From Zoom to Blockchain, take a good look at global security risks
Have you ever had such doubts? Do communication software like WhatsApp, peek at the messages or pictures we send to friends?
I think most people’s answers are yes.
Yet, these communication software still make a large part of our lives. People are left only with the choice to “trust the company” and convince themselves that such big companies would not dare to do such despicable things.
“Commercial communication” and even “government meetings” have increased their usage in instant messaging. Since the outbreak of the COVID-19, Google Meet’s daily usage has grown by 30 times, and the number of people participating in Google Meet meetings per day has exceeded 100 million people.
If one day, people no longer believe in the companies that hold their private datas, is technology ready to prove the innocence of the companies?
When the problem changes from “security vulnerability” to “trust collapse”
This year in april, Zoom, the video conferencing software, was questioned about sending conference data to China. In addition, the sensitive identity of the founder Yuan Zhenghua touched the nerves of many people, including Taiwan. Many countries and organizations ordered that Zoom be banned and substitute it with other videos or software replacement, such as Cisco Webex, Microsoft Teams or Google Meet.
The goal of information security is to protect information and information systems from unauthorized or destruction, not the own evil of the hosts.
The reason why this incident caused such a big reaction in the market is not just the so-called program vulnerabilities. (it seems fair to say the vulnerabilities of other big factories are nothing lesser). The author believes that the main idea is that people have changed their attitude toward Zoom, and now it is more of a “trust collapse” than a “security vulnerability”.
It is precisely because people’s understanding of communication service providers is their belief that such companies would not leak rather than cannot access their personal information. Thus, once people start to distrust this service provider, I am afraid it is not as simple as dealing with a security loophole problem.
Yet can’t a manufacturer prove itself that one cannot do evil through technology even if they want to?
The ultimate level of trust is that any kind of single trustless is not needed, yet parties can still cooperate with each other…
Can a service provider like Zoom impose some restrictions on itself to logically directly prove that he cannot do evil? In the following we elaborate on this important topic.
End-to-end Encryption
Communication privacy is not a new demand, and mainstream communication services such as WhatsApp, iMessage, and LINE have also invariably pointed out that “end-to-end encryption” is a technical solution in recent years. We now follow the ideas of our predecessors to elaborate on the mechanism of end-to-end encryption and whether it can really avoid the manufacturers from evil deeds. A sweet reminder, you can skip the paragraph if you have a basic understanding of “end-to-end encryption”
Message encryption-Service providers are solely transmitters of encrypted messages.
Assuming that Alice and Bob start a video conference in Zoom, as long as Bob encrypts the video content before sending it, which later is decrypted by Alice, it can prevent that someone peeked in the transmitting process.
This is the “symmetric encryption method”-the most widely used encryption method at present. The key ,used to decrypt the transmission content , are shared between the members. Forasmuch as the key is well kept, the member’s Intercommunication is basically safe.
The point is not whether Zoom stores or transfers the data, but whether the data is encrypted and only the meeting members have access to decrypt it.
The question is … how can the key be given to the other party?
Once the key is involved in the transmission, it is exposed to the same threat of being snooped.
Do Alice and Bob have to see each other every time they exchange keys? (In the 1970s, there were really special positions in big banks, carrying safes and flying around the world to deliver keys to customers.)
In order to solve the risk of the key being stolen during transmission, people later came up with a method — “asymmetric encryption” to handle the key communication. The data encryption process is now indispensable for the various network services we use every day is indispensable, such as the transmission security protocol of the web page HTTPS.
Next, by virtue of letting all readers understand the feasibility of “Trustless end-to-end encryption”, the following briefly introduces the principle of asymmetric encryption applied to the communication key.
Returning the story, this time both sides will have two keys instead of one. First, Alice and Bob will generate a set of asymmetric keys respectively; a set of two keys will be generated at the same time through a mathematical algorithm. One is called a public key and the other is called a private key. (As shown below)
The asymmetric encryption method has the following characteristics: if Bob uses his public key to encrypt data, only Bob’s private key can unlocked the data; on the contrary, if Bob uses his private key to encrypt (it is often used for signature purposes ), Only Bob’s public key can unlocked the data.
When this method is implemented, everyone must disclose their public key so that others can find it. Let’s first assume that everyone uploaded their public key to the service provider Zoom, and because the service provider possesses personal identification information, this public key will be bound to Alice’s or Bob’s identity. (As shown below)
When it comes to exchanging keys, two encryptions are needed. Bob first gets “Alice public key” through the service provider, he then uses the “Alice public key” to encrypt the key, and then encrypts the result once with the “Bob private key”, and then sends it to Alice through the service. (As shown below)
At this time, Alice can use the “Bob public key” she obtained from the service provider to unlock the first layer. If it is successfully decrypted, according to the principle of cryptography, it means that the information must be encrypted by Bob’s private key, so it is verified. The information was sent by Bob. Next, Alice uses her private key to unlock the second layer and obtain the final information- the key Bob wants to give Alice. As long as Alice ensures that only herself owns the private key, no one includes the service provider Zoom can unlock it. (As shown below)
At this point, Alice and Bob have finally exchanged the key, and can use that key to carry out encrypted communication. Of course, there are more details and changes in the implementation, but this case explains the general concept.
As long as the communication service provider claims to use end-to-end encryption, can we ensure that they cannot decrypt the communication content?
Asymmetric encryption magically solves the problem of key communication. It seems okay to conclude that manufacturers can no longer spy on the privacy of communications, right? Think about it carefully, something seems strange…
Judging from the logic of cryptography, the following two conditions must be met for the encryption mechanism to be fully effective:
- The service provider cannot get the private keys of Alice and Bob
- The one Bob got when requesting Alice’s public key must really be hers.
1. The service provider cannot get the private keys of Alice and Bob
This can be achieved by technology. The public and private keys have to be generated on the user’s local side, such as the user ’s App. Also the local code must be open source, ensuring that no backdoor program secretly uploads the private key, protecting it from service provider’s access.
The requirement for open source local programs is a bit difficult for software companies, such as WhatsApp, which have started end-to-end encryption in 2014, still don’t realize it. Yet, there are still end-to-end applications like Telegram or Signal on the market providing encrypted and open source client service. Therefore, we can say that there are no technical obstacles to satisfy the first demand.
By the way, Signal is a communication software endorsed by Edward Snowden and cryptography master Bruce Schneier. If you are interested in private communications, you must not miss Open Whisper Systems, a non-profit organization founded by Signal founder Marlinspike.
2. The one Bob got when requesting for Alice’s public key must be really Alice’s
This is probably not as easy as the first demand. Assuming that all users upload the public key to the service provider and request the public key from the service provider, you can never be sure that the service provider gave you the real Alice public key. Exaggeratedly speaking, the service provider can even fake Alice and Bob at the same time to steal or modify the content of the message. (ie man-in-the-middle attack, as shown below). The back-end program is running in the service provider’s environment, not in the hands of users, so it doesn’t matter a lot if it is open sourced.
In this way, it seems to circle back to the origin problem. We still have convinced ourselves that the service provider will take good care of the public keys and be honest when handing out the public key information.
As long as the service provider is willing to, he is still able to eavesdrop on the private communications between users!
This conclusion is indeed a bit frustrating … ,but the world can still work!
It can be said that the communication software service provider should possess the most secrets in the world. The Internet services we rely on today are indeed based entirely on the basic assumption that service providers will not do evil:
“Such a big company like Google would not destroy its future for my own little privacy, would it?”
It is through this game psychology that the service provider and the client reached the Nash equilibrium. For companies, not playing with users’ data is more beneficial to itself. And as for users, believing the companies blindly seem to be more favorable(optimal). This is how the business trust is built up, and the strong foundation supports many business activities in the world nowadays.
Is this the limit of human collaboration technology?
Of course not, this is just the limit of the centralized solution.
Let’s review the core of the problem, which is the lack of a perfect public key bulletin board (that is, Public Key Infrastructure, hereinafter referred to as PKI), according to what we expressed in the article:
PKI should be auditable (Audit trail), and is best to be open and transparent, because the public key is not afraid of being peeped but being secretly changed. It must ensure a high degree of availability (High Availability and Replication), and cannot refuse users request of the public key, because once the public key is not found, it equivantly means the other party has lost its identity.
Isn’t this what blockchain is best at? The blockchain has the following characteristics: transparent records, traceability, non-tampering,multiple nodes to ensure Fault Tolerance, and any node queryable; if PKI is built on the blockchain, we can ensure that the public key is traceable and not replaced. We can therefore conclude that it is possible to constraint any single subject from doing evil on a technical level, enabling the communication service to reach true Trustless. (The company where the author works, BSOS, has collaborated with prestigious customers to experient on the feasibility of “the combination of public key infrastructure with blockchain.”)
What is the biggest difference between blockchain solution and traditional solution?
From a business point of view, the biggest difference between these two solutions is “the cost of maintaining trust”
When the relationship between the enterprise and the user is based on “the trust of the enterprise”, enterprises are destined to continue supporting this trust through various “indirect” ways. As the other end of the scale continues to accumulate, the cost is feared to be expanding infinitely. Followings are some commonly seen trust costs:
- Corporate brand or goodwill
- Compliance (Enterprises spend a lot of money each year to comply with specifications or standards such as ISO27001)
- Handed over to a third party (the third party itself also needs to pay a lot of costs to maintain trustworthiness)
- Enterprises make themselves bigger and bigger (this is the most common way, but the margin benefits are gradually decreasing)
On the contrary, the trust cost of Trustless’s is not a bottomless hole that rises year by year. In terms of the above-mentioned blockchain PKI, it is possible that only dozens are required to participate and serve as nodes, and a trusted blockchain PKI can be built to serve a family or even many companies. If the PKI is built on a public chain such as Ethereum, even the initial construction cost can be saved, with the handling fee only paid when recording the chain. In this way, the trust cost of these companies can be almost constant, and they no longer need to spend huge amounts of resources to win trust from customers.
The implementation of Trustless not only considerably reduces the cost of maintaining trust for large enterprises, but what is more valuable lies in the reduction of the threshold for small-scale innovation services to be trusted by people. The transaction costs and innovation value of the entire society may be reconstructed.
With a Slight Expansion of Imagination ..…
The use of blockchain as a public key infrastructure is also one of the important ways to achieve “Self-Sovereign Identity” (hereinafter referred to as SSI), which relates to whether people can “really own” their own identity and digital behavior control. For example: medical data that sticks with people, a reliable referendum, etc., these future ideals that are often mentioned all depend on a trusted public key infrastructure.
Regarding the issue of blockchain PKI or SSI, although the technology has almost reached completion, yet the road to realization is very far away. For example, “How to bind the user’s social identity to the public key?” is tough to implement, and even requires the government or Citizen organizations to co-build the infrastructure. This article only addresses a new idea about the possibility of communication service providers trustless. In the future, we can also discuss SSI in a special article.
Let’s think about blockchain
Due to my work, I often answer my friend’s question: What can blockchain be used for?
The reason why this question is not easy to answer is that the problem-solving framework of blockchain solutions is not what people are familiar with. As mentioned in this article, the blockchain resolves the crisis of trust in a decentralized manner when the centralized solution reaches the limit and the cost of business trust is unbearable. BSOS is more than willing to share our insights of blockchain thinking with everyone.
The purpose of this article is mainly to create a scenario through the events of Zoom and brainstorm together: what kind of problem is the blockchain technology colliding with (although PKI is only one of many blockchain applications ), and provide a “business perspective” to measure the practical value of blockchain:
Reduce trust costs (lower transaction costs)
Is blockchain an illusory hype? Or the black technology that will conquer the universe?
To those who have read here, what is the answer? From the eyes of our front-line practitioners, blockchain is not mysterious at all, and sometimes even a bit boring, but we are sure that what it is trying to solve is indeed a solid hard problem. Many companies like BSOS are using blockchain thinking to solve certain problems and continue to advance the boundaries of this field.
