According to Steven Murdoch, who works in the Information Security Research Group of University College London, the MIKEY-SAKKE VoIP (Voice over IP) encryption protocol promoted by GCHQ, UK’s spy agency, has a weakness (or backdoor) that allows all conversations to be intercepted without the targets knowing about it.
The protocol is being mandated for government use, which means that all of the UK government’s employees could be subject to surveillance by GCHQ. It’s also being promoted by the agency for outside use by companies who want to make devices that interoperate with government devices and by those who want “government-grade” encryption.
The MIKEY-SAKKE (Multimedia Internet KEYing-Sakai-KasaharaKey Encryption) protocol allows a service provider to keep a master key on its servers that can decrypt all conversations:
"The existence of a master private key that can decrypt all calls past and present without detection, on a computer permanently available, creates a huge security risk, and an irresistible target for attackers," Murdoch said.
The UK government has been calling for encryption backdoors or encryption that can be decrypted upon request by a service provider, and essentially a ban on strong end-to-end encryption that only the people involved in the conversation can decrypt.
Murdoch said that the UK government won’t certify voice encryption technology if it doesn’t use GCHQ’s protocol:
"As a result, MIKEY-SAKKE has a monopoly over the vast majority of classified U.K. government voice communication, and so companies developing secure voice communication systems must implement it in order to gain access to this market," he wrote.
What that means is that if UK government employees want to use more secure devices such as the Blackphone and its Silent Phone encrypted communication tool, they can’t do so unless the Blackphone comes with the backdoored MIKEY-SAKKE implemented by default.
The idea is not unlike the NSA’s efforts to force companies to use the Clipper chip in the 1990s, which also used key escrow that the NSA could use to decrypt all communications.
Perhaps the strangest thing about this is that GCHQ wants to be able to intercept all government communications. Last year, members of the UK Parliament found out that GCHQ could, in fact, spy on them, too, and they were outraged about it. The Parliament will likely try to exempt itself out of GCHQ’s spying in a future bill, which would then make GCHQ’s proposed protocol for government communications even stranger and at odds with the Parliament’s wishes.
Finally, demanding that a key escrow or backdoor exists also means that the communications of UK government employees everywhere could be intercepted by rival nation states, if they manage to steal those master keys. The UK agency is therefore putting many government employees at risk with its insecure technology, which it’s mandating for all voice encryption devices.
“Although the words are never used in the specification, MIKEY-SAKKE supports key escrow. That is, if the network provider is served with a warrant or is hacked into it is possible to recover responder private keys and so decrypt past calls without the legitimate communication partners being able to detect this happening,” he added.
Such attacks have already been proven possible, by none other than GCHQ itself. Snowden’s documents have unveiled that GCHQ was behind the major hacks on both Belgacom, a telecom provider from Belgium, and Gelmato, a SIM card maker that also stores encryption keys for GSM voice encryption.
Murdoch fears that this protocol could eventually reach a wider scale, despite its major weakness, due to the UK’s aggressive promotion of the protocol:
“MIKEY-SAKKE is designed to offer minimal security while allowing undetectable mass surveillance though key-escrow, not to provide effective security,” he said.
SMurdoch also said that if the UK government wants secure voice encryption, it could use open protocols such as ZRTP, which is already used by Silent Phone and Signal (an app Murdoch also recommends for strong voice encryption). The ZRTP protocol, invented by Phil Zimmermann, who also invented PGP, provides strong end-to-end encryption as well as forward security, which makes it much harder to decrypt past conversations, unless the attacker has the encryption key for every single one of them.
Lucian Armasu is a Contributing Writer for Tom's Hardware. You can follow him at @lucian_armasu.