Cybersecurity market research: Top 15 statistics for 2017