The cryptographic protocols used to secure data moving across the web are putting users at risk due to design flaws that date back many years.
Given the current push to encrypt everything in response to revelations of government surveillance, it's important that the protocols being used to do the job are actually secure. The problem is that these protocols often aren't up to the task, a problem that researchers at the European Union Agency for Network and Information Security (ENISA) are aiming to remedy.
In a new report outlining how governments and corporations can avoid the mistakes found in today's buggy protocols, ENISA says: "The key problem with protocols today is that many result from cryptographic design many years (even decades) ago. Thus cryptographic protocols suffer more from legacy issues than the underlying cryptographic components."
"The goal should be to work towards a better cryptographic protocol infrastructure which does not exhibit such problems," the report said.
The report examines a variety of protocols in use today such as Transport Layer Security (TLS) for secure communications between a web server and browser, as well as others used for wireless, mobile communications, or banking. It includes protocols used for data on Internet of Things systems, LTE, Bluetooth, EMV banking card chips, and cloud computing.
To drive home that research into these protocols remains immature, ENISA highlights that "basic protocol errors are still being found", pointing to the recent HeartBleed bug as an example.
One issue ENISA highlights is that "security proofs to guarantee correctness are vastly more complicated than those for cryptographic schemes", yet cryptographic protocols have typically been designed by network and protocols experts, and not cryptographic protocol experts.
Another way to improve the state of such protocols is for researchers to developer automated verification that an implementation of a protocol meets a given security goal.
Future protocols shouldn't be more complex than necessary, and be designed so that they can be upgraded as time passes, ENISA says.
The organisation also updated its 2013 cryptographic guidelines for the current year, which offer a set of proposals on the protection of data for organisations that collect and store personal data. The new report now includes additional information on side-channel attacks — such as the POODLE attack detailed by Google recently — as well as random number generation, and key life cycle management. The report also covers hash functions used, for example, to protect passwords and a range of ciphers.
"What is highlighted is the need for certification schemes in all phases of the technological life-cycle," said ENISA director Udo Helmbrecht.
"'Security by design or by default' built-in processes and products, are basic principles for trust. Standardising the process is an essential element in ensuring the correct application of the data protection reform in the service of EU's citizens and its internal market."