matthew_d_green

@matthew_d_green@ioc.exchange

I teach cryptography at Johns Hopkins. https://blog.cryptographyengineering.com (#matthew_d_green on the other site.)

This profile is from a federated server and may be incomplete. Browse more on the original instance.

matthew_d_green, to random

This thing Facebook did — running an MITM on Snapchat and other competitors’ TLS connections via their Onavo VPN — is so deeply messed up and evil that it completely changes my perspective on what that company is willing to do to its users.

matthew_d_green, to random

You can’t design anti-cheating mechanisms into a consensus protocol with an update cadence measured in years, when your cheaters have update cadences measured in hours.

matthew_d_green, to random

Sometimes I feel bad for Gen-Z kids, having to bear the weight of fifty years of mass-produced culture competing with their own ideas, and also not having the same limited/compromised instruments and tools and the “doing it for the very first time” excitement that made some of that stuff so interesting.

matthew_d_green, to random

The weirdest thing about 2024 is the rapid rollout of unconstitutional age verification laws for websites, and how little the “free speech” tech crowd seems to care about this.

matthew_d_green, to random

The HN folks have discovered Devin, the AI software engineer. And suddenly they’re all Marxists.

image/jpeg

matthew_d_green, to random

A thing I worry about in the (academic) privacy field is that our work isn’t really improving privacy globally. If anything it would be more accurate to say we’re finding ways to encourage the collection and synthesis of more data, by applying a thin veneer of local “privacy.”

matthew_d_green, to random

I just want to add one thing I should have said more clearly in the previous thread.

Apple’s recent crypto upgrades all target threats that are (implicitly) only likely to come from nation-state adversaries. This is significant; politically.

matthew_d_green, to random

So Apple has gone and updated the iMessage protocol to incorporate both forward security (very good!) and post-quantum cryptography. https://security.apple.com/blog/imessage-pq3/

matthew_d_green,

The original iMessage protocol was launched in 2011 and was really amazing for the time, since it instantly provided e2e messaging to huge numbers of people. But cryptographically, it wasn’t very good. My students broke it in 2015: https://www.washingtonpost.com/world/national-security/johns-hopkins-researchers-discovered-encryption-flaw-in-apples-imessage/2016/03/20/a323f9a0-eca7-11e5-a6f3-21ccdbc5f74e_story.html

matthew_d_green,

In 2019 Apple quietly upgraded the protocol to get rid of some obsolete cryptography, but it still wasn’t as advanced as the Signal Protocol used by WhatsApp and Signal.

A big part of the reason: iMessage lacked post-compromise security.

matthew_d_green,

In the Signal protocol, your communication keys are constantly updated and “ratcheted” forwards. This means that a compromised phone/backup won’t be useful for long. You’ll replace the stolen keys within a few minutes. In iMessage this wasn’t true: public keys were long-lived.

matthew_d_green,

The new update adds periodic rekeying using elliptic curve cryptography, to ensure that compromised keys quickly become useless, both in the future and for decrypting past messages. This closes an important threat vector.

Along with key transparency, this makes iMessage a state-of-the-art cryptographic protocol

matthew_d_green,

Key transparency, as an aside, is now also being rolled out by Apple: https://security.apple.com/blog/imessage-contact-key-verification/

matthew_d_green,

Even with those improvements, the remaining problem is that elliptic curve crypto is not secure against future quantum computing advances. This doesn’t matter today, but if such computers are built in the future, they could be used to decrypt past conversations.

matthew_d_green,

So Apple has made two changes in this update. In addition to frequent elliptic curve rekeying, they also use a second “post quantum secure” algorithm: Kyber. This algorithm rekeys as well, but a little less frequently. (This is because Kyber cophertexts are much bigger and “eat” more space on the wire.)

matthew_d_green,

An important note here is that the two main encryption algorithms are arranged into a “combiner”: this means that as long as one algorithm remains secure, nobody should be able to break the encryption. This means Apple gets the safety of elliptic curves today, plus PQC in the future (maybe.)

matthew_d_green,

Ok, so what? You might point out that this is overkill. Quantum computers are years away, and key compromise is rare. So why should I care about this?

(I confess this was also my initial reaction.)

matthew_d_green,

The answer is you probably don’t need to care. It is overkill. But sometimes overkill sends a useful message, one that should be heard by people who aren’t technical at all. Specifically:

For several years (until very recently), Apple’s crypto dev was stagnant. iCloud wasn’t end-to-end encrypted. iMessage was encrypted, but wasn’t being improved.

I think a lot of this was due to Apple being nervous about political backlash from governments around the world.

matthew_d_green,

And oh boy, was there a lot of backlash. In the US, UK and EU, laws were proposed mandating that companies either decrypt end-to-end encrypted messages on demand (somehow), or else scan them for “illegal material”. For varying definitions of that term! https://www.reuters.com/world/europe/uk-bill-seeks-remove-videos-migrant-crossings-2023-01-17/

matthew_d_green,

In 2021 Apple appeared to knuckle to this pressure. They announced a plan to scan photos sent to iCloud on the user’s device, which was exactly the content scanning governments were seeking. They backed off this plan after a huge consumer backlash. https://www.wired.com/story/apple-photo-scanning-csam-communication-safety-messages/

matthew_d_green,

What’s changed since that event is that Apple seems to have taken the leash off of their security team. Since 2022 Apple has:

  • Released end-to-end encrypted backup for iCloud
  • Added key transparency for iMessage
  • Now seriously upgraded iMessage
matthew_d_green,

In the latter two cases (key transparency, iMessage), the upgrades are more important to security experts than to average users. But they still represent a huge investment and forward motion that will drive the industry forward even faster to using strong encryption everywhere.

matthew_d_green,

In the latter two cases (key transparency, iMessage), the upgrades are more important to security experts than to average users. But they still represent a huge investment and forward motion that will drive the industry forward even faster to using strong encryption everywhere.

matthew_d_green,

And this is important because, for better or for worse, Apple often “sets the standard” for the rest of the industry.

(I should point out that on encryption issues, they’ve faced strong competition from WhatsApp and Meta, who are also doing amazing things.)

matthew_d_green,

Anyway: that’s why I think the import of today’s news is bigger than just “Apple adopted some post quantum algorithms.” As exciting as that is for us cryptographers. //fin

matthew_d_green,

@feld No I’m doing it by hand. And aesthetically I dislike long posts so I just do it this way.

  • All
  • Subscribed
  • Moderated
  • Favorites
  • JUstTest
  • mdbf
  • ngwrru68w68
  • tester
  • magazineikmin
  • thenastyranch
  • rosin
  • khanakhh
  • InstantRegret
  • Youngstown
  • slotface
  • Durango
  • kavyap
  • DreamBathrooms
  • megavids
  • tacticalgear
  • osvaldo12
  • normalnudes
  • cubers
  • cisconetworking
  • everett
  • GTA5RPClips
  • ethstaker
  • Leos
  • provamag3
  • anitta
  • modclub
  • lostlight
  • All magazines
    •