Saturday, October 19, 2013

Security of iMessage

In view of recent revelations on the tactics used by the NSA to undermine basic Internet infrastructure, the security of on-line messaging systems such as Apple's iMessage has come to the fore. As explained by cryptographer researcher Martin Green on his blog, such an application inevitably involves some kind of trade-off between usability and security. (As indeed do airports, e-mail, ...) The dangers are in a sense social rather than technical: as users, do we have sufficient information to assess the trade-offs being made, understand where their weaknesses or loopholes lie and remain aware of their consequences?

The iMessage system employs what is sometimes termed end-to-end encryption. In other words, asymmetric encryption by each participant in the conversation, and each participant knows how to encrypt data so that the other participant-- and only them-- knows how to decrypt the message once it reaches the other end. Some key weak points in such a system are then:

  • Is the encryption system secure in itself if perfectly implemented? We can usually assume this is the case. Where agencies such as the NSA have advocated a particular scheme, an assumption we have to make is that the NA etc haven't deliberately advocated use of a scheme that they secretly know how to break. This was more plausible a few decades ago when there were fewer independent security researchers. Nowadays, every mainstream encryption scheme used has been scrutinised to some degree or other by the cryptography community.
  • Is the encryption system actually properly implemented? There are a couple of sources of danger here: (a) mistakes made by programmers (implementing cryptography correctly is actually quite difficult), and (b) insecurities (e.g. weak key generation) deliberately introduced by a body such as the NSA enforcing or encouraging a particular implementation. In the case of a company with the programming resources of Apple, we can probably trust that (a) isn't a problem for the iMessage system itself, though Apple appear to have introduced a loophole in the form of backed up iMessages in iCloud. We now know that (b) is a problem with various other large companies such as Skype and major antivirus companies. As far as I'm aware, it's not yet clear whether Apple has also succumbed to this type of coercion.
  • How easily can the system be compromised on the local machine by a third party (or indeed the NSA etc) via a virus, etc? In the case of iMessage on a non-jailbroken device, since iOS is a relatively "locked down" system, we assume that the situation is better than average.
  • How easily can the key distribution system be compromised remotely? This basically boils down to: what opportunities are there for a "man in the middle" to persuade one of the participants in the conversation to encrypt messages using the public key of somebody other than the intended recipient? On this point, it has recently been reported that an Apple insider could do so, but I am not yet aware of any published report that this would be feasible for a third party outside Apple.

The latter weakness then becomes a social issue. For example: (a) do we trust Apple to have measures in place so that it is not feasible for a rogue employee to compromise the system? (b) if the NSA were to compel Apple to deliberately break their key distribution system in order to eavesdrop on messages, would they openly go through due legal process in order to do so?

No comments: