Add 2000 words and revision (Due in 40 hours)

Add 2000 words and revision (Due in 40 hours)

Accessing Password Protected and/or Encrypted Mobile Data

Abstract- This research paper examines the potential solution to a problem faced by law enforcement; wherein the inability to decrypt a number of encrypted communications that they have been given appropriate legal permission to intercept or examine, loom large. This research paper utilizes a theoretical approach to explore the ‘going dark’ concern. This paper will also provide an overview of an encryption workaround, which will address the widely used “Signal Messaging Protocol” which is used to encrypt messages transmitted via applications such as Whatsapp, Telegram, Facebook, among others.

Keywords—Signal Messaging Protocol, Encrypted Messaging, Privacy, Law Enforcement, Mobile Phones, WhatsApp

1. Introduction

As the use of digital mobile devices continues to become more ubiquitous, so too does the use of strong encryption protocols, which are being made available to users by communication application providers. In an effort to provide even more security to users, those same application providers are developing the encryption protocols in such a way that the providers themselves are not even able to decrypt the private messages. These trends are posing an ever-increasing challenge to law enforcement agencies who are often able to obtain the legal authority necessary to intercept or retrieve certain communication data only to find that they are unable to decrypt and view that same data. The FBI has labeled this issue as the “Going Dark” problem.

The “Going Dark” problem often has adverse effects on law enforcement’s ability to investigate all kinds of crimes; such as kidnappings, child pornography, violent gang activity, etc. However, the gravest consequential examples of this problem have arisen through terrorist investigations, wherein the stakes are extremely high.

Agencies charged with combating terrorism, such as the FBI, quietly face this obstacle every day. In December 2015, the public was given an inside view of this dilemma, during the aftermath of the San Bernardino, California, terrorist attack. Following the attack, the FBI recovered a passcode locked iPhone 5, which had belonged to one of the shooters. The passcode function keeps the encased data encrypted until the correct passcode is entered. If the wrong passcode is entered more than ten times, the data is automatically permanently wiped from the device. In response, the FBI obtained a court order directing Apple to assist them in developing software to unlock the phone. Apple refused, which set off a fierce public outcry, and a subsequent legal battle. The standoff was ultimately diffused when the FBI was able to find a third party to crack the four-digit passcode.

As a result of that legal dispute between the Department of Justice and Apple not having being resolved in court, the debate continued over the question: should the government be able to legally force private vendors to create decryption keys for law enforcement use? Several lawmakers have already attempted to pass such legislation in congress but were unsuccessful. There does not seem to be strong support for such new governmental legal authority, because many feel it is an overreach for the government to compel a private company to develop something they didn’t already have. Another reason for the opposition to such legislation is the fear that any “back door” option created for law enforcement could potentially be utilized and exploited by nefarious parties.

In general, the growing practice wherein private citizens encrypt their communications is a “great” thing for society at large. It’s an excellent way to prevent fraud and abuse, while people go about communicating digitally. However, if it is not appropriate for the government to force companies that provide these encryption services to help them decrypt when needed, how can our law enforcement agencies effectively serve our communities if lawbreakers are also using these encryption services to propagate their criminal activity? We desperately need a solution that is independent of encryption service provider assistance, and which does not adversely affect the public’s ability to benefit from the protection of encryption.

1. Related Work

Law enforcement’s inability to decrypt many of the encrypted communication tools present in today’s technological world have recently become the focus of a number of ongoing debates among stakeholders. Numerous closely related works have already explored the issues faced by law enforcement’s need to access encrypted and password-protected mobile data. Especially when investigating terrorism attacks such as the one that occurred in San Bernardino. From the consumer’s perspective, there are those who would certainly prefer to keep their data secure, while many certainly seek optimal security within the state, and are willing to grant the FBI such access if necessary, so as to minimize pervasive crime. Corporate interests, including but not limited to communication application providers, nonetheless seek to ensure that their networks are recognized as being fully secure, so as to entice a larger customer base, therefore it’s certainly not fiscally appealing to follow through with the potential legal reforms [1]. Numerous closely related research articles have examined law enforcement’s ability and need to access password protected mobile data.

Watney (2016) discusses the extent to which mobile phone providers must assist law enforcement agencies. Watney’s article illustrates a possible solution to law enforcement’s issue, wherein the public must be made aware of the security threats posed by not granting such access. Stakeholders are analyzed as a dichotomous bunch, wherein consumers seek privacy rights, while producers seek to fulfill those requests. In order to persuade the producers to provide law enforcement with access to otherwise encrypted confidential data, law enforcement is urged to raise their concerns directly to the consumers. Consumers must be made aware of the crimes surrounding kidnapping, child pornography, corruption, and terrorism, since that will inevitably produce an emotional response, which can persuade the nation to conceptualize of security differently. Educating consumers on the stringent laws which would nonetheless apply to law enforcement -prior to having them gain such access,- should above all provide them with the necessary piece of mind pertaining to the fact that unless one breaks the law, they will not be affected by this shift. Fostering understanding will allow a change in the legislation to be accepted with open arms, wherein Americans will embrace change as a means for optimizing national security.

The going dark concern raised the question of whether or not the companies who encrypted data, were also responsible for creating a front door or back door access to decrypt such data. As seen throughout national tragedies such as the Paris attacks or the San Bernadino shooting; law enforcement has actively sought ways to bypass encryptions.

Finklea (2016) stipulates that there are varying implications and concerns surrounding the building of a backdoor for the “good guys.” Although law enforcement can and should utilize such technology appropriately if permitted to do so, the mere possibility that they can utilize it wrongfully, or the mere fact that it can potentially be exploited by individuals not associated with law enforcement is ultimately problematic, since it can potentially lead to data breaches, and large-scale hacking. Furthermore, Finklea expounds upon the current debate between the needs of law enforcement and the public’s need for privacy. Additionally, the incapability to monitor real-time communications and stored data is concerning, since it can threaten national security. Finklea states that congress must alter the electronic surveillance legislations pertaining to the coverage of mobile devices, and or it can/should eliminate the legality of data encryption wherein such data cannot be decrypted by law enforcement. To that effect, it would be impermissible to encrypt data without providing law enforcement with the clear capability of accessing it when and if necessary-via a back door, or perhaps a golden key of sorts. If law enforcement is to keep up with the ever changing technological world, Finklea urges for a greater investment in technology and in technologically-savvy personnel in order to navigate the internet in pursuit of subsequent crime. Such investments would also have to prohibit or at least limit the unauthorized use of backdoor technology; wherein malicious attacks can be implemented. Any time a loophole is made, there will be a large number of individuals whom will strive to take advantage of it.

Schroder explains that the encrypted communications application used in Android and iOS phones known as Signal or Signal Messaging Protocol is rooted by cryptologists and experts -such as Edward Snowden- as being impenetrable. It works by collecting vanishingly small amount of data from each user, so as to minimize any traces when transmitting data upon networks, and between users. When the FBI tried to overcome such barriers in a 2016 subpoena and gag order, the notorious encryption application was incapable of providing anything other than data pertaining to the date that the account of the accused was created, and when they were last connected to the internet.

According to a 2017 study by Cohn-Gordon et al., 2017 approximately 1 billion users currently utilize Whatsapp and Facebook Messenger. It can be summarized that the reason for the popularity in these apps may lie in the fact that the applications utilize ‘signal’ so as to minimize the probability of unauthorized data breaches. Cohn-Gordon et al stipulate that Signal utilizes a double ratchet algorithm in order to employ a set of ephemeral key exchanges, wherein every session instituted by users re-establishes a set of codes, so that even if a message is somehow decrypted, the probability of subsequently breaching every other message between users will be next to none.

The increase in the use of the signal protocol within private communications has resulted from a newfound need for security, wherein developers, scientists and technicians have catered to the consumer’s demands by delivering the utmost security. Cohn-Gordon et al. instituted a technical and a formal analysis of the cryptographic elements of the signal messaging protocol, and they stipulate that as the technology currently stands, no hacker will have the capacity to ever access data which had been encrypted under such a system.

Data encryption has been largely understood by legislators as a process which can be weakened; however, Tsing (2017) stipulates that encryption doesn’t actually work in such a manner. Instead, encryption algorithms can either encode sensate data, or “not”; however, there simply isn’t a “weaker intermediary process. Additionally, Tsing (2017) stipulates that although law enforcement may not have the capacity to directly unencrypt devices, and the data within them; they can engage in a number of processes aimed at optimizing their chances of having the perpetrator voluntarily decrypt their own device – by entering their passcode. It can be achieved by intimidating, and or detaining individuals until access is granted; or it can be accessed by eavesdropping on differing channels wherein the perpetrator may openly discuss the contents of the encrypted data. Lastly, Tsing (2017) stipulates that a back door may be problematic, because it will inevitably fall into the wrong hands over time; therefore the ramifications of leaking sensitive data from a larger populous can ultimately outweigh the minor barrier associated with inaccessibility.

III. PROPOSED WORK IDEA

1. A closer look at Signal Messaging Protocol:

The Signal Messaging Protocol was released in 2016 by Open Whisper Systems. It’s an improved version of Open Whisper System’s TextSecure Protocol, first developed in 2013.

Signal provides end-to-end encryptions of all communications between users; including text messages, chats, attached images, files and voice calls. Signal also allows for multicast encryption, meaning it provides end-to-end encryption for group chats as well. The protocol provides solid confidentiality, integrity and authentication. It even provides for forward secrecy, meaning it does not generate information that can be accumulated over time and then used to decipher the keys at a later date. However, it does not provide anonymity. This is because Signal does rely on servers to relay messages among users, and to store the public key of each user. As a result, message traffic can be attributed to specific users and does allow for administrators to collect metadata about each communication.

The core of the Signal Messaging Protocol is the use of the Double Ratchet algorithm. The Double Ratchet algorithm is based on using each party’s individual public and private keys to generate a shared secret session key that is used to encrypt the message traffic flowing between the parties. The parties create a new secret key for each new message session they initiate. To accomplish this, Signal deploys the following cryptographic technics/algorithms throughout its process:

Elliptic-Curve Diffie-Hellman (ECDH)

Advances Encryption Standard 256 (AES-256)

Secure Hash Algorithm 256 (SHA-256)

Initialization Vector (IV)

The Process:

When a user sets up a communications account that uses Signal, the application (i.e. WhatsApp, Facebook, etc) that is installed on the user’s end-point device (i.e. smart phone) locally generates three sets of keys through the use of ECDH:

1. Identity Key Pair – long term use
2. Signed Pre-Key – medium-term use
3. A batch of One-Time Pre-Key Pairs – one time use only and replenished as needed

The above public keys of each set are then sent to the server of the application provider and stored under the user’s account identifier for later use.

When a user attempts to connect with another user to create a session, the initiating user account requests all three public keys (Identity Key, Signed Pre-Key and a One-Time Pre Key) related to the account the initiator is requesting to communicate with (the recipient). Once the account server delivers that information to the initiating account, those keys are combined with initiator’s keys through a series of four evolutions of EDCH to generate a single Master Secret Key.

The Master Secret Key that is generated by the initiator is then sent to the recipient to establish the session along with the initiator’s public keys. The recipient then uses the Master Secret Key, the initiator’s public keys along with its own private keys to generate a Root Key and Chain Keys.

1. The Root Key is a 32 byte value that is used to create the Chain Keys
2. The Chain Key is a 32 byte value that is used to create the Message Key
3. The Message Key is a 80 byte value that is used to encrypt the contents of the message. The 80 bytes are comprised of 32 bytes for a AES-256 key 32 bytes for a SHA-256 key and 16 bytes for an IV.

Once the session is established, messages can begin to flow back and forth. Furthermore, the session remains connected even in between communication flow, for as long as both user accounts are established and functioning. However, the real advantage and security of Signal comes from the dynamic Message Key that is continuously changing through the entire existence of the indefinite session. This is a process referred to as Double Ratcheting.

Double Ratcheting:

With Double Ratcheting, every time a new message is sent by a user, the chain key shifts forward (or “ratchets” forward), thereby changing the message key used to encrypt the contents of the message. This is accomplished using the following calculations:

Chain Key = HMAC-SHA256(Chain Key, 0x02)

Message Key = HMAC-SHA256(Chain Key, 0x01)

This method not only adds additional strength in the overall encryption, it also creates “forward secrecy” because previous Message Keys become useless in decoding current or past messages.

Each time a new message is received by a user, a new ephemeral public key is sent along with it. That key is then used to generate a new Chain Key and Root Key.

1. Possible Methods of Interception for Law Enforcement possessing legal authority:
2. Serve legal process on application providers to obtain all public key information stored on provider servers. Then ascertain if the private keys generated are in any way a derivative of a unique identifier of the end point hardware, such as the device telephone number, IMEI number, MAC address, etc. If that is true, explore the possibility of calculating the private keys and then replicating the creation of the Message Key.
3. Identify legal technical approaches to infiltrating the targeted end point device so that message can be examined post decryption.
4. APPROACHES

Acquiring the public Identity Key, Signed Pre Key and any One-Time Pre Keys from the application provider’s servers for a given user account via court order or search warrant is extremely feasible. However, for that to be of any use to law enforcement in regards to decryption, it would have to be married up with the user’s private keys. As was intended by the protocol’s developers, private keys are generated solely by the end user device and are never transmitted to the application provider. Therefore, the private keys are not obtainable through the service of legal process on the provider. The technical specification of the protocol does not specify what is used as initial inputs by the end point device to generate the ECDH output that is then designated as the device’s private key. Additional research will be done to learn how end point devices using the Signal Messaging Protocol generate the initial algorithm inputs. If it is found that the unique identifiers of the hardware device or service provider account, then that information could also be obtained through investigative techniques and further legal process. Investigators would then have to conduct the calculations themselves to identify the private keys, but it could lead to the ability of the law enforcement to effectively clone the investigative targets Signal Messaging account and then receive all incoming and outgoing decrypted messages.

If the first approach is not feasible because it is found that private key generation by the end point device is truly random, then the only other plausible approach by law enforcement would be to infiltrate the end point device itself. Although this is already feasible from a technical capability perspective through the use of various known exploit tools, such approaches present significant legal challenges. The traditional legal approach to intercepting the communications of investigative subjects is to serve legal process on the remote communication provider to order them to route a copy of the message signal to the monitoring plant of the law enforcement agency. It does not entail a physical breach or intrusion of a subject’s property. Additionally, that legal process only permits law enforcement to have access to the specific mode of communication (i.e. phone calls) for which probable cause to intercept has been established. However, infiltrating an end point device for the purpose of examine decrypted Signal messages would, by default, give investigators unfettered access to all the content on the device. Such a prospect is sure to cause serious reservation amongst most judges asked to approve such a technique. This research paper will explore methods and ways in which end point devices could be covertly infiltrated while still limiting law enforcement’s access to the entire device.

2016. Watney. “Law Enforcement Access to Password Protected and/or Encrypted Mobile Data.” 2016 11th International Conference on Availability, Reliability and Security (ARES) p. 399-405, 2016.

K, Finklea. Encryption and Evolving Technology: Implications for U.S. Law Enforcement Investigations. Congressional Research Service. P.1-15, 2016.

S, Schroder. “When SIGNAL hits the Fan: On the Usability and Security of State-of-the-Art Secure Mobile Messaging.”University of Vienna. p.1-7, 2017.

Open Whisper Systems, “Signal messenger,” online, 2016, https:// whispersystems.org.

2015. Rottermanner, P. Kieseberg, M. Huber, M. Schmiedecker, and S. Schrittwieser, “Privacy and data protection in smartphone messengers,” 2015.
2016. Tsing. “Going Dark: Encryption and Law Enforcement.” Malwarebytes. 2017.