Dynamic Cryptographic Backdoors!

Eric Filiol

Thu, 20th December 2012

Speaker Bio 1:
Eric has been an officer in the French Army for 22 years (Infantry/ French Marines Corps). Half of his military career has been devoted to intelligence, technical intelligence and cyberwarfare techniques. He is now head scientist officer and professor in a research lab (ESIEA/CVO lab) working for different departments in France (justice, police and defense) and Industry (R & D). He holds a PhD in mathematics and computer science, a habilitation thesis in computer science, an engineer diploma in cryptology and has graduated from NATO in InfoOps. His research works relates to computer security (especially computer virology and cryptanalysis) and cyber warfare with the attacker's mind. He is the scientific director of the European Institute of Computer Antivirus Research. His hobbies are marathon running, playing bass guitar and beer.

Questions and answers

Max, Concise Courses:
I watched your presentation on YouTube in Tokyo in 2011 at PacSec – and regarding the Tor Network – what is your position withTor at the moment? This question is with reference to the discovery of the Skynet botnet client this month which was hiding behind the Tor network. Is Tor increasingly being abused?

Eric Filiol:
Tor network was in fact not the target in itself, it was a validation of a technique. In fact after the CCC Conference [Chaos Communication Congress] we decided to no longer publish things since it was too critical. So to answer precisely the question, I think that at the very beginning Tor was a nice initiative just considering cryptography and the [back]door but it didn’t consider that many other things were existing. I mean the security at the OS level, the use of botnets and malware. I am convinced that Tor, and not only Tor, but also ultra surf or other protocols in order to protect data will be abused more and more because the more people want to protect their privacy, (and I strongly support the idea of citizens protecting their personal data and their privacy), the more countries and especially governments like Syria and China will try to break this. The use of malware will be one of the most efficient approaches, so yes I am convinced that it will be possible to abuse more and more secure networks like Tor.

Max, Concise Courses:
What is the most effective “backdoor removal” tool in your opinion?

Eric Filiol:
Well, very difficult question! I think there is none. First what is a backdoor? A backdoor can be intentional, so I don’t say that all vulnerabilities are backdoors, but if I would like to put a backdoor, I would just say, ‘excuse me it was a vulnerability.’

So, the best way to fight against known vulnerabilities is through applied security patches when available. For the zero day you cannot correct and detect what is known only by the attacker. I am very doubtful that it is possible to detect backdoors in an automatic way, because for example if you consider covert channels – you have a combinatorial effect so I mean that, from a mathematical point of view, it would suggest that you would be able to process billions of data every second which is of course impossible from a simple time consuming aspect.

I think it is an open project and an open problem and will remain so for a very long time.

But once again try to enlarge your view and ask yourself: “What is a backdoor?” For me, once again, it can be a simple intended vulnerability.

Max, Concise Courses:
We had Marcia Hoffman on the show – Marcia is from EFF – and she helps protect hackers facing legal issues when they find vulnerabilities in vendors’ products. Do you agree with Marcia that not enough is really being done by vendors to work with hackers to patch holes from backdoors and firm up code?

Eric Filiol:
I totally agree with her and her position. I think that Hackers are probably the biggest human treasure we have and I am very disappointed about the fact that governments are not supporting the hacker community more intensively. I consider hackers like a resistance movement against the software industry; it is maybe strong words but I think that we have to have some sort of counter-power, and this counter-power is for me the hackers movement, so yes I would like to see a strong and active hackers community. It is the only way to have an alert launcher and they are very active to find security holes, even backdoors and making them publicly aware, and to say ‘ok there is a risk be aware of that’. So, yes, I think that yes we should support more actively hackers and government should do that otherwise we be prisoners from software editors and software industry.