A case for opportunistic encryption on the web

Share this article:
Ivan Ristic, director of engineering, Qualys
Ivan Ristic, director of engineering, Qualys

When, in 2010, I scanned about 90 million web sites (all .com, .net, and .org domain names that existed at that time) in order to determine their support for encrypted communication, I was dismayed to discover that only about 0.5 percent had means to protect their data in transit. The vast majority made no attempt to encrypt anything. Looking at only the top one million websites, the situation is better, but—with only about 10 percent of those sites supporting encryption—not significantly better.

Websites fall roughly into three groups. In the first group are those who care about security and have the knowledge and the means to pursue it. The second group consists of those who might be aware of the importance of security and encryption, but have and spend only limited time on them. Finally, in the third group are those who do not care about security or are not aware of the security issues; as a result, they use no encryption whatsoever.

Given that our security technologies are still rapidly evolving, most of the effort is still being spent on helping the people in the first two groups. And we're getting better at it, too. After nearly 20 years since the first public version of SSL—the protocol that secures most of the internet—we are finally getting close to getting the encryption right.

But, important as that work is, no progress is made on helping the third and the largest group, those who do not use encryption at all. Given that those web sites do not spend any effort to secure themselves, what can we do to help them?

There are two main types of attack against communication: active attacks and passive attacks. Active, or man-in-the-middle (MITM), attacks typically require a lot of effort and specialised tools. They are demanding because breaking or bypassing encryption is difficult. Against properly secured sites, MITM attacks are very difficult to carry out, and they are impossible to execute at scale without anyone noticing. Equally, defending against MITM attacks is difficult; it requires awareness, skill, and resources. Most sites don't have all three, which explains our current situation.

In view of this, it seems that there isn't a magic bullet that would enable us to defeat active attacks across the board. But, as it turns out, active attacks are not necessarily what we should be worried about most. Because active attacks require a lot of effort to execute, they are hard to justify, can be used only against a small number of targets, and, as a result, don't happen that often when you look at the world as a whole. Passive attacks are where the fun is.

“Passive attacks” is just another name for recording unencrypted data and keeping it for a very long time, until it is needed. Such attacks are very easy to carry out and only require access to the underlying communication channel. Being on the same Wi-Fi network as the victim is sufficient, but most attacks are far more ambitious. We now know that passive attacks are carried out on a massive scale, whereby all internet traffic is recorded at key data exchange points, and stored in a form that enables automated analysis and correlation.

Fortunately for us, what makes passive attacks easy to execute also makes them easy to defeat: we just need to encrypt the communication. The concept is known as opportunistic encryption, and is rather simple: the idea is that any encryption is always better than no encryption. This approach is not sophisticated enough to defeat a determined targeted attacker, but it is good enough to defeat passive attacks. After all, most communications are not being actively intercepted, which means that opportunistic encryption provides sufficient protection.

The best aspect of opportunistic encryption is in the fact that it can be built into our infrastructure and deployed transparently for everyone. Those who need higher guarantees would continue to need to make the effort to secure their systems, but everyone else gets to be protected from passive attacks with no work at all.

We already have all the required technologies to start deploying opportunistic encryption tomorrow. What remains is that final step where the web browser and server vendors agree to use it. If we manage to do this, then after a few short years of waiting for the new technology to spread, we will have arrived at a much safer web, and one that is robustly safe from mass surveillance.

Share this article:
close

Next Article in Opinions

Sign up to our newsletters

More in Opinions

Unfair competition: Proactive preemption can save you from litigation

Unfair competition: Proactive preemption can save you ...

With each job change, the risk that the new hire will bring confidential information or trade secrets with him or her to the new company grows.

Hackers only need to get it right once, we need to get it right every time

Hackers only need to get it right once, ...

Hackers only need to find one weak point to steal valuable information. On the flip side, security pros need to account for every possible scenario.

Successful strategies for continuous response

Successful strategies for continuous response

While it isn't realistic for organizations to expect that it will never happen to them, a rapid, professional and continuous response can limit their scope and reputational impact.