There long had been speculation about the various ways in which the National Security Administration (NSA) was conducting its surveillance activities. Then, in 2013, Edward Snowden’s sweeping document dump revealed that even the most wild-eyed theories were true.
At first Halderman and his colleagues were both devastated and disgusted by the nearly incomprehensible reach of the grab — and the amount of money that must have been spent on it.
“It took a while to digest,” Halderman says.
Enlarge
IMAGE: Halderman begins most mornings in Mighty Good Coffee and other coffee shops in downtown Ann Arbor, answering e-mails and caffeinating, before making the trek to North Campus.
But by 2015, Halderman and a sizable group of collaborators — including several Michigan students and a number of colleagues from a handful of other institutions — published the revelatory “Logjam paper,” based in part on the Snowden disclosures, that answered the question everyone had been asking: How did the NSA break so much encryption that cryptographers had believed was virtually unbreakable?
The key to the paper, which Halderman calls “one of the most satisfying things I’ve ever done,” involves the Diffie-Hellman key exchange, which, ironically, was the algorithm widely advocated as a defense against mass surveillance. As Halderman explains in the Freedom to Tinker blog Diffie-Hellman users must first agree on “a large prime number with particular form.” But standardized primes had become commonplace, which left Diffie-Hellman vulnerable to being “cracked” with just one enormous calculation.
Halderman concedes he “can’t prove for certain” that this is what the NSA does. But that “enormous” calculation, conservatively estimated, would cost an equally enormous amount to complete. And among the Snowden trove are budget documents that make it clear that such an NSA investment is both affordable and likely. Halderman says he’s “been told” that NSA officials are not exactly pleased with his work.
It’s now well known that the NSA seeks to be able to intercept anything at any time. What it intercepts and investigates should depend on what it believes is in the nation’s interest at any given time. But how many others are capable of doing the same — and what are our protections, Halderman asks, “against a U.S. administration with a lenient view of its constitutional obligations?”
Since the paper’s publication, all web browsers have raised their minimum security standards, and the next version of TLS — the cryptographic protocol that underlies HTTPS — will be significantly stronger as well.
Enlarge
IMAGE: Halderman lectures to EECS 388 students about the Heartbleed Vulnerability, a major security bug that occurred in the OpenSSL cryptography library, which is a widely used implementation of the TLS protocol. Halderman and his researchers helped bring attention to this vulnerability in 2014.
And now the Department of State has awarded a multi-million dollar grant for Halderman’s most ambitious undertaking yet. Michigan is leading a major multi-institutional project — including Halderman’s former PhD student at the University of Colorado, colleagues at the University of Illinois and researchers at the development giant BBN Raytheon — to thwart attempts to censor access to online content.
This concept of censorship resistance, using a method called decoy routing, “is a radical idea that we’re trying to make real,” Halderman says.
It first came to Halderman in 2011, but even after several years and more than one iteration — including a prototype that has provided basic service to more than 100,000 clients — “I’m still amazed that it works,” Halderman says.
That’s because the basis of decoy routing contradicts the core “end-to-end” principle of how the Internet is supposed to work. This principle holds that nearly all of the Internet’s intelligence and complexities are at the edges of the network, where users reside. The network itself merely shuffles packets from here to there, without even knowing what’s in them. This “dumb” network might not even see all the packets and has very little time to do much with them, anyway.
Efforts to dodge government censors have involved the use of Tor anonymity software and Virtual Private Networks, but this “whack a mole” method on the edges has become increasingly ineffective. Instead, Halderman says, “We’re trying to do these very complicated things in the middle of the network, in real time, as the data is going by.”
Decoy routing, in essence, would attach “decoy” routers to servers in various strategic junctions of the Internet backbone. To visit a banned site within a censor’s network, a user would install encryption software to establish a decoy connection with a non-banned site outside the censor’s network. This request would look allowable to the oppressive regime, but on its way to the censor-allowed site it would pass through one or more friendly ISPs, which would divert the connection, bypassing the censor and connecting it to the banned site.
Network hardware and processors are just getting fast enough to do this at large scale, and that’s the current state of the project: Bringing the current iteration of the decoy routing concept, called TapDance, to scale.
“As you start to learn more and more about technology you fall into a certain way of thinking about it,” Halderman explains, pacing his office before crawling up on a windowsill and looking out.
“You might call it conventional wisdom, but I think more precisely it’s the structure of abstraction that we use to make complicated technology amenable to thought,” he adds, hopping down and prowling around like a restless cat.
Halderman is putting that inside-out thinking to the test as he and his team attempt to build decoy routing and establish incentives for Internet Service Providers, compensating for risks they could incur by agreeing to place decoys along the backbone.
The team is aware of proposed and potential countermeasures, which it’s already taking into account. But either way decoy routing is a fundamental advance that will put those fighting censorship in a much more advantageous position than before.
“And this must be done,” Halderman says, because “it’s not certain in the longer term if the Internet will be dominated by the distribution of information, or by the control of it.”