Transparent decryption

Last updated October 22, 2024

Transparent decryption is a method of decrypting data which unavoidably produces evidence that the decryption operation has taken place.^[1] The idea is to prevent the covert decryption of data. In particular, transparent decryption protocols allow a user Alice to share with Bob the right to access data, in such a way that Bob may decrypt at a time of his choosing, but only while simultaneously leaving evidence for Alice of the fact that decryption occurred. Transparent decryption supports privacy, because this evidence alerts data subjects to the fact that information about them has been decrypted and disincentivises data misuse.^[2]

Applications

Transparent decryption has been proposed for several systems where there is a need to simultaneously achieve accountability and secrecy. For example:

In lawful interception, law enforcement agencies can access private messages and emails. Transparent decryption can make such accesses accountable,^[2] giving citizens guarantees about how their private information is accessed.^[3]^[4]
Data arising from vehicles and IoT devices may contain personal information about the vehicle or device owners and their activities. Nevertheless, the data is typically processed in order to provide user functionality and also to investigate and fight crime. Transparent decryption can be used to help users monitor when and how data about them is being accessed and used.^[5]

Implementation

In transparent decryption, the decryption key is distributed among a set of agents (called trustees); they use their key share only if the required transparency conditions have been satisfied. Typically, the transparency condition can be formulated as the presence of the decryption request in a distributed ledger.^[2]

Alternative solutions

Besides transparent decryption, some other techniques have been proposed for achieving law enforcement while preserving privacy.

Solutions that allow competing parties to unify their data access policies. Attribute-based encryption with oblivious attribute translation (OTABE) is an extension of attribute-based encryption that allows translation between proprietary attributes belonging to different organisations, and it has been applied to the problem of law-enforcement access to phone call metadata.^[6]
Solutions that rely on sophisticated cryptography, such as zero-knowledge proofs that the actions of law enforcement is consistent with judge rulings and the actions of companies, and multi-party computation to compute results.^[7]

Related Research Articles

In cryptography, encryption is the process of transforming information in a way that, ideally, only authorized parties can decode. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Despite its goal, encryption does not itself prevent interference but denies the intelligible content to a would-be interceptor.

Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It uses encryption for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS) or, formerly, Secure Sockets Layer (SSL). The protocol is therefore also referred to as HTTP over TLS, or HTTP over SSL.

<span class="mw-page-title-main">Public-key cryptography</span> Cryptographic system with public and private keys

Public-key cryptography, or asymmetric cryptography, is the field of cryptographic systems that use pairs of related keys. Each key pair consists of a public key and a corresponding private key. Key pairs are generated with cryptographic algorithms based on mathematical problems termed one-way functions. Security of public-key cryptography depends on keeping the private key secret; the public key can be openly distributed without compromising security.

In computer networking, a proxy server is a server application that acts as an intermediary between a client requesting a resource and the server providing that resource. It improves privacy, security, and possibly performance in the process.

The Clipper chip was a chipset that was developed and promoted by the United States National Security Agency (NSA) as an encryption device that secured "voice and data messages" with a built-in backdoor that was intended to "allow Federal, State, and local law enforcement officials the ability to decode intercepted voice and data transmissions." It was intended to be adopted by telecommunications companies for voice transmission. Introduced in 1993, it was entirely defunct by 1996.

Wi-Fi Protected Access (WPA), Wi-Fi Protected Access 2 (WPA2), and Wi-Fi Protected Access 3 (WPA3) are the three security certification programs developed after 2000 by the Wi-Fi Alliance to secure wireless computer networks. The Alliance defined these in response to serious weaknesses researchers had found in the previous system, Wired Equivalent Privacy (WEP).

The Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption. The technology enables files to be transparently encrypted to protect confidential data from attackers with physical access to the computer.

In cryptography and steganography, plausibly deniable encryption describes encryption techniques where the existence of an encrypted file or message is deniable in the sense that an adversary cannot prove that the plaintext data exists.

End-to-end encryption (E2EE) is a private communication system in which only communicating users can participate. As such, no one else, including the communication system provider, telecom providers, Internet providers or malicious actors, can access the cryptographic keys needed to converse. End-to-end encryption is intended to prevent data being read or secretly modified, other than by the true sender and recipient(s). The messages are encrypted by the sender but the third party does not have a means to decrypt them, and stores them encrypted. The recipients retrieve the encrypted data and decrypt it themselves. Because no third parties can decipher the data being communicated or stored, for example, companies that provide end-to-end encryption are unable to hand over texts of their customers' messages to the authorities.

Data security means protecting digital data, such as those in a database, from destructive forces and from the unwanted actions of unauthorized users, such as a cyberattack or a data breach.

Secure communication is when two entities are communicating and do not want a third party to listen in. For this to be the case, the entities need to communicate in a way that is unsusceptible to eavesdropping or interception. Secure communication includes means by which people can share information with varying degrees of certainty that third parties cannot intercept what is said. Other than spoken face-to-face communication with no possible eavesdropper, it is probable that no communication is guaranteed to be secure in this sense, although practical obstacles such as legislation, resources, technical issues, and the sheer volume of communication serve to limit surveillance.

Lawful interception (LI) refers to the facilities in telecommunications and telephone networks that allow law enforcement agencies with court orders or other legal authorization to selectively wiretap individual subscribers. Most countries require licensed telecommunications operators to provide their networks with Legal Interception gateways and nodes for the interception of communications. The interfaces of these gateways have been standardized by telecommunication standardization organizations. As with many law enforcement tools, LI systems may be subverted for illicit purposes.

Email privacy is a broad topic dealing with issues of unauthorized access to, and inspection of, electronic mail, or unauthorized tracking when a user reads an email. This unauthorized access can happen while an email is in transit, as well as when it is stored on email servers or on a user's computer, or when the user reads the message. In countries with a constitutional guarantee of the secrecy of correspondence, whether email can be equated with letters—therefore having legal protection from all forms of eavesdropping—is disputed because of the very nature of email.

Email encryption is encryption of email messages to protect the content from being read by entities other than the intended recipients. Email encryption may also include authentication.

Cloud computing security or, more simply, cloud security, refers to a broad set of policies, technologies, applications, and controls utilized to protect virtualized IP, data, applications, services, and the associated infrastructure of cloud computing. It is a sub-domain of computer security, network security, and, more broadly, information security.

Key disclosure laws, also known as mandatory key disclosure, is legislation that requires individuals to surrender cryptographic keys to law enforcement. The purpose is to allow access to material for confiscation or digital forensics purposes and use it either as evidence in a court of law or to enforce national security interests. Similarly, mandatory decryption laws force owners of encrypted data to supply decrypted data to law enforcement.

Database encryption can generally be defined as a process that uses an algorithm to transform data stored in a database into "cipher text" that is incomprehensible without first being decrypted. It can therefore be said that the purpose of database encryption is to protect the data stored in a database from being accessed by individuals with potentially "malicious" intentions. The act of encrypting a database also reduces the incentive for individuals to hack the aforementioned database as "meaningless" encrypted data adds extra steps for hackers to retrieve the data. There are multiple techniques and technologies available for database encryption, the most important of which will be detailed in this article.

Attribute-based encryption is a generalisation of public-key encryption which enables fine grained access control of encrypted data using authorisation policies. The secret key of a user and the ciphertext are dependent upon attributes. In such a system, the decryption of a ciphertext is possible only if the set of attributes of the user key matches the attributes of the ciphertext.

Network eavesdropping, also known as eavesdropping attack, sniffing attack, or snooping attack, is a method that retrieves user information through the internet. This attack happens on electronic devices like computers and smartphones. This network attack typically happens under the usage of unsecured networks, such as public wifi connections or shared electronic devices. Eavesdropping attacks through the network is considered one of the most urgent threats in industries that rely on collecting and storing data. Internet users use eavesdropping via the Internet to improve information security.

Human rightsandencryption are often viewed as interlinked. Encryption can be a technology that helps implement basic human rights. In the digital age, the freedom of speech has become more controversial; however, from a human rights perspective, there is a growing awareness that encryption is essential for a free, open, and trustworthy Internet.

References

↑ Cheval, Vincent; Moreira, José; Ryan, Mark (2023-04-16). "Automatic verification of transparency protocols (extended version)". arXiv: 2303.04500 [cs.CR].
1 2 3 Ryan, Mark D. (2017). "Making Decryption Accountable". In Stajano, Frank; Anderson, Jonathan; Christianson, Bruce; Matyáš, Vashek (eds.). Security Protocols XXV. Lecture Notes in Computer Science. Vol. 10476. Cham: Springer International Publishing. pp. 93–98. doi:10.1007/978-3-319-71075-4_11. ISBN 978-3-319-71074-7 . Retrieved 2024-08-29.
↑ J. Kroll, E. Felten, and D. Boneh, Secure protocols for accountable warrant execution , 2014
↑ Nuñez, David; Agudo, Isaac; Lopez, Javier (2019). "Escrowed decryption protocols for lawful interception of encrypted data". IET Information Security. 13 (5): 498–507. doi:10.1049/iet-ifs.2018.5082. ISSN 1751-8717.
↑ Li, Meng; Chen, Yifei; Lal, Chhagan; Conti, Mauro; Alazab, Mamoun; Hu, Donghui (2023-01-01). "Eunomia: Anonymous and Secure Vehicular Digital Forensics Based on Blockchain". IEEE Transactions on Dependable and Secure Computing. 20 (1): 225–241. doi:10.1109/TDSC.2021.3130583. ISSN 1545-5971.
↑ Idan, Lihi; Feigenbaum, Joan (2022-07-21). "PRShare: A Framework for Privacy-preserving, Interorganizational Data Sharing". ACM Trans. Priv. Secur. 25 (4): 29:1–29:38. doi:10.1145/3531225. ISSN 2471-2566.
↑ Frankle, Jonathan; Park, Sunoo; Shaar, Daniel; Goldwasser, Shafi; Weitzner, Daniel (2018). "Practical Accountability of Secret Processes". USENIX Security Symposium: 657–674. ISBN 978-1-939133-04-5.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[1] Cheval, Vincent; Moreira, José; Ryan, Mark (2023-04-16). "Automatic verification of transparency protocols (extended version)". arXiv: 2303.04500 [cs.CR].

[:0-2] 1 2 3 Ryan, Mark D. (2017). "Making Decryption Accountable". In Stajano, Frank; Anderson, Jonathan; Christianson, Bruce; Matyáš, Vashek (eds.). Security Protocols XXV. Lecture Notes in Computer Science. Vol. 10476. Cham: Springer International Publishing. pp. 93–98. doi:10.1007/978-3-319-71075-4_11. ISBN 978-3-319-71074-7 . Retrieved 2024-08-29.

[3] J. Kroll, E. Felten, and D. Boneh, Secure protocols for accountable warrant execution , 2014

[4] Nuñez, David; Agudo, Isaac; Lopez, Javier (2019). "Escrowed decryption protocols for lawful interception of encrypted data". IET Information Security. 13 (5): 498–507. doi:10.1049/iet-ifs.2018.5082. ISSN 1751-8717.

[5] Li, Meng; Chen, Yifei; Lal, Chhagan; Conti, Mauro; Alazab, Mamoun; Hu, Donghui (2023-01-01). "Eunomia: Anonymous and Secure Vehicular Digital Forensics Based on Blockchain". IEEE Transactions on Dependable and Secure Computing. 20 (1): 225–241. doi:10.1109/TDSC.2021.3130583. ISSN 1545-5971.

[6] Idan, Lihi; Feigenbaum, Joan (2022-07-21). "PRShare: A Framework for Privacy-preserving, Interorganizational Data Sharing". ACM Trans. Priv. Secur. 25 (4): 29:1–29:38. doi:10.1145/3531225. ISSN 2471-2566.

[7] Frankle, Jonathan; Park, Sunoo; Shaar, Daniel; Goldwasser, Shafi; Weitzner, Daniel (2018). "Practical Accountability of Secret Processes". USENIX Security Symposium: 657–674. ISBN 978-1-939133-04-5.

[1]

[2]

[3]

[4]

[5]

[6]

[7]