You are here
Data Protection: Encryption is not Enough
The general public, now aware of the different aspects of IT security, knows that personal data needs to be protected. This can be done through encryption, which is now part of our daily lives, even if we are not conscious of it. For example, encryption helps to ensure the confidentiality of our emails, and lock the data stored on our hard drives to prevent recovery in the event of loss or theft. It also protects our credit card numbers when making a purchase on the Internet, or our anonymity when voting online. But are we really protected?
Necessary encryption...
Unfortunately, given that these measures are not always implemented, we supply vast amounts of data to a wide range of organizations every day. For instance, the use of contactless payment cards is not without risk. Even though—following a request by the CNIL1, France's data privacy watchdog—it should no longer be possible to see the history of our transactions, in practice many cards still in circulation provide too much information. For that matter, this problem is not limited to the banking sector. In 2004 Belgium introduced an insufficiently secured electronic passport. As a result, the personal data of Belgian citizens was transiting unencrypted—in other words unprotected. When e-passports were introduced in France in 2006, a protection mechanism was put in place to enable the encryption of exchanged data.
...that you can bypass
The use of encryption is important, however the security it provides can be reduced to nothing if the encrypted data is not transported in the right conditions.
And it must be borne in mind that a genuine data protection protocol consists of multiple successive layers, whose encryption is only the basic element. The mechanism used to protect the data in French electronic passports thus proved vulnerable: a flaw was discovered that made it possible to trace a passport holder by taking advantage of the error messages sent by the system. Whenever an incident occurred during authentication, an error message was sent by the passport. This small information leak was all it took to identify and trace the holder during the course of their travels.
Although the robustness of the encryption was not questioned, this protocol nevertheless presented an important security flaw.
Voting booth under threat
As demonstrated by the US presidential election, electronic voting is still a subject of debate today. Although it aims to model itself on paper voting, the lack of transparency of existing solutions is the primary criticism put forward by e-voting opponents. What is an election worth if voters have no guarantee that it correctly reflects their votes? There are solutions, and it is clearly possible to improve on what current devices offer. Nevertheless, when the basic cryptographic building blocks are in place, their assembly is once again a challenging task. The Helios voting system provides a good example. Carefully developed by academics, it provides many more guarantees than most methods in use today. Yet a security analysis revealed that this protocol was subject to strange behavior, which under certain circumstances made it possible to break a participant's anonymity. So what flaw did the developers of Helios fail to detect?
Take the context of a professional election. The Helios protocol protects the votes of all participants through encryption, which prevents a third-party from accessing the encrypted ballot and discovering its content. Yet it is possible to copy an encrypted ballot without knowing its content, and cast it in the ballot box. In situations where few votes are cast, one can guess a colleague's vote simply by reviewing the results of the election. This flaw, which has since been corrected, threatened the confidentiality of the vote, a cornerstone of democratic elections.
Protocol verification tools
Not all of these attacks call into question current encryption mechanisms. They can also result from a poor assembly of the protection protocol's building blocks. But how can they be avoided? Although it is difficult to prove that a protocol is flawless, many researchers have developed automatic verification tools that can provide security guarantees.
At present, these systems analyze relatively small protocols involving conventional cryptographic blocks, by concentrating on security properties such as confidentiality and authentication. However, these tools are insufficient, as new types of security properties emerge with respect to the protection of privacy—all the more so as it is not uncommon for an application to consist of a number of protocols whose security must be proved jointly. To complicate things further, the cryptographic primitives used are increasingly exotic.
These are the many challenges that must be met when designing a new protocol. Solutions exist for improving data protection: in particular, best practices can be implemented to prevent a large number of attacks. One example is ensuring that each message is not only protected in terms of confidentiality and integrity, but that it also contains the information needed to identify its origin, destination, and the protocol behind its transmission. No matter their importance in ensuring the security of our daily applications, best practices unfortunately are not always followed. And this is not without risk.
The analysis, views and opinions expressed in this section are those of the authors and do not necessarily reflect the position or policies of the CNRS.
- 1. Commission Nationale de l'Informatique et des Libertés.
Other opinions
Stéphanie Delaune is a CNRS researcher, member of the embedded security and cryptography team (Emsec) at the Irisa...