The Apple and the Titan
On the 16th of February 2016, Apple released an open letter declaring that it had been asked by the FBI to provide a key to their proprietary operating system to help them fight terrorists.
Initially, this made a great deal of sense. The terror attack in San Bernardino was horrifying, and a perpetrator of that attack owned an iPhone that was accidentally reset by the FBI. Currently, the security measures on an iPhone are very difficult to break, if not outright impossible.
I would like to propose a system by which both parties can get what they want, without compromising the security of a user and helping intelligence agencies obtain vital information in combating terror.
The youtube channel Veritasium, hosted by Derek Muller, visited a retired Titan II missile silo in July of 2015. The docent showed Mr. Muller the process to fire a nuclear missile. The process breaks down in a few sections.
- First, the officers manning the station receive a message and transcribe it in two separate notebooks. They each have a code to a safe holding authentication codes, neither knowing the other code to open the safe.
- Once the safe is open, the two officers retrieve an envelope labeled with the first two digits of the code they received, the complete code is inside the envelope. If the two officers agree that the code matches the message they received, they proceeed to the next step.
- A six-digit code is also entered into a console on the wall (with approximately seventeen million combinations, only one activating the missile).
- With this done, the two officers then insert their keys into two keyholes (spaced a good distance apart) and turn them within two seconds of each other. After holding the keys in position for five consecutive seconds, the missile was sent on its way.
The entire system was designed so that no one person could fire a missile. No single person was trusted with so much power, and I feel this kind of system represents the best compromise possible.
In practice, the FBI would present Apple with a court order for this specific phone to have it unlocked (the authenticated message). After agreeing that the phone is to be unlocked, a representative from each party would meet in the presence of a court official (a neutral party to ensure everything being done is correct). They would each show proof of their affiliation to the court official, and then proceed to unlock the phone.
The phone itself would be updated with a code patch specific to that phone, changing the lock screen to a password screen. The password screen would request a login code from each representative (the first combination code), and then permit them to attempt to unlock the phone itself. The phone will be updated again with an algorithm that will only unlock if both codes are accepted as being valid. The unlock algorithm will only be sent to the phone for authentication after a successful login (the six-digit code).
Once the phone is updated, the two officials will be sent their login codes. A seven-digit alphanumeric code would take almost three days to break, but rendered useless once used. After a successful login, the two representatives will be given a 16-digit alphanumeric code. After receiving the codes, the codes are entered, thus unlocking the phone for further prosecution by the intelligence agency in question. These codes would be generated separately, one set each, by Apple and the intelligence agency.
Using a free website for calculating brute-force attacks, it appears that a random 16-digit code would take a very long time to break. On this site I entered “16” in the “Random Alphanumeric” option and clicked “Submit”. The site returned the following:
- “This 16 character passcode has 47,672,401,706,823,532,720,689,250,304 combinations. It would take 924,966,331,160,462,976.00 hours or 38,540,263,798,352,624.00 days to crack this passcode on a computer that attempts 25,769,803,776 passwords per hour. This is based on a typical 2008 PC processor under a 10% load.”
For clarity, the above text states that a random 16-digit alphanumeric code (without special characters) would take approximately 105 billion years to break using a computer from 2008 under 10% load, attempting over 25 billion password combinations per hour. A second 16-digit code would make this process nearly unbreakable, disregarding the requirement for a special patch from Apple that is relevant to this phone, with a special one-time-use login for the two codes to be entered.
Even considering recent advances in technology, this system would be nearly impenetrable to an outside attacker. It’s worth considering.