Filip Parag

October 30th 2021

Introduction

One of the basic human rights which is increasingly being neglected and forgotten is the right to privacy. When it was introduced by United Nations as a basic human right in the middle of the last century, only a few could have imagined how prevalent mass surveillance and monitoring would become in just half a century. Placing civilians under surveillance was possible only after a reasonable suspicion, in contrast to today’s preemptive and nondiscriminatory data gathering under the guise of increased public safety and prevention of crime.

The right to privacy is not a radical idea only propagated by criminals to evade the law; it is a right to share secrets among friends, a right not to be hunted later in life by previous statements, and a right to a life without self-censorship. When people become aware of being watched and having their actions analyzed, their behavior often changes, and fear of condemnation sets in.

A major part of today’s life revolves around technology, and we ought to be able to resist surveillance and enjoy personal privacy as people did before the dawn of the informational age. Because of that, a brief description of data and conversation encryption tools will be presented hereinafter.

An example of data encryption

To get a better idea what encryption is, we will demonstrate Caesar cipher.

An example of Caesar cipher for the word “encryption” is “hqfubswlrq”, as all letters of the alphabet are shifted three letters to the right. Now the alphabets begins with “DEFGH” instead of “ABCDE”. Before sending the message, we have to agree upon a key (i.e. a secret number) which is 3 in this case. For an observer without the key, the message remains illegible. An obvious issue with this algorithm is the key’s simplicity — it can be guessed in 26 attempts or fewer, as there are that many letters in the alphabet.

Caesar cipher with 3 letter shift to the right

Today we use substantially more complex algorithms, which go far beyond human computing abilities, but still rely on the fact that the time required to guess the key is time-consuming, often surpassing human and computer lifespans.

Encryption’s objectives

The goal of these algorithms is to preserve:

  • data confidentiality: third party cannot read them,
  • data integrity: third party is not able to tamper them,
  • participant authenticity: sender’s and receiver’s identity cannot be spoofed.

Besides these essential guarantees, algorithms have varying properties and are purposed for different use cases.

Symmetric and asymmetric encryption

Symmetric encryption is analogous to storing documents in a safe: multiple people use the same, agreed upon in advance key for both locking and unlocking. Compromising one person, or retrieving their key, is enough for a third party to access all data.

Symmetric encryption

Traditionally, this was the only way to encrypt data, but thanks to recent advances in cryptography, today we also have asymmetric encryption.

When using asymmetric encryption, every participant has a personal public and private key. The sender encrypts the outgoing data with the recipient’s public key, after which the recipient decrypts the incoming data with their private key. Public keys can be thought of as open padlocks which can be used by anyone to lock a briefcase containing papers, so only the person with the (private) key can access them. In this approach, an agreement for a shared secret number (i.e. key) is not required, and participants don’t have to trust each other. In the case any participant is compromised, a third party can only access data that the affected party’s private key decrypts. Data encrypted with keys of other participants remain illegible.

Asymmetric encryption

Data signing

Padlock and briefcase analogy doesn’t fully depict asymmetric encryption, because it only demonstrates one possible direction. Every message encrypted with one’s public key can be decrypted with the private key, and a message encrypted with a private key can be decrypted using the public one. If data is encrypted using a private key, anyone can validate its composer’s authenticity.

To achieve easier verification, cryptographic singing was introduced. It uses hash functions to create a fixed size fingerprint — checksum, from an arbitrarily long data sequence. An easy hashing example is the ratio of odd and even digits in a message: if there are more even digits the fingerprint is 1, and on the contrary, if there are the same or more odd digits the fingerprint is 0. The fingerprint for number “12345” is 0, and for “12346” is 1. The calculated hash is then signed with the sender’s private key, so anyone with their public key can verify the message’s authenticity.

As was the case with encryption algorithms, today’s computers use considerably more complex fingerprints which are practically impossible to be faked. Widely-used Secure Hash Algorithm 256 (SHA-256) has as many possible values as there are atoms in the observable universe.

Key exchange

A problem present with both types of encryption is the key exchange: for symmetric encryption, participants have to use a secure channel to agree upon a key before sharing data, and for asymmetric encryption, a third party can present their key under a phony name and intercept all messages intended for that participant.

The most dependable secure channel for key exchange is physical contact, but it is not always convenient or possible — e.g. participants are located on opposite sides of the world and have never met. That is why there are multiple accepted approaches for a reliable key exchange.

Centralized key exchange

One of the most prevalent systems for public key exchange is a centralized system for internet traffic encryption — Transport Layer Security (TLS). In a system like this one, participants only have to trust one issuing body (Certificate Authority), which vouches for the identities of all participants and permits other trusted bodies to perform the same function.

When a participant wants to publish their public key, it is sufficient to prove their identity to one of those bodies and receive a chain of trust which contains signatures of all bodies which vouch for their identity.

Chain of trust for ISOC.org TLS cetrificate

A Certificate Authority can be a ministry, a company maintaining the internet’s infrastructure, domain registrar, manufacturer of operating systems and web browsers… In the event their key is compromised, all chains of trust containing their signature become untrusted.

Decentralized key exchange

On the other hand, there is a decentralized web of trust, which is most commonly used for Pretty Good Privacy (PGP) encryption protocol. Here participants mutually vouch for their identities, and an individual can choose certain participants to trust and accept their guarantees about other users’ identities.

Web of trust

An advantage of this system is its democratization, so in the event an individual gets compromised, the trust in the whole system is not lost like it is the case with issuing bodies. A downside is that everyone has to pick trusted participants and there might not be a full chain of trust between participants in different social circles.

A break in the web of trust

Key revocation

In a centralized system, the exposed key is invalidated when an issuing body vouching for it adds it to the list of revoked keys. Other participants get notified that the key has been invalidated upon a next key-related query.

In a decentralized system, the key owner has to submit a key revocation request to all of the places where the affected key is published. Other participants don’t get notified about the request right away, rather, only after they download the key again from those places again. If the key owner loses access to the private key, a revocation request cannot be generated and the key never gets revoked.

In the event an uninformed participant encrypts a message using a compromised key, the attacker can read it and respond to it without raising any suspicion. Because of that, it is desirable to frequently refresh downloaded keys for both systems.

Forward secrecy

Up to this point, we discussed encryption systems in which an attacker, after compromising a participant or decrypting a message, has access to all connected private data. Keys used to encrypt them become useless because the attacker can access any future data in addition to the existing ones. Newer encryption protocols have built-in protection of previous and future data, so a third party would only be able to inspect the most recent messages. Encryption keys are ephemeral and change on every data exchange, so master keys, from which ephemeral keys are derived, and the trust into the interlocutor’s identity remain protected.

Deniable authentication and encryption

Sometimes the ability to prove the sender’s identity is not desirable. For instance, when whistleblowing to journalists, both sides have to be assured that they are talking to the right person, but shouldn’t be able to prove it. In those cases, regular asymmetric encryption is not appropriate and mutually derived ephemeral keys are used, so after exchanging messages either side could have fabricated the conversation.

Another way to protect sensitive data is deniable encryption. When encrypting data two keys are used: a secret one and a sacrificial one. If a third party coerces the key holder to reveal the data, using the sacrificial key will display planted bogus data, while the secret key would display the real data. This way, revealing sensitive data is avoided and their existence is unprovable.

Metadata

With the rising usage of encryption, intelligence services now primarily rely on metadata. Metadata are informations describing encrypted data’s shape and trajectory through the network, without knowing their content. For example, if Alice exchanges encrypted messages with Bob every day, and Bob frequently sends messages of the same size to Carl afterward, we can suppose that he is forwarding Alice’s messages. Metadata analysis is widely applied to telecommunication and internet networks, which is used by governments to suppress organized crime or persecute political opponents, and by private companies to adapt content and advertisements shown to their users.

Encrypted chat metadata analysis

With that in mind, besides data encryption, digital privacy requires us to keep track of our metadata trail and try to minimize it. Some ways for enhancing anonymity are: using temporary email addresses, turning cellular networks off when unused, accessing the Internet through services for evading network surveillance (eg. Tor), and paying with cash. Anonymity protection is a complex topic and it goes beyond the scope of this article, so it will be discussed further some other time.

Conclusion

Encryption is simple and widespread enough so anyone can utilize it today. Encrypting personal data and conversations should be a part of everyone’s digital life, and sharing content with third parties should be a matter of personal choice. If we don’t take care of our privacy, governments will introduce laws that further erode our right to it, and companies will keep using aggregated personal data to influence public opinion and our habits.

References

  1. http://www.facweb.iitkgp.ac.in/~sourav/PGP.pdf
  2. https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.1800-16.pdf
  3. https://blog.mailfence.com/openpgp-vs-smime-vs-secure-message-escrow/
  4. https://signal.org/docs/specifications/doubleratchet/
  5. https://signal.org/blog/simplifying-otr-deniability/
  6. https://www.blackhat.com/docs/eu-16/materials/eu-16-Venable-Breaking-Big-Data-Evading-Analysis-Of-The-Metadata-Of-Your-Life.pdf
  7. https://www.unodc.org/pdf/terrorism/Foreign_Terrorist_Fighters_Handbook/EN_Foreign_Terrorist_Fighters_Ebook.pdf
  8. https://www.ohchr.org/Documents/Issues/Opinion/Communications/EFF.pdf
  9. https://www.hrw.org/news/2015/06/17/un-online-anonymity-encryption-protect-rights