Friday, January 8, 2010

Encryption.. an asset or liability?

When the GSM digital system replaced early analog technology in the cellular phone market, one of the biggest features touted by the new networks was the security that GSM encryption offered.

Old analog calls could be intercepted and monitored by anyone with a scanner or purpose-built receiver and indeed, I recall the odd occasion when something went awry and I could hear parts of other people's conversations on my own Motorola Beige Brick from time to time.

GSM was, they said, virtually unbreakable and offered such a strong level of encryption as part of its basic functionality, that all your private conversations would at last be free from prying ears.

And so it was, until a couple of years ago when a German security expert announced that he'd cracked the GSM code.

Fortunately, the "cracker" didn't go blabbing about exactly how he'd managed this feat and, even if he had done so, there was no really practical way to implement the crack in a way that would provide third-parties with the ability to monitor other people's conversations in realtime.

But now, Karsten Nohl has released code that he says will allow GSM voice calls to be decrypted.

In response, James Moran, the head of security for the London-based GSM Association has told the media that it's a fairly trivial task for network operators to thwart Nohl's code by "tweaking existing features in the technology".

The Association has also said that it will be implementing a new, harder to crack and more resilient form of encryption within the next couple of years.

That may sound re-assuring, but only someone rather naive would believe that their conversations on any mobile or internet phone system are truly private and protected from being overheard by others.

On one flank we have governments that are increasingly granting themselves the right and power to intercept private conversations at will -- in the name of national security.

On the other, we have massive increases in the levels of computing power available to individual computer users. Often, this power comes not in the form of a faster Intel or AMD CPU, but by way of insanely powerful GPUs found in relatively low-cost video cards.

The ability of these cards to manipulate massive arrays of data at lightning speeds lends itself very well to the task of breaking complex encryption schemes.

Those of us who have worked in the computer industry for a long time will know that hard-encryption technology is (or at least was) classified as a kind of "arms" and severe restrictions placed on its sale and dissemination.

The same was true for many different super-computers, the fear being that enemies of the West would turn such power against the countries who made them.

I wonder now, in the current paranoid climate of fear brought about by "The War Against Terror", whether we'll see similar sanctions being reintroduced -- so as to ensure that insurgents can't communicate using virtually uncrackable cyphers powered by the latest and greatest video processing chips.

Could the most useful weapon, in the hands of extremist terorrists be, not a kilo of C4 but a small cluster of PS/3s that is used to create a totally secure communications channel between various operational "cells"?

How long before you need a licence to buy or own the latest ultra-powerful games console or gamer PC I wonder?

No comments:

Post a Comment