The Usability of Anti-Apartheid Encryption

By @edent · encryption politics usability · 1,800 words · read ~620 times.

(An adaptation of my earlier blog post on the same topic ¹.) This is a case study focusing on the usability of encryption systems as used by political dissidents in Apartheid era South Africa.

Background - South Africa

Between 1948 and 1994, the nation of South Africa was ruled by an ethnically white minority. They set in place a system of government – known as Apartheid - which suppressed, brutalised and discriminated against other races. The African National Congress (ANC) was formed in the early 20th Century ² with the explicit aim of bringing "all Africans together as one people to defend their rights and freedoms." In 1960, it was outlawed by the ruling National Party³ and was subsequently branded a terrorist organisation by many nations⁴. Activists working for and on behalf of the ANC were placed under intense scrutiny by the National Party and its allies. In order to safeguard their communications, the ANC needed to develop, deploy and successfully use digital encryption. The primary source of this information comes from the ANC's monthly journal "Mayibuye". In 1995 they published a series of articles on their encryption efforts, collated in a single article: "Talking To Vula"⁵

Lines of Communication

With the ANC's leadership under extreme surveillance by a technologically superior aggressor, communications between the leadership and members were subject to interception and disruption.

Poor communications had determined the shape of our struggle. It was because our fighters and cadres could not communicate with their leaders and between themselves that the underground never developed and People's War never became a reality. "Talking To Vula"

The ANC's typical method of encrypting communications in the late 1970s was by the manual use of One Time Pads (OTPs). While OTPs represent a theoretically uncrackable encryption, they have two fundamental flaws :

It is difficult to distribute an OTP; it wasn't until the late 1970s that key-exchange over a public channel was solved using the Diffie-Hellman Key Exchange ⁶.
OTPs often suffer from unrecoverable errors introduced by flaws common in manual transcriptions⁷.

Activists had to manually encipher messages - a tedious and error prone process - and then manually transcribe and decipher the messages they received. The lack of digital communications required that messages be physically distributed. This increased the latency of communication to the speed of international postal services.

It was always the same pattern: comrades would go back home feeling enthusiastic and begin by sending a series of messages. They soon came to realise that it was a futile activity as it took so much effort to say so very little and the responses, as few and far between as they were, contained little encouragement and advice. "Talking To Vula"

These activists were fighting to free their country from the yoke of a repressive and racist government. Yet they found the long-winded process of protecting their communications just too hard. Security is usability.

Operation Vula

The growth of the Personal Computer industry in the 1980s made digital computing increasingly affordable. The ANC's technical committee began to research digital encryption and communication over the telephone network using modems. This was known as "Operation Vula"⁸. Modern cryptographic science frowns on the sort of self-created encryption algorithms used by Operation Vula; such algorithms often contain subtle weaknesses of which their creators are unaware⁹ ¹⁰. However, developing bespoke encryption systems was a common occurrence in the 1980s – mostly due to the United States Government forbidding the export of encryption software¹¹. This meant that strong, audited encryption was not widely available to the public. The introduction of computer-based encrypting revolutionised the revolutionaries so that with little effort it was suddenly possible to communicate over vast distances with (apparently) total security. Messages could be long and complex, and the latency of response times were reduced. This home-made encryption flourished for several years before it came crashing down ¹². It failed not because of technological weakness - but because of human weakness.

Usability

Maintaining secrecy is hard. Attaching computers to modems and loading secret codes is still a lot easier than the mind-numbing process of hand powered encryption; but it is an extra burden. Individuals were careless. They knew that organising against the government could result in torture or death. Despite that, it was hard to act with 100% vigilance.

The details of Vula that the regime released to the press revealed that indeed a number of important documents had fallen into their hands. It became clearer by the day that the comrades in Durban had violated all the rules of security that we had so assiduously tried to impress upon them. Data files of confidential information were kept "in clear" on disk and keywords and key books must have been easily obtainable. The minutes of an entire underground conference were quoted by police as evidence of the plot to overthrow the government. "Talking To Vula"

These communications were not between "hacktivists" doing it for "teh lulz", lovers exchanging sexts or business people protecting their Intellectual Property. It was between freedom fighters working against a sadistic and murderous government. Failing to maintain security would not just end with their families being tortured - it could mean the disruption of an entire political movement. And yet that threat still was not enough to keep people acting in a security-conscious manner. "Talking to Vula" concludes with the lessons the ANC learned from running their encryption programme:

Without first-class communications you cannot carry out a successful underground operation. "Talking To Vula"

"First class" does not just refer to the technology powering the system, but also the usability of the security.

Barriers

We know that commonly used encryption programs often have fundamental flaws (such as the recent POODLE¹³ and HeartBleed¹⁴ vulnerabilities), that state-based agencies have deliberately weakened encryption standards¹⁵ and that there are theoretical attacks on cryptography using quantum computing¹⁶. Let us assume for now that via some combination of Vernam ciphers¹⁷ and Perfect Forward Secrecy¹⁸ it is possible to create an encryption scheme which, if used correctly, can withstand sustained attack from determined adversaries. The correct use of encryption relies on, at a minimum, the following behaviours :

Users understanding why encryption is necessary.
A provably secure way for users to generate encryption keys.
Securely storing the encryption keys.
Exchanging keys.
Validating that the keys are trusted by the recipient.
Correct enciphering of messages.
Correct deciphering of messages.
Validating the provenance of messages.
Securely storing or destroying messages.
Updating behaviours and technologies in the light of emergent threats.

If any of these behaviours are weak, the entire encryption scheme becomes vulnerable.

The Challenge

Is it possible to create a system that simultaneously satisfies the conditions of desirability (the understanding of its necessity) and usability (the inability to use incorrectly)? Modern systems like GPG and Keybase.io have improved on the usability of older encryption systems – but they still require the user to act in an almost perfect manner. A recent high profile case illustrates that, despite the improvement of these systems, intelligent and committed users still make basic mistakes :

David Miranda was carrying password for secret files on piece of paper A journalist’s partner who was detained carrying thousands of British intelligence documents through Heathrow airport was also holding the password to an encrypted file written on a piece of paper, the government has disclosed. Daily Telegraph. 2013-08-30

This careless attitude was present 23 years earlier, during Vula :

[Ghebuza's] assistant was in the habit of moving around with Ghebuza's program and "key" disks as well as his data files. This was against all the rules though we had always suspected that some of the comrades were less than meticulous about observing them. "Talking To Vula"

Users will seemingly do almost anything to bypass security in the name of convenience¹⁹ ²⁰. From writing down passwords²¹ ²² to pointing a webcam at a VPN token²³, these behaviours completely negate any of the protection provided. Users are left with, at best, a placebo security measure. A comprehensive encryption programme has to account for the fallibility of human nature.

Ubiquity & Transparency

Usability of encryption relies on two essential factors: Ubiquity and Transparency. Until the release of the Fire s heep software ²⁴ it was assumed that websites only had to protect the login portion of their services with HTTPS. Firesheep showed how every interaction with the site could leak login information to an observer. The only way to guarantee the security of users was to ensure that every single interaction with the site was secured. Ubiquitous security became a necessity. Similarly, it used to be common that in order to securely access a site like Facebook or Twitter, a user had to remember to enter the URL with the "https://" protocol, or they had to manually set an option to enable security. By having the website insist on using HTTPS and enforcing it for all users at all times, they removed the need for the user to have to constantly check their security settings. This mode of operation means that encryption technology does not get in the way of the user's normal use of the site. Users do not have to undertake manual actions to enable encryption. An excellent example of this can be found in my research into British Police websites ²⁵. Several forces run online crime reporting tools, enabling victims to send in details electronically. Despite the obvious legal and moral need to protect such sensitive information, I discovered that 18 of the forces did not provide any website security. Six of the sites had encryption available but did not force visitors to use it. This meant that users of the site would have to manually manipulate the URL to select a secure method of communication.

Conclusions

Even minor transgressions in the correct use of security can offer an adversary the opportunity to penetrate a user's defences. Users have to continually protect themselves against an unending onslaught of criminals and state-backed hostiles.

"Remember we only have to be lucky once. You will have to be lucky always." Anonymous IRA Spokesman²⁶ referring to the 1984 Brighton hotel bombing.

In order to make encryption practical and to extend the benefits of secure communication to as many people as possible, we have to find ways of making users as "lucky" as possible. The challenge for future security systems is to protect users from their own fallibility whilst being as unobtrusive as possible.

1Eden, T "The Hardest Problem In Encryption? Usability." (2014) Retrieved 30 December 2014.

2 A brief history of the ANC Retrieved 30 December 2014.

3 The Unlawful Organizations Act (No. 34 of 1960) enacted by the Parliament of South Africa.

4 US government considered Nelson Mandela a terrorist until 2008 – NBC News – 7 December 2013.

5 Jenkin, T "The Story of the Secret Underground Communications Network of Operation Vula<"

6 Diffie, W. & Hellman, M. "New Directions in Cryptography" IEEE Transactions On Information Theory, Vol. It-22, No. 6, November 1976 .

7 Wahi, Monika M. et al. "Reducing Errors from the Electronic Transcription of Data Collected on Paper Forms: A Research Data Case Study." Journal of the American Medical Informatics Association : JAMIA 15.3 (2008): 386–389. PMC. Web. 14 Dec. 2014.

8 "Documentary On Operation Vula" BBC Interviews: December 2002 Retrieved 30 December 2014.

9 "Schneier's Law" - Bruce Schneier (2011) Retrieved 30 December 2014.

10 Zimmermann, P "Introduction to Cryptography" Page 54

11 Roberts, E. "Reevaluating Us Technology Export Controls" - Stanford University (1999) Retrieved 30 December 2014.

12 US State Department cables on Vula unravelling Retrieved 30 December 2014.

13 CVE-2014-3566 Retrieved 30 December 2014.

14 CVE-2014-0160 Retrieved 30 December 2014.

15 Hales, TC The NSA Back Door to NIST Notices of the AMS Volume 61, Number 2. (2014)

16 Shor, PW "Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer" SIAM Journal on Computing (1997) 26:5, 1484-1509

17 Kahn, D (1996). The Codebreakers. Macmillan. pp. 397–8. ISBN 0-684-83130-9

18 David P. Jablon. 1996. "Strong password-only authenticated key exchange." SIGCOMM Comput. Commun. Rev. 26, 5 (October 1996), 5-26. DOI=10.1145/242896.242897

19 Gait, Jason. "Easy entry: the password encryption problem." ACM SIGOPS Operating Systems Review 12.3 (1978): 54-60.

20 Adams, Anne, and Martina Angela Sasse. "Users are not the enemy." Communications of the ACM 42.12 (1999): 40-46.

21 Zviran, Moshe, and William J. Haga. "Password security: an empirical study." Journal of Management Information Systems (1999): 161-185.

22 Nielsen , J. "Security & Human Factors" Retrieved 20 December 2014 (2000)

23 FobCam Retrieved December 30, 2014.

24 Butler, E. "Firesheep – codebutler" Retrieved December 30, 2014.

25 Eden, T "Secure The Police" Retrieved December 30, 2014

26 Taylor, Peter (2001). "Brits: The War Against the IRA." Bloomsbury Publishing. p. 265. ISBN 0-7475-5806-X