NSA PROOF encryption

Hello experts!


Todays Question comes with a heavy weight on security. Given the new revalations that NSA spies on ALL internet traffic, heightened security is a priority.


What methods to encrypt internet messages and files between websites and clients will result in NSA proof security



Thanks for playing
LVL 15
Ess KayEntrapenuerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

jmcmillan227Commented:
Sorry but I honestly believe the answer is none.
0
Darr247Commented:
128-bit and 256-bit AES has not been cracked or back-doored that I'm aware of. Even with multi-million-CPU 'bot-nets crunching the possibilities, the brute force time for 256-bit AES is millennia.

Note that Microsoft does not enable AES over secure sockets layer (SSL, aka https), by default... all versions of IE use RC4 (which was cracked years ago) 'out of the box' - you can check what your browser uses at
https://www.fortify.net/sslcheck.html

With AES enabled, IE9 and IE10 look like this on that page:IE9 with 256-bit AES enabled (click for larger)IE10 with 256-bit AES enabled (click for larger)This KB article - http://support.microsoft.com/kb/811833 - explains how to enable AES encryption over SSL connections in windows... note that it must be enabled at the site you're connected to, also.  e.g. when you logon sprint.com and other cell provider's websites, you cannot get an AES connection and will be unable to logon if you setup IE to disallow RC4 connections, because they cooperate with the NSA and refuse to make their sites AES capable; most banking and credit card sites do have AES enabled, though.  http://support.microsoft.com/kb/811834 is a troubleshooting article explaining what you can check on the client end in the event you're unable to make a secure connection, and the security drawbacks of different versions of IIS on the server side.

AES is not enabled by default in Firefox, either... and it's not well-documented how to do so (it's a setting in the about:config page somewhere). I never got an answer when I enquired on the Chrome support site about making Google's browser use AES.

You can also use Pretty Good Privacy (PGP) to encrypt your email.  
http://cryptography.org/getpgp.htm
While Zimmerman finally sold the technology to Symantec (almost-certainly they have built a back-door for the NSA into their versions), there are still plenty of free implementations available.
0
Dave HoweSoftware and Hardware EngineerCommented:
The answer is complex, and probably a moving target - after all, if there is a consensus on how to avoid NSA surveillance, attention will be paid on combating that.

Most website (https) security depends on certification authorities, and consists of a private key (stored on the webserver) and a public certificate issued by the CA.

The public key identifies the site, giving its public key (data encrypted with which can only be decrypted with the private key), its identity, the CA that certifies that identity and public key, and what date range the certification is valid for.

There are three possible attacks on this.
1) the attacker gains the secret key (that would require either deliberate actions by the company who made the operating system that the key is stored in, hacking of that system, or access by someone on staff with physical access to the server. for hosted solutions, that could well be low level employees of the hosting center, for your own hosting, that could be someone on the cleaning staff)
2) the attacker fakes the key by having access to a valid CA key - that need not even be the same CA you bought your key from - and pretending to be your server to the client, passing though any data queries (once a copy has been made). This is called a Man in the Middle attack, and is viable given most built-in isp backdoors. Your customers can however guard against this by validating your offered key against a known good copy (there are plugins, like certpatrol, that can do that for them)
3) the attacker has compromised the protocol. It has been theorized that EC curves recommended by NIST were set by the NSA and may have a known solution - if you believe this, then you should avoid EC encryption on your server and prefer PFS modes (PFS, aka DHE, means that a session key is negotiated in such a way that an external attacker, even with access to the private key, cannot decrypt a copy of the conversation)

the equivalent to SSL in email is called s/mime - all email clients have this built in, and the same provisos apply.

pgp, in the form of a protocol (for which the open source variant is gnu privacy guard) is a superior encryption system for mail, but is not widely supported, plus has no formal introduction mechanism (which the CA acts as for s/mime) so requires manual key verification. however, it is considered at LEAST as secure as s/mime.
0
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

Ess KayEntrapenuerAuthor Commented:
Ive heard rumors that nsa can crack Aes 256 within a week or less
0
Ess KayEntrapenuerAuthor Commented:
@dave, the token and private key techniques are insufficient as well.  I use x509, but its a simple encryption method with just one private key.  With a city of high tech machines like NSA's new centers x509 stands no chance.
The only thing it will stop is on the fly decryption and to limit access to connect with the website. But ild messages will eventially be cracked withing a few days.

 Im looking for new ideas.

Perhaps a new algorithm technique



TrueCrypt methods are as close as i found so far to encrypt data, however, after transferring data, their files get undecryptable.

I'm looking for a solution to develop inhouse which works so all your suggestions are appreciated
0
Dave HoweSoftware and Hardware EngineerCommented:
There is no reason to believe we can't trust either AES (which wasn't designed by the NSA) or RSA keys above around 3K.

As far as anyone can tell, the NSA have been taking steps to work around those two facts. That could of course be a smokescreen, but if they had super-secret methods to break RSA or AES, they would not waste time and effort on doing so.

Conversely, Snowden (and Schneier, who has seen the documents Snowden has shared) both say you can trust crypto, but not the software it is embedded in - Schneier in particular has called out his doubts over the EC encryption method, the now known to be badly broken by design and the PRNG based on it that the NSA/NIST were promoting - however, he just renewed his PGP key, and went with a 4K RSA+256 bit AES key (which presumably he trusts).

I am not going to go around second-guessing Schneier, who was one of the finalists in the AES competition and provided one of the other algos used in Truecrypt.

X509 (well, TLS and S/MIME, the schemes based on using X509) is still secure; as both are hybrid schemes (using strong symmetric crypto for the message, and only encrypting the symmetric key using asymmetric methods) the one asymmetric key, being used only for a tiny amount of data, is going to be very hard indeed to crack.

It is important to avoid trying to invent your own crypto schemes - that never ends well - however, you can often add additional encryption, often quite weak, to make a hybrid scheme that is no worse than using the trusted crypto (MS took that approach with DESX - instead of re-inventing the wheel, they added a simple XOR step before and after single DES - the result is almost as strong as 3DES, but less than half the processing load). Truecrypt offers a similar mechanism, allowing you to mix and match its three candidate methods for additional security.

The issue isn't the crypto, its getting it into the hands of who needs it. Anyone can issue X509 keys at 4K keystrength, but only a CA is automagically trusted by the major browsers to do so.
0
Rich RumbleSecurity SamuraiCommented:
There is plenty of crypto that is "NSA proof", but they aren't playing fair and get around the hard part, and skip to the easy part's. Google encrypts it's traffic right, well it's not 100% end-to-end... maybe google searches are encrypted to you, but when you're search get's to google, it decrypts it, then asks it's database for the answer. The DB looks at you're request in plain-text. What if the NSA sit's there, before the encryption and phase and after the decryption phase, no need to break anything.
They have letters they use to compel you and your company to comply with, it's treason if you don't.

It's not just the NSA, it's EVERYONE who want's to know more about YOU... Facebook is the NSA's wet-dream... they could never get people to openly discuss their personal business in an easily documentable fashion as they do on FB or MySpace etc... You need to guard you're privacy online, don't discuss anything you wouldn't want others to hear, imagine the world is watching everything you do and say, because they might be...
http://blogs.computerworld.com/android/22806/google-knows-nearly-every-wi-fi-password-world
https://www.schneier.com/ As pointed out above, is probably the best person to listen to about these things. I don't participate in FB, but I like participating here on EE. I am proud to participate in plain-text here, this is productive, this is helpful, I don't have anything to hide. But remember that "I don't have anything to hide" is easy to say, it's not always true, everyone does if you really think about it.
https://www.schneier.com/blog/archives/2013/03/our_internet_su.html
https://www.schneier.com/blog/archives/2007/07/privacy_and_the.html

If you've ever been an administrator of a network, you know how you can find anything out about anyone using their pc against them. It's the same for websites, they know a lot about you, your history with them is documented in one way or another.

Encryption doesn't solve these issues, period, and it's not supposed to. It's supposed to aid in keeping prying eyes out, but it can't do that once things get decrypted. I send you an encrypted email, you open it, Jim reads it over your shoulder. The IT admin can't read it, the network admin can't read it, but Jim sitting behind you can. The NSA = Jim :)
-rich
0
Ess KayEntrapenuerAuthor Commented:
Thanks guys.

Here is the model I am looking for for transmission


exampl


I'm looking for new encryption methods to jumble the data


and perhaps also new ways of transporting the data instead of SSL, http, https
0
Rich RumbleSecurity SamuraiCommented:
What you really want to do to be secure is use non-writeable media, like a CD/DVD. Create a live-cd that boots up the OS from the DVD drive, and then download you're files from the internet or you email. You've downloaded them to memory then, and once the pc is off for a few minutes, it's unrecoverable. Just keep them in the internet until you need to access them again.
You could have 30 passwords in you're diagram above, but you really only need one good one and a well chosen algorithm. Also the private key is not what you exchange, you never give that one out, you can exchange you're public key openly.
The way PGP/GPG works is by asymmetry, one key to encode and one key to decode, you can use either technically. But what you want is someone to use the public key you freely share to encrypt something that only your private key can decode.
I use your public key to encrypt a message, you use the private key to decrypt it. You send me a message by encrypting it in my public key, I decrypt it using my private key.

I can also (technically) encrypt a message using my private key, and then my public key can be used to decrypt it, but since my public key is well known, and I don't want the message decrypted by anyone else who might see it, I use your pub-key instead.

As to transport, you have to understand there aren't a lot of alternatives that have been scrutinized like SSL has. There are plenty of technologies built on SSL/TLS, like httpS, SSH, SFTP, FTPS, SCP and much more. You may want to think of a container like 7zip as an additional barrier, but that's where I'd stop. 7zip or Rar containers are very slow when using brute force, maybe 100-200 tries per second, which is sloooooow compared to almost anything else.


>What methods to encrypt internet messages and files between websites and clients will result in NSA proof security
The same ones we use today. We just need to change the locks. The NSA is exploiting the plain-text side more than they are interested or trying to break the encrypted side. They are working smarter, not harder.
-rich
0
Dave HoweSoftware and Hardware EngineerCommented:
You aren't going to want to invent new crypto, trust me. That is an extremely difficult task, and you would want to do it three times over. just.. no.

you could of course use tunnelling to achieve the same effect, with different sorts of crypto for each tunnel, and multiple levels of tunnel.  The best protocol for that isn't SSL, but SSH - as that has tunnelling support "built in" and there are existing implementations and libraries you could use to bootstrap your way up to your desired goal.

Consider the following scenario.

1) your app (or applet) connects using SSH to the "outside" server. This is a VM running in your DMZ, with one port listening to the internet (on the SSH port) and one dedicated vlan on a second interface. Only one login is valid for this, and it requires an RSA key (embedded in the client) not a password.
2) this app logs in (with 3DES), and immediately opens a tunnel to the only listening server on the second interface, which is (again) ssh. this accepts a username and password from the client so as to identify the person logging in to the second server.
3) the app logs into this second server (with Blowfish), and opens a SECOND tunnel to a loopback interface on port 443
4) the app launches an embedded browser which uses the second tunnel to open a web page over HTTPS (DHE+RSA+AES) in the conventional manner.

There. three layers of different encryption, one hard coded local RSA key, one username/password login, and one serverside certificate.

Would take some coding, but you could *simulate* the setup easily enough for testing.

First, configure a virtual machine with linux and openssh. restrict login to RSA and 3DES.

Second, set up another vm, running openssh (Blowfish only) and apache; have apache listen on loopback only and port 443 only. join this to the first vm with a dedicated vlan.

Log into the first VM with puTTY. use the ability of puTTY to open a tunnel from local port 222 to port 22 on the second VM
Log into the second VM by connecting a second copy of puTTY to port localhost:222 - open a tunnel from port 8443 to localhost:443 (note, this putty is working *entirely* inside the 3DES encrypted tunnel from the first putty)
Log onto https://localhost:8443/ with your choice of web browser. Note that this connection is an encrypted (https) one, but over the Blowfish tunnel of puTTY #2, which is itself connected over the 3DES tunnel of puTTY #1

so - doable, if you really want to, using only conventional encryption methods and protocols.
0
Ess KayEntrapenuerAuthor Commented:
thanks rich. The reason i sak is to roll out software to our customers who will not need to worry about security when communicating with us. the focus is to make all data transactions between us and them, especially encrypted

thats why the boot from DVD is not an option for us.


If their computer is compramised, thats their problem. Nothing wrong from our end
0
Rich RumbleSecurity SamuraiCommented:
If it has to be easy to use, then you should use what's already in place. That's not where the NSA attack vector, it's the opposite when they need to surveil a large part of the internet. When they have to target, then it's possible, for them to look at attacking httpS, but there are easier methods.

If your customer is compromised, so is your transaction (after the fact). If there is some trail, and remember just because a communication can't be read doesn't mean it can't be tracked. You can ascertain a lot about encrypted transactions and payloads just by watching them.

So perhaps to get all experts on the same page, can you re-state your question with the goal you have. https://www.schneier.com/blog/archives/2013/09/new_nsa_leak_sh.html
It's going to be hard to build up trust again, but when we do, it's going to be using the same technology as before, just updated versions of it. You, me or any expert here won't devise anything better than what's out there now, but it's good to have input into it.
-rich
0
Darr247Commented:
If I had something that needed that level of security, rather than sending it over the Internet I would deliver it on an encrypted USB thumbdrive via SneakerNet, plugging it only into computers that are not even connected to a network. Then if the NSA wants your data, they'll have to go to the FISA court for a secret warrant and spirit you away to a black site prison in another country for enhanced interrogation.
0
AlexPaceCommented:
Home office to branch bidirectional file transfer system that used SFTP as the transport but 4096 bit PGP keys to protect the payload.  The server-side SSH keys and PGP keys were generated on a server in the office so they don't have to worry about the ISP giving away the keys.  The server also does not have the PGP keys for the payload files so even if the server is hacked the payload is still protected.  The server has an automation script that moves uploaded files out of the upload destination folder so it works like a bank night deposit box where you can put stuff in but then it is gone and you can't get it back.  They are automatically moved to another computer for decryption and signature verification.  Each payload file is signed by the branch office that sent it using PGP signature of a keypair generated on site at the branch.   Outbound files work in reverse, they are encrypted with the public key of the branch and then signed by the home office.  
User experience: At the branch office they have one folder named "Inbox" and another named "Outbox"  They move a file to Outbox to send it to the home office and files from the office appear decrypted in the Inbox.  At the home office the Inbox and Outbox have subfolders named after each branch office and the Outbox has a special "send to all" folder.  It sounds sorta complicated but really it is just a bunch of Robo-FTP scripts.
0
AlexPaceCommented:
Of course the most elaborate setup is always vulnerable to an inside job.  The best encryption available is "one time pad" but then you have to securely distribute the pad.
0
Dave HoweSoftware and Hardware EngineerCommented:
one time pad, while provably secure, is near unworkable in practice. you can just about get away with it if you predistribute a few dvd-r of key material in advance, but then you need to worry about protecting the key material....
0
Ess KayEntrapenuerAuthor Commented:
0
Rich RumbleSecurity SamuraiCommented:
It's not as simple as that, you have to know what they are talking about, which algo to "ditch", which the WSJ link doesn't say...
http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/
It's the "random" number generator implemented by intel in it's hardware and many others in their software.

My focus is on answering your question rather than all the dumb things the NSA has done. I think there are a few acceptable answers already

jmcmillan227
Sorry but I honestly believe the answer is none.
I don't think that is correct, but it can seem that way at this time.

There will be no new technique for quite some time, it will only be new algo's or updated keys, or better yet updated PRNG's from someone other than the NSA.
I'm switching the AMD until I hear otherwise :)
-rich
0
Dave HoweSoftware and Hardware EngineerCommented:
@Darr247:
Note that was the exact method that led to David Miranda being held without charge and interrogated for 9 hours while they copied said usb drives....
0
Darr247Commented:
That WSJ link's pretty worthless for people who stopped subscribing when Murdoch turned it into an arm of faux newz.
0
Darr247Commented:
If the guy publishing stories containing information directly from Snowden was my significant other, I would *expect* my electronics and data storage devices to come under scrutiny, and certainly wouldn't have the password for the files written by itself on a piece of paper carried with me.

For passwords, I prefer using something like the MD5 hash of the SHA1 hash and/or RIPEMD160 hash (et cetera) of a word or phrase I memorize.
e.g. to come up with password 7b2531c32074f98609cb3b1272c7a711
Password - step 1Password - step 2Password - step 3(i.e. it's the MD5 hash in the 3rd step.)

Even if they go to the trouble of working MD5 (or was it MD4, which has the same length hash?) backwards, which takes longer and longer the more characters there were in the hashed value... what's the next step - work RIPEMD160 backwards, or work SHA1 backwards? (alternately, SHA256 and PANAMA steps, which both have the same length hashes, could be inserted also).
0
Dave HoweSoftware and Hardware EngineerCommented:
@Darr247: lots of to-and-fro on that one; no doubt we will learn more after the formal court case starts in October, but probably never know the full story.

Fact still remains though - the UK used extra-legal powers designed to identify potential terrorists, on someone in transit though their airspace (officially he never "landed" as he was still on the other side of the customs barrier) to interrogate them for 9 hours and seize all their possessions explicitly because they expected to find him hand-carrying usb media between the journalists.

Using only physical interchange media is therefore little better than straight data transfer, if they are determined to get access -  you clearly need to get the encryption right, and if you do, the medium doesn't matter.
0
McKnifeCommented:
Hi.

The basic question for me is "who do we want to trust?"
We should reduce the technologies used to protect our data and communication to those we have reason to trust. That's what you have to find out: who can you (still) trust, when do we want to consider something "trusted"?
--
To give you an example: for windows 7, that has been launched 4 years ago, only recently the first full disk encryption software ("Sirrix trusted disk") has been launched that has been successfully tested and certified by the German government for a certain German type of classified data ("VS NfD"). Before, nearly for four years, there has been NO (full disk-) solution at all for 7, NO solution for vista (still no to date), and only one for windows xp (safeguard easy) that one (as a German) may trust if you believed the German officials. By the way, there is NO such software for win8/8.1.

So what made this software special? Technically, the core of Sirrix Trusted Disk is nothing else but truecrypt. Truecrypt (AES 256) combined with hardware (a USB-Token with a certificate on it) and a PIN.
Nothing special, indeed. The thing is, how is it implemented and can we trust those that implement it? According to the German federals, Germans can trust it, that's why Sirrix has paid a lot to the German federal institution to certify it. And that's why they charge you good money for using it. But is it any more secure against the NSA if we think of how the Germans and Americans cooperate(d)?

Truly, thanks to the NSA (and others) the security business will go through a boom and at the same time have a hard time trying to convince people that it can offer any technology that we still have reason to trust.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Ess KayEntrapenuerAuthor Commented:
Thanks guys, id like to close this question, but keep the idea open
0
jmcmillan227Commented:
0
Dave HoweSoftware and Hardware EngineerCommented:
Unless he doesn't know everything of course. It certainly looks like the takedown of the silk road was due to the owner being an idiot when it came to opsec, but that is the second "onion" site the FBI have hit in the last year, and they did't even have to go to Ireland for this one...
0
Ess KayEntrapenuerAuthor Commented:
yea, so much bad news as of late,

though mcafee says he will make you nsa proof for $100

http://abcnews.go.com/Technology/john-mcafees-product-aims-make-internet-users-virtually/story?id=20424182
0
Rich RumbleSecurity SamuraiCommented:
It has to be end to end, and even then encryption has to be decrypted to read, so it's never going to be 100%. Both ends have to be unwilling to cooperate, which at this stage the Service Providers aren't all that unwilling, even after all of this. McAfee is a crazy nut-bag, god love him, I hope he or someone can make something positive soon.
Per my article on the subject. you can betray or be betrayed by encryption products in many different ways: http://www.experts-exchange.com/Security/Encryption/A_12134-Choosing-the-right-encryption-for-your-needs.html
The weakest link is the way into encryption.
-rich
0
Dave HoweSoftware and Hardware EngineerCommented:
Sadly, while a jug makes it easy to see if there is a leak due to poor construction, crypto is a lot less likely to warn you until its too late :(
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Encryption

From novice to tech pro — start learning today.