The Usability of Anti-Apartheid Encryption
(An adaptation of my earlier blog post on the same topic1.) This is a case study focusing on the usability of encryption systems as used by political dissidents in Apartheid era South Africa.
Background - South Africa
Between 1948 and 1994, the nation of South Africa was ruled by an ethnically white minority. They set in place a system of government – known as Apartheid - which suppressed, brutalised and discriminated against other races. The African National Congress (ANC) was formed in the early 20th Century2 with the explicit aim of bringing "all Africans together as one people to defend their rights and freedoms." In 1960, it was outlawed by the ruling National Party3 and was subsequently branded a terrorist organisation by many nations4. Activists working for and on behalf of the ANC were placed under intense scrutiny by the National Party and its allies. In order to safeguard their communications, the ANC needed to develop, deploy and successfully use digital encryption. The primary source of this information comes from the ANC's monthly journal "Mayibuye". In 1995 they published a series of articles on their encryption efforts, collated in a single article: "Talking To Vula"5Lines of Communication
With the ANC's leadership under extreme surveillance by a technologically superior aggressor, communications between the leadership and members were subject to interception and disruption.Poor communications had determined the shape of our struggle. It was because our fighters and cadres could not communicate with their leaders and between themselves that the underground never developed and People's War never became a reality. "Talking To Vula"The ANC's typical method of encrypting communications in the late 1970s was by the manual use of One Time Pads (OTPs). While OTPs represent a theoretically uncrackable encryption, they have two fundamental flaws :
- It is difficult to distribute an OTP; it wasn't until the late 1970s that key-exchange over a public channel was solved using the Diffie-Hellman Key Exchange6.
- OTPs often suffer from unrecoverable errors introduced by flaws common in manual transcriptions7.
It was always the same pattern: comrades would go back home feeling enthusiastic and begin by sending a series of messages. They soon came to realise that it was a futile activity as it took so much effort to say so very little and the responses, as few and far between as they were, contained little encouragement and advice. "Talking To Vula"These activists were fighting to free their country from the yoke of a repressive and racist government. Yet they found the long-winded process of protecting their communications just too hard. Security is usability.
Operation Vula
The growth of the Personal Computer industry in the 1980s made digital computing increasingly affordable. The ANC's technical committee began to research digital encryption and communication over the telephone network using modems. This was known as "Operation Vula"8. Modern cryptographic science frowns on the sort of self-created encryption algorithms used by Operation Vula; such algorithms often contain subtle weaknesses of which their creators are unaware9 10. However, developing bespoke encryption systems was a common occurrence in the 1980s – mostly due to the United States Government forbidding the export of encryption software11. This meant that strong, audited encryption was not widely available to the public. The introduction of computer-based encrypting revolutionised the revolutionaries so that with little effort it was suddenly possible to communicate over vast distances with (apparently) total security. Messages could be long and complex, and the latency of response times were reduced. This home-made encryption flourished for several years before it came crashing down12. It failed not because of technological weakness - but because of human weakness.Usability
Maintaining secrecy is hard. Attaching computers to modems and loading secret codes is still a lot easier than the mind-numbing process of hand powered encryption; but it is an extra burden. Individuals were careless. They knew that organising against the government could result in torture or death. Despite that, it was hard to act with 100% vigilance.The details of Vula that the regime released to the press revealed that indeed a number of important documents had fallen into their hands. It became clearer by the day that the comrades in Durban had violated all the rules of security that we had so assiduously tried to impress upon them. Data files of confidential information were kept "in clear" on disk and keywords and key books must have been easily obtainable. The minutes of an entire underground conference were quoted by police as evidence of the plot to overthrow the government. "Talking To Vula"These communications were not between "hacktivists" doing it for "teh lulz", lovers exchanging sexts or business people protecting their Intellectual Property. It was between freedom fighters working against a sadistic and murderous government. Failing to maintain security would not just end with their families being tortured - it could mean the disruption of an entire political movement. And yet that threat still was not enough to keep people acting in a security-conscious manner. "Talking to Vula" concludes with the lessons the ANC learned from running their encryption programme:
Without first-class communications you cannot carry out a successful underground operation. "Talking To Vula""First class" does not just refer to the technology powering the system, but also the usability of the security.
Barriers
We know that commonly used encryption programs often have fundamental flaws (such as the recent POODLE13 and HeartBleed14 vulnerabilities), that state-based agencies have deliberately weakened encryption standards15 and that there are theoretical attacks on cryptography using quantum computing16. Let us assume for now that via some combination of Vernam ciphers17 and Perfect Forward Secrecy18 it is possible to create an encryption scheme which, if used correctly, can withstand sustained attack from determined adversaries. The correct use of encryption relies on, at a minimum, the following behaviours :- Users understanding why encryption is necessary.
- A provably secure way for users to generate encryption keys.
- Securely storing the encryption keys.
- Exchanging keys.
- Validating that the keys are trusted by the recipient.
- Correct enciphering of messages.
- Correct deciphering of messages.
- Validating the provenance of messages.
- Securely storing or destroying messages.
- Updating behaviours and technologies in the light of emergent threats.
The Challenge
Is it possible to create a system that simultaneously satisfies the conditions of desirability (the understanding of its necessity) and usability (the inability to use incorrectly)? Modern systems like GPG and Keybase.io have improved on the usability of older encryption systems – but they still require the user to act in an almost perfect manner. A recent high profile case illustrates that, despite the improvement of these systems, intelligent and committed users still make basic mistakes :David Miranda was carrying password for secret files on piece of paper A journalist’s partner who was detained carrying thousands of British intelligence documents through Heathrow airport was also holding the password to an encrypted file written on a piece of paper, the government has disclosed. Daily Telegraph. 2013-08-30This careless attitude was present 23 years earlier, during Vula :
[Ghebuza's] assistant was in the habit of moving around with Ghebuza's program and "key" disks as well as his data files. This was against all the rules though we had always suspected that some of the comrades were less than meticulous about observing them. "Talking To Vula"Users will seemingly do almost anything to bypass security in the name of convenience19 20. From writing down passwords21 22 to pointing a webcam at a VPN token23, these behaviours completely negate any of the protection provided. Users are left with, at best, a placebo security measure. A comprehensive encryption programme has to account for the fallibility of human nature.
Ubiquity & Transparency
Usability of encryption relies on two essential factors: Ubiquity and Transparency. Until the release of the Firesheep software24 it was assumed that websites only had to protect the login portion of their services with HTTPS. Firesheep showed how every interaction with the site could leak login information to an observer. The only way to guarantee the security of users was to ensure that every single interaction with the site was secured. Ubiquitous security became a necessity. Similarly, it used to be common that in order to securely access a site like Facebook or Twitter, a user had to remember to enter the URL with the "https://" protocol, or they had to manually set an option to enable security. By having the website insist on using HTTPS and enforcing it for all users at all times, they removed the need for the user to have to constantly check their security settings. This mode of operation means that encryption technology does not get in the way of the user's normal use of the site. Users do not have to undertake manual actions to enable encryption. An excellent example of this can be found in my research into British Police websites25. Several forces run online crime reporting tools, enabling victims to send in details electronically. Despite the obvious legal and moral need to protect such sensitive information, I discovered that 18 of the forces did not provide any website security. Six of the sites had encryption available but did not force visitors to use it. This meant that users of the site would have to manually manipulate the URL to select a secure method of communication.Conclusions
Even minor transgressions in the correct use of security can offer an adversary the opportunity to penetrate a user's defences. Users have to continually protect themselves against an unending onslaught of criminals and state-backed hostiles."Remember we only have to be lucky once. You will have to be lucky always." Anonymous IRA Spokesman26 referring to the 1984 Brighton hotel bombing.In order to make encryption practical and to extend the benefits of secure communication to as many people as possible, we have to find ways of making users as "lucky" as possible. The challenge for future security systems is to protect users from their own fallibility whilst being as unobtrusive as possible.
1Eden, T "The Hardest Problem In Encryption? Usability." (2014) Retrieved 30 December 2014.
2 A brief history of the ANC Retrieved 30 December 2014.
3 The Unlawful Organizations Act (No. 34 of 1960) enacted by the Parliament of South Africa.
4 US government considered Nelson Mandela a terrorist until 2008 – NBC News – 7 December 2013.
6 Diffie, W. & Hellman, M. "New Directions in Cryptography" IEEE Transactions On Information Theory, Vol. It-22, No. 6, November 1976 .
7 Wahi, Monika M. et al. "Reducing Errors from the Electronic Transcription of Data Collected on Paper Forms: A Research Data Case Study." Journal of the American Medical Informatics Association : JAMIA 15.3 (2008): 386–389. PMC. Web. 14 Dec. 2014.
8 "Documentary On Operation Vula" BBC Interviews: December 2002 Retrieved 30 December 2014.
9 "Schneier's Law" - Bruce Schneier (2011) Retrieved 30 December 2014.
10 Zimmermann, P "Introduction to Cryptography" Page 54
11 Roberts, E. "Reevaluating Us Technology Export Controls" - Stanford University (1999) Retrieved 30 December 2014.
12 US State Department cables on Vula unravelling Retrieved 30 December 2014.
13 CVE-2014-3566 Retrieved 30 December 2014.
14 CVE-2014-0160 Retrieved 30 December 2014.
15 Hales, TC The NSA Back Door to NIST Notices of the AMS Volume 61, Number 2. (2014)
16 Shor, PW "Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer" SIAM Journal on Computing (1997) 26:5, 1484-1509
17 Kahn, D (1996). The Codebreakers. Macmillan. pp. 397–8. ISBN 0-684-83130-9
18 David P. Jablon. 1996. "Strong password-only authenticated key exchange." SIGCOMM Comput. Commun. Rev. 26, 5 (October 1996), 5-26. DOI=10.1145/242896.242897
19 Gait, Jason. "Easy entry: the password encryption problem." ACM SIGOPS Operating Systems Review 12.3 (1978): 54-60.
20 Adams, Anne, and Martina Angela Sasse. "Users are not the enemy." Communications of the ACM 42.12 (1999): 40-46.
21 Zviran, Moshe, and William J. Haga. "Password security: an empirical study." Journal of Management Information Systems (1999): 161-185.
22 Nielsen , J. "Security & Human Factors" Retrieved 20 December 2014 (2000)
24 Butler, E. "Firesheep – codebutler" Retrieved December 30, 2014.
25 Eden, T "Secure The Police" Retrieved December 30, 2014
26 Taylor, Peter (2001). "Brits: The War Against the IRA." Bloomsbury Publishing. p. 265. ISBN 0-7475-5806-X
What links here from around this blog?