Encryption is vulnerable to a bevy of issues or single points of failure (SPoF) that can wreak havoc on an enterprise when left unaddressed. In this new blog series, cybersecurity experts at Quantum Xchange will examine popular SPoF and how our groundbreaking key delivery system, Phio TX, helps overcome these present-day weaknesses to provide stronger data security today and quantum-safe protection from future threats.
Gene Savchuk, Chief Product Officer at Quantum Xchange and inventor of Phio TX, kicks off our SPoF blog series with an explanation of how out-of-band key delivery via Phio TX overcomes the inherent vulnerabilities of today’s most popular key exchange/derivation methods.
With traditional end-to-end encryption, when Alice and Bob want to encrypt traffic between them and prevent Eve from seeing or modifying the content of their conversation, they must know each other’s keys for encrypting/decrypting traffic and for validating message integrity.
Sharing or exchanging the keys has always been the trickiest part of a cryptographic implementation. The most common approach used today is to have keys exchanged/derived right in the data link between Alice/Bob in plain sight of Eve. The most well-known example of this is the Diffie-Hellman exchange to establish a common session key that both sides will use to encrypt and decrypt. While this event is visible to Eve, if properly configured it is impractical to quickly crack using state-of-the-art techniques, which generally rely on brute forcing the session key.
This approach works on consumer links because the value of the data exchanged is typically not worth the time and effort to crack it. But for critical data that must stay confidential for extended periods, this approach is an invitation for attack: cipher suites can be outdated, entropy sources and keys can be weak, advances in computing and mathematics may occur. With in-band key derivation, Eve can see the handshake that is performed to hide the data, and use that information to start the brute-forcing process. Eve also understands when the connection key was established, and when it is changed out. All this side-channel information can be very useful in the brute-forcing process, and may be well worth it for data of high value.
A fundamental design principle of a properly encrypted channel is that it doesn’t give Eve any clue on what is being transmitted. The channel should look like a stream of randomness to any outsider with no discernable information. Inline key exchange/derivation violates this principle because it is a defined event where Alice, Bob, AND Eve are in the know and the whole world can say “hey, they are deriving keys now.”
Matters are further complicated for Alice and Bob since often the nature of the communication is not fully hidden. Communication endpoints can give away details on the plaintext that is being encrypted. Insight on the structure of the content plus the key derivation process can significantly aid in reducing the time it takes to brute-force the key. All of this can be observed through tapping one single connection.
When we add the Phio TX hive to the picture, and Alice/Bob stop using inline key exchange/derivation, we achieve the following:
When Eve looks at the data link between Alice and Bob, it appears as random data (if and when it is encrypted, obviously). There are no discernible hints on when Alice/Bob have requested the keys, how the keys are being used, or when/if the connection is being rekeyed. An important aspect on brute-forcing a key is that the same key is used for a number of data blocks, so that the suspected key can be validated against a slew of blocks increasing the confidence that the brute-forced key candidate is the correct one. When a connection is rekeyed inline, Eve can clearly see when a new key starts being used, and knows which blocks were encrypted with the exact same key. Out-of-band key exchange significantly complicates this approach, removing that angle of attack or SPoF.
In order to obtain a complete picture, Eve now needs to start looking at the Phio TX hive, which magnifies the problem. The Phio TX hive, or mesh network of key generation/key exchange VMs/appliances talk among themselves, continuously rotate keys, it can even send keys through periodically. Due to these added complexities, the path the key takes is difficult to predict. There’s no clear indication that a key transmission is in play or whom the keys are for (Alice & Bob or Candy & Doug). Instead, the activity appears as “white noise.” An attacker must: a.) know a key transmission is taking place and b.) correlate and crack a secondary, out-of-band, quantum-secure channel before figuring out how to crack the primary Alice->Bob conversation.
In our next blog post, we look at the SPoF of single and/or weak entropy sources and how to mitigate the risk presented with Phio TX.
