Insights - A Primer to Communications Security.
A Primer to Communications Security.
There are many good reasons behind securing communications within the enterprise and across enterprise borders as part of a company's Business Information Security strategy. Undoubtedly, "preventing unauthorized interceptors from accessing telecommunications in an intelligible form, while still delivering content to the intended recipients" (definition from Wikipedia ) is mandatory for any enterprise (asset protection) and any individual (privacy protection).
So what is the best way to secure communications i.e. voice, video, messaging, file exchange, file storage, etc? To answer this question let us look at the individual components that are taking part in secure communications.
- The Device
The first lesson in attacking secure systems is to attack the weakest link. For example, it is easier to place a bug into a device to capture a voice call, than trying to break a voice encryption algorithm using a network of servers. The learning is that if you can tamper with a device, then communication may be easily compromised. Companies like SilentCircle have recognised this and offer hardware that can not be easily tampered with.
- The Firmware
After a device is turned on and the completion of power-on self-tests, the firmware ( boot loader ) is the piece of software that runs to load the operating system. It is fair to claim that the firmware is the most important piece of software from a security point of view. Having the ability to manipulate the firmware can provide full access to any communication (and any function) of the operating system. Prominent public examples of such "firmware attacks" include Thunderstrike and Dark Jedi (attention: explicit language). Protecting the firmware is only possible when you have control over it. There are several options you may choose:
- You can deploy open source firmware on your devices. By nature, open source firmware is far more difficult to manipulate without the community noticing.
- You can use devices that vertically integrate hardware and firmware (see SilentCircle ).
- Finally, if you want to offer a broader choice of mobile devices, you can use Trustonic 's technology, which provides a Trusted Execution Environment (TEE) on ARM chipsets. As of the writing of this article, Trustonic's TEE is available on more the half a billion devices.
- The Operating System
Many of the communication tasks are implemented on top of the Operating System using its Application Programming Interfaces (APIs), and thus securing the OS is a prerequisite to secure communications. Just as the firmware has super-user access over the OS, the OS has super-user access over all communications applications. Hardening the operating system usually means creating a bespoke version of it with all unnecessary parts removed. This is the path the many communication companies take, and Android (by virtue of being open source) has become a natural choice for mobile, in the same way Linux has become the standard for PCs and Workstations. Important note: using an open source OS like Android is not a security guarantee, as Amazon Fire OS users had to experience.
- The Application
While less likely, applications are also used to intercept, capture and store communications. This can be in malicious form ( spyware ) or in the form of too detailed logs that are shared across the network (for performance improvement purposes). It is critical for the enterprise to assess the type of information captured, and ensure that critical information is not leaving the enterprise border unauthorised. As applications are the ones initiating the security setup of the communication channel, they can capture data before it is encrypted. To avoid surprises, choose a reputable communications app vendor like Whisper Systems , Threema and ProtonMail .
- The Network
Fundamentally the network (whether mobile or fixed) does not play any role in security assuming the communications application creates a secure tunnel / Virtual Private Network between the communicating end-points. It is useful however to note that 2G/3G mobile networks employ encryption algorithms that are relatively easy to crack, and that 4G suffers from the same IP security issues as any other IP network. Applications should therefore not trust the network. At the same time, as the path between end-points is unknown, it is also important that any encryption employed by applications, caters for changing network conditions in a way that does not jeopardise user experience. A great example of how this can be done is SQR Systems who have developed particular algorithms to enable secure, adaptive voice and video communications.
- The Cloud
Not all communications are real-time and most enterprise collaboration use cases require persistent sessions e.g. to store interim work results and allow teamwork to continue across multiple devices at a later stage. For such use cases (collaborative document editing, document archiving, document exchange, ...) it is important that files are encrypted before they are stored in the cloud. Equally important: the cloud storage service should have no method to decrypt such documents without the user's involvement. This is known as a zero-knowledge cloud storage service. Tresorit is hereby our favorite when compared to other similar services .
- The Communicating Parties
Any of the precautions above is rendered useless when the humans involved in communications do not live and breathe a security culture. For example plugging memory sticks (see minute 8:31) of unknown origin to PCs and/or clicking on dubious links within emails is a sure way to provide a 3rd party direct access and control over the OS. Therefore end-user education is key to a successful communications security strategy.
Understanding the role of the individual components in secure communications - device, firmware, OS, applications, network, cloud, communicating parties - is key to developing a successful communications security strategy. Fundamentally, it is all about deciding the level of trust towards individual components and the associated investment, risk and benefit for the enterprise. For example, a combination of secure devices, firmware, OS comes at the "cost" of less device choice. Trusting applications for secure communications may be reasonable, as long as the OS provider is trustworthy. Last, but surely not least: secure communications should not affect user experience negatively.
CREDITS & REFERENCES
- Firmware attacks: Thunderstrike , Dark Jedi
- Wikipedia: Communications Security , Boot Loader , Spyware , Virtual Private Network
- Companies: SilentCircle , Trustonic , ARM , Whisper Systems , Threema , ProtonMail
- The Guardian: Amazon reverses 'backward' decision to remove encryption from Fire tablets