How Do You Create A Secure Messaging System?
I was just reading a piece on HeatStreet stating that the Defense Advanced Research Projects Agency (DARPA) has “published a call for companies to submit proposals to build a robust messaging platform that the military could use for secure communication of everything from intelligence to procurement contracts.”
To quote the stated requirements:
The request for proposals, reported earlier by the U.K.’s Daily Telegraph, also says that the messaging platform should incorporate a customized blockchain, the distributed ledger technology that underpins the digital currency bitcoin, for recording messages and contract information. The proposal says such a distributed ledger would allow the military to conduct its business in a more efficient and secure fashion.
I can already begin to see in my minds eye how this is working. It makes use of a number of recent technological buzzwords and buzz-concepts, such as blockchain, distributed, bitcoin, messaging. And in a post-Snowden world, the US Government want to ensure they have a secure platform, that’s scalable, capable of withstanding cyber attacks, and suitable for all its communication needs, for “everything from intelligence to procurement contracts.”
In my head, it’s looking a little like this.
I can easily envisage a messaging system that uses a BitTorrent-style protocol to ‘spread the load’, that distribute the data across multiple nodes to prevent a single point of weakness. But how do you secure it? Obviously any system that’s capable of handling military communications through to procurement contracts must include a permission-based authorization system, to prevent Mr Working-On-Civil-Project having access to General Head-Of-Military’s secret data. That should be easy enough, by encrypting the data in such a way as to prevent it being viewable by people without the correct level of authorization. It’s looking like a distributed database, with the records encrypted in such a way as to prevent access without permission. Great. I’m half way to a multi-million dollar DARPA contract, huzzah!
How do we secure this system? How do we prevent users who legitimately have access to sensitive data – Mr Snowden as a pretty good example – from taking the data from this secure system, and dumping it onto insecure systems? Surely this is the age-old question.
Snapchat provides a feature that allows users to send “self destructing” images across its network. And it’s equally well known for being unable to guarantee that the image has actually self destructed, without first being grabbed via a screenshot. Or by taking a photo of the screen. If a user can ‘see’ the data, at any point, it’s surely impossible to prevent them capturing the data? This is an issue known as the analogue hole.
In Snowden’s case, it seems he was responsible for transferring data onto the SharePoint system that NSA Hawaii made use of. It seems that as he was transferring the data, he took copies of data he thought important for release, and made a copy for himself. He was required to have access, as a sysadmin, because it was his job to transfer the data. And there will always be someone who needs the access, to be a sysadmin. So in this case, Snowden didn’t even need to resort to using an analogue hole, because the digital data was right there and copyable. How have the NSA currently solved this problem? They now require two people to access all the secure data; it’s no longer accessible by one person at a time.
That doesn’t really sound realistic as a solution, going forwards, if someone needs to access data from their smartphone. Hold on a moment, I’ll just grab a second person with authority. And even then, this goes no way to solving the analogue hole.
So how do you solve this?
That, my friends, is the $64 million dollar question.