If there is one technology that best protects internet users from scammers, hackers and nation-state threat actors it’s encryption. Fortunately, the web is currently undergoing a massive transformation from a non-secure HTTP format, the initial underlying protocol for all communications on the web, to HTTPS, which ensures communications between browsers and websites are secure via encryption.
Few organizations have done more to push encryption technologies onto the internet’s vast jumble of websites than the Electronic Frontier Foundation (EFF). “Ten years ago, there was basically no encryption on the web,” Dr. Jeremy Gillula, technical projects director at EFF, said during a talk at Shmoocon.
Internet surveillance spurs encryption efforts
In 2006, a surprise development pushed encryption higher up on EFF’s agenda. On January 26 of that year, former AT&T technician Mark Klein walked into of EFF’s offices, unsolicited, with the astounding story of how the NSA built a secret spying room in AT&T’s San Francisco facility that gave it access to all internet traffic traveling through that, and probably more, AT&T facilities.
What enabled that mass surveillance is the fact that NSA was scooping up plaintext content. To EFF, allowing the NSA to scoop up plaintext was a technology problem, Gillula said. So, EFF partnered with privacy-oriented browser developer The Tor Project to launch in 2011 “HTTPS Everywhere” as a browser add-on that encrypts users’ web traffic.
When EFF launched HTTPS Everywhere, only 1,000 websites used HTTPS, in which communications are encrypted using Transport Layer Security (TLS) to authenticate the site and protect the privacy and integrity of the data in transit. By August 2018, over 50 percent of the Alexa top million websites were actively redirecting to HTTPS, according to security researcher Scott Helme. Moreover, most browsers have by now incorporated HTTPS by default.
Another startling development prompted EFF to accelerate its work on encryption. In 2013 Edward Snowden told the world that NSA is basically watching everything users do online. “We decided to rate companies in terms of how they’re doing on encryption,” Gillula said, by issuing an “Encrypting the Web Report,” which rated the top internet companies across a scorecard matrix of technical characteristics that add up to good encryption.
The naming and shaming worked. “By putting this thing out, there were several companies that worked hard to get checkmarks across the board.”
Still, a “long tail” of websites wasn’t encrypted even after these efforts. TLS was not ubiquitous as recently as 2015 and even Google would link to a sign-in page that was not encrypted. “If Google can’t get this right, how can we expect the average person to figure out how to do this right?” asked Gillula. Even just three years ago, setting up TLS was tedious, difficult and expensive, requiring small websites to pay outside experts on a contract basis and then purchase expensive certificates.
EFF, along with the University of Michigan and Mozilla, set up a free certificate authority called Let’s Encrypt to tackle the difficulties and lower the cost for sites to adopt HTTPS. The goal of that effort (which has now been spun off into its own non-profit) was to eliminate the obstacles of setting up TLS and installing HTTPS certificates by automating certificate issuance and making certificates free.
Three new encryption technologies
“In my opinion, we kicked butt” with Let’s Encrypt, Gillula said. “But we’re also not satisfied. We want to expand from just the web to all of the internet,” Gillula said. Toward that end, EFF is focusing on three new technologies to push encryption deeper into the internet infrastructure.
The first technology is encrypted server name identification (SNI). SNI is an extension of the TLS protocol that allows multiple encrypted websites to be run on the same server through a single IP address. It indicates which hostname to contact and is sent in plaintext, which “might be enough to tell someone I’m a dissident because I’m going to a dissident website,” Gillula said.
The solution is to encrypt SNI, which allows the user’s client and server to generate a shared encryption key over an untrusted channel to block the identity of the website to which the user is trying to connect. Even with encrypted SNI, an attacker could still look at the unencrypted domain name given the current domain name system (DNS). The solution, of course, is to encrypt the DNS.
Two proposals are floating around to accomplish DNS encryption: DNS over HTTPS (DoH) and DNS over TLS (DoT). DNS over HTTPS is a protocol for performing remote DNS resolution via the HTTPS protocol. DNS over TLS is a method for encrypting and wrapping domain name system queries and answers via the TLS protocol.
The upside of DoH is that it’s very hard to censor, Gillula said. The downside is that it would make it harder for network operators to monitor for malicious activity. The trade-off is exactly the reverse for DoT: It’s easier for network operators to monitor for malicious activity but also easier for censorship-prone regimes to censor. “EFF has not really come to a conclusion yet about which of these we think is the right answer,” Gillula said.
Encrypted SNI and encrypted DNS deal with greater security on websites, but what about old-fashioned, chronically insecure email? “Email is the cockroach of the internet. When the singularity has come, the hive mind will communicate via email because email will not die,” Gillula joked.
STARTTLS is an email protocol command that signals to an email server that the email client wants to turn an insecure connection into a secure one. STARTTLS is susceptible to a downgrade attack, and it’s trivially easy to strip out email headers under the protocol. Most mail transfer agent (MTA) software these days does not validate certificates. “An attacker in the middle can just sign its own certificate and say ‘I’m Google and you’ve got an encrypted connection with me.’” Gillula said.
“This is not theoretical,” Gillula said. “In some countries the STARTTLS header is being stripped out at ridiculous rates,” such as in Tunisia, where it’s happening with 96 percent of email.
The solution to this problem is SMTP MTA-STS (Mail Transfer Agent Strict Transport Security), which enables domain names to opt into a strict TLS mode that requires authentication of valid public certificates and comes equipped with encryption. Getting this relatively new protocol out into the wild requires a lot of steps, including making sure mail servers support STARTTLS, using certbots to make sure mail servers can get certificates, making it easy for sysadmins to receive failure reports, and making it easy for sysadmins to post MTA-STS DNS records and policies. To address this last issue, EFF has launched “STARTTLS Everywhere” to make it easy for mail server admins to automatically generate an MTS record and certificate for easy posting wherever needed.
Another encryption scorecard on the way
How will EFF get to these next levels of encryption? “We’re going to do another scorecard before too long. We’re going to evaluate your modern cryptography and we’re going to publish something about it,” Gillula said. “If you’re a security engineer…this is your excuse to say ‘EFF is going to start shaming us about it.’”
The new scorecard could be out in a month, it could be out in a year. Gillula told CSO that if encrypted SNI, encrypted DNS and MTA-STS are included, they will only be part of any new scorecard matrix EFF puts together. “There are other technologies we might include [such as TLS 1.3 and HSTS support] and we haven't finalized the criteria yet. In fact, depending on timing, some of the three I mentioned might not be included, since some of them are still so new.”
EFF’s agenda to encrypt the entire internet is an ambitious one, particularly given the technology challenges. “We have eight software developers that are doing all of this work,” Gillula said.