Is C suitable for HFT programming

News from the University of Telecommunications in Leipzig

abstract

The Federal Ministry of the Interior commented on a draft to abolish encryption for stately services. The thesis examines whether the abolition of encryption techniques for selected communication applications contributes to security in the state. In order to evaluate the thesis, current encryption techniques are examined and in which application areas the techniques are used. The methods are also checked. In addition, the work deals with possible effects on mutual trust in the use of the Internet. In order to be able to make an adequate final statement, the work refers to various sources on the Internet, as well as selected literary sources, which can be looked up in the list of sources.

 

1 Introduction

After a terrorist attack in Halle on October 9, 2019, the Interior Ministry again discussed the risk of encryption with regard to the preventive investigation of crimes. Horst Seehofer said in this context five months earlier: "What is needed is a clear and technology-neutral approach that reconciles the freedom to use encryption with the unavoidable needs of the security authorities. [...]" [1].

The plan is for the authorities to have access to standard end-to-end encrypted data from messenger services such as WhatsApp. This is only done by order of a judge, in order to support the investigation of criminal offenses and the defense against dangers. How a government back door is installed is up to the messenger services themselves. If that does not happen, the Federal Network Agency is threatened with blocking. (Cf. [1])

The thesis that is being worked on in this context is that weakening or abolishing end-to-end encryption is compatible with the security that must be provided. The thesis is checked for correctness in the following chapters.

2. Theoretical foundations

2.1 Current state of the art

In order to give the reader an overview of the topic, the relevant basics and the current state of the art are explained below.

To begin with, we will deal with the concept of encryption. Encryption is a cryptographic process that makes the data unreadable for third parties. It serves to protect the data and has the aim of enabling a secure exchange of data. Various encryption methods are used to ensure the confidentiality and integrity of data. There is symmetric encryption, asymmetric encryption and hybrid encryption, which combine both types.

We will not go into the three procedures in the report. Asymmetric encryption is used most in practice. (Cf. [2])

Fig. 1: unencrypted data transmission

With the unencrypted variant, the data is not encrypted. They are therefore readable by everyone on the end devices, on the server and on the transmission paths. In the illustration 1 this is represented by the choice of the color red.

Another option is end-to-server encryption. The data is transmitted in encrypted form so that third parties cannot read the transmission path. That is indicated by the green lines and the locks in Figure 2 shown. However, the data is unencrypted on the server and on Alice and Bob's end devices.

One of the most common encryption methods is end-to-end encryption - see Figure 3. The data is encrypted during the transfer and cannot be intercepted by third parties during the transfer. The data is decrypted upon arrival at the user and can thus be viewed. The process works on the network level and, if implemented correctly, offers the highest level of data security. At the beginning, the data is encrypted by the application before it is sent. After the data arrives at the recipient in encrypted form, the data is decrypted by him. All data traffic is thus protected, because even if the data traffic were intercepted by third parties, the attacker would not be able to work with the encrypted data. (See [3] and [4])

If we take a closer look at encryption, the term backdoor also becomes relevant. Translated into German, backdoor means back door. If we relate this to computer science, it is an "alternative approach to software or a hardware system" ([5]).
The security mechanisms are bypassed and you gain access to protected content. A backdoor can be specifically built in. This is used for remote access or software so that developers can use hidden functions. However, they can also be installed secretly by (unauthorized) third parties.

The use of backdoors can cause problems. Every backdoor can be used by unknown third parties and it is not possible to control the persons using the backdoor. This would allow access to sensitive data, and that violates data protection regulations. Basically, one can say that every backdoor represents an additional weak point in a system. The more complex a system is, the more difficult it is to check for security gaps, including backdoors. If the backdoor was built into private individuals, privacy is also affected, unless the backdoor is publicly known.
Another type of use is to build in a backdoor for encryption. The key can be eavesdropped and any data can be decrypted by authorized or unauthorized persons. Only authorized users can log in here. Affected data can be decrypted regardless of time and place. This means that if the same key is used, data from the past, present and future can be decrypted.
It is also irrelevant whether the data is on the server or on the end device or whether the data is currently being transferred. (Cf. [5])

In addition to the use of backdoors, Trojans can also be used. A Trojan, also known as a Trojan horse, is a camouflaged computer program. The Trojan consists of a visible application and an invisible malicious program. Social engineering is often used so that the user can install the apparently useful application.

The malware starts automatically in the background and is usually not noticed by the user. With a Trojan, an unauthorized third party can, among other things, gain access to the computer of the person concerned or install additional malware. (See [5] and [6])

The software mentioned above has a significant impact on data protection. Data protection means the right to informational self-determination. This only relates to personal data and the regulations as to whether and how the regulations may be collected and processed.

In contrast, data security relates to all data in a company, household and others. It includes data protection measures and also relates to data theft and data backup, for example in the form of backup copies to protect against data loss. (Cf. [7])

2.2 Current state of data ethics and data protection

In addition to the state of the art, it is also important to consider the ethical side of our topic. For this purpose, we refer to the Data Ethics Commission (DEK for short), which was convened on July 18, 2018. The DEK deals with ethical principles and principles of technology with regard to security, privacy and democracy.

The results of the commission are recorded in an expert report. At the beginning, the DEK details some basic principles. For example, human dignity is only untouched if the human being is not completely transparent to outsiders or the individual is not injured by deception, manipulation or exclusion.

Everyone also has the right to informational self-determination and privacy. Preserving privacy is described by preserving the freedom and integrity of one's own identity. This includes protecting the most intimate data. Security is defined more deeply by the Data Ethics Committee as the physical and emotional security of people. If actors like companies want to work with the data, it must always be handled responsibly.

Possible risks and consequences of data processing and data transfer must be assessed in advance. This affects the general public and individuals who aim for information security. The DEK's recommendation is that measures should be put in place to prevent unethical use of data. On the one hand, the uncertainties of systems should be considered here. Systems should be designed to be as secure as possible in order to protect them from external influences. This relates to malfunctions and attacks by third parties, as a result of which data can be manipulated and spied out. On the other hand, this also applies to the rights of the individual.

Human rights, such as privacy, must not be violated by, for example, total surveillance. The user has the right to have a transparent explanation of how the data in the system is used and how it is protected. This makes it easier for the user to make a decision for or against an organization. The user should also be able to determine whether his rights have been violated or not. Transparency for the population is to be implemented with the help of the General Data Protection Regulation (GDPR for short). (Cf. [8])

2.3 Current state of the law

A special form of surveillance is used to combat terrorism and organized crime. With source telecommunications monitoring, communications are captured before the data is encrypted or after the communication is decrypted. The Quellen-TKÜ puts out a judicial order and results in a high level of manpower. The software used is, depending on the case, an in-house development or commercial software. The guideline is the standardized service description (SLB for short), which grants the approval after testing procedures and determination of conformity. (See [9])

In addition to telecommunications monitoring, an online search can also be carried out. Online searches describe covert searches of devices with encrypted data. The goal here is to bypass encryption. (Cf. [9])

Proof of custody is also a legal method of obtaining information. A judge can order custody if the obligation to give evidence is not complied with. A joint detention is limited to a maximum of six months. Contrary to convict detention, the law on refusal to give evidence applies, which comes into force if you are related to the accused or if you would burden yourself with the relationship. (Cf. [10])

3. Discussion

3.1 Technical view

With the individual types of encryption end-to-end, unencrypted and end-to-server, various points of attack can be used, as explained in point 2.1. The unencrypted data transmission has a great potential of losing data to unauthorized persons, since only one device has to be hacked or the line has to be read out in order to be able to eavesdrop on the entire communication. Since no encryption technology is used, the variant can be classified as very insecure. With end-to-server encryption, targeted hacking allows access to the data of many people. It is important to weigh the risk of hacking against the benefit of being able to solve the crimes better. In the event of a crime, the federal government can force the operator of the system to provide the data and, if necessary, a corresponding data analysis. The method is more secure than data transmission without encryption, but there are still too many points of attack.
The end-to-end encryption denies access to the data, apart from the end device. The state must therefore confiscate the devices in order to be able to read out the data. In order to get to the data, access to a participating device is required, which makes eavesdropping significantly more difficult. With the help of the federal Trojan, for example, the federal government is able to access devices and their data in a targeted manner. The encryption technology can be viewed as relatively secure.
If a backdoor were to be installed here, security can no longer be maintained. Depending on the implementation of the backdoor, eavesdropping on the line or device cannot be ruled out, so the method can almost be equated with unencrypted data transmission. Usually it is only a matter of time before backdoors are found and exploited in systems by unauthorized persons. Figure 4

3.2 Social perspective

From the point of view of private individuals, the question arises as to what effects a weakening or dissolution of the encryption would have and whether the situation would affect all users. Adding a backdoor can lead to significant privacy issues. Third parties and strangers could gain access to the data of the private individuals concerned. There is no transparency here for the user, as the DEK would recommend. It is not clear who exactly can see your own data or what happens to the data covertly by third parties. If the backdoor is used by the authorities, it is also uncertain when it was actually accessed. Use cases are, for example, tax evasion, murder or terrorism. In the case of terrorism, however, public safety would be affected. The DEK recommends an obligation to grant access if this is done for the benefit of the general good and the public. The question now is whether the weakening of end-to-end encryption, which affects the entire population, or terrorism, which affects a relatively small part of the population, is the greater danger.

If you look at the service providers, they should be obliged to take care of the encryption and decryption themselves. However, it is unclear here how this is to be done. In the event of a crime, the goal would be to revoke the encryption of certain users in order to make the transferred data accessible to authorities. There are three options here:

1. A targeted cancellation of the encryption of certain users means an enormous effort for the provider, which is associated with costs.

2. A simpler way would be to set up end-to-server encryption or to remove the encryption entirely. But that is associated with uncertainties for all users.

3. The service provider refuses to remove the end-to-end encryption. In that case, the service should be blocked by the Federal Network Agency. However, it is questionable how this should be enforced at companies in other countries.

With options 1 and 2, the transparency of whether the user's data is actually encrypted is not guaranteed to the user. If the encryption is lifted and attackers or other companies use the resulting security gap, this can also lead to serious data protection problems.
Customers' trust in the company would suffer and that could have economic consequences. The DEK recommends that companies design their systems to be secure and robust. This is done through good encryption mechanisms or anonymization, among other things. (Cf. [8])

From the point of view of the state or the responsible security authorities, the aim is to enable costs to be reduced through the targeted monitoring of individual people. The large-scale surveillance gained would eliminate many personnel and administrative costs. At the current time, the federal Trojan is used for this. The federal Trojan has the disadvantage that many target systems cannot be infected with it. By removing the encryption, the non-infected systems could be covered. (Cf. [11])

The resulting total surveillance could, in the worst case, lead to political problems, such as the restriction of freedom of expression or even a rating system for individuals, as is the case in China. There, each individual is assigned a score using the “Chinese Social Credit System”. Points are deducted for politically negative anomalies. If the score is too low, the data subjects are denied freedom. For example, children of low-scoring parents can be excluded from schools, or low-scoring individuals can simply lose their jobs. (Cf. [12])

The conflict of being able to spy on the entire population, but also offering a large target area for hackers, should be carefully considered. From an abstract point of view, a large amount of terrorism must be prevented with deactivated encryption so that the disadvantages for the population are offset.It is important to weigh up the effects of a terrorist attack and the loss of large amounts of data by, for example, a hacker with an impact on the entire population. The economic consequences also play a role here.

3.3 Legal view

To discuss the legal point of view, we take a case study in which a data transfer with previously granted authorization by a legal authority precedes. The first legal obligation here is the obligation to give evidence. The regulation forces the person to disclose the data if there is knowledge of an illegality or information that helps to solve the crime. The right to refuse to give evidence is an exception.
The right to refuse to testify applies if the person is related to the accused or if the person would incriminate himself seriously. If the duty of surrender is not met, then you have to pay the costs incurred or a fine or a prison sentence is ordered. In some hardship cases, a combination of all three penalties is also possible. In the event of convict detention, a compulsory detention order is issued, with the deadline for reporting to the competent authority. If the request is not complied with, a manhunt can be ordered, which leads to arrest.
A complaint can be submitted by the person concerned, but this does not override the deadline. Cooperation and disclosure of the data or their access leads to release from custody. In the event of a violation, the release will only take place after the trial has ended, but no later than six months. A renewed detention for the same procedure may not be ordered. (Cf. [10])

As an alternative to obtaining information in the case study mentioned above, the state has methods of telecommunications monitoring, such as the so-called federal Trojan. Regardless of which software is used to obtain information, the software must be introduced into the target system once. There are mainly three options.
First, the software could be installed on the target system through physical access. The procedures are mostly viewed as disproportionate because the invasion of privacy is too great. In addition, the installation cannot be linked to open measures such as a house search, since those affected must be informed of the interventions, which rules out secret information collection.
The second possibility is to deceive the person concerned, in which the state authorities also do not have much freedom. The prohibition of deception and the principle of non-self-incriminations prohibit the use of active and conscious misinformation, as well as manipulation to induce the accused to install the surveillance software himself. There is also the possibility of exploiting security holes. In order to reach a compromise, the legislation must be adapted so that authorities that require access to the terminal can also have access legally secured. If there is a court order, the police should be able to carry out the surveillance without any problems. (Cf. [11])

4. Summary

From the points of view explained, the conclusion is drawn that the thesis of the report cannot be correct. The relationship between security and end-to-end encryption is like a balance. Let us assume that the end-to-end encryption would be removed or a backdoor built into the system: This would have negative effects on the security of the users and the service providers. This applies above all to data protection and economic efficiency, since data can also be read by third parties. In order to guarantee security, the state would have to support end-to-end encryption and expand it for companies. There is still a risk of terrorism and crime.
The relationship between gaining information about possible perpetrators and violating data protection rights is not equivalent here. It would therefore not be ethical to damage the rights of the entire population in order to convict relatively few perpetrators and thus only moderately improve the general welfare. If the authorities use and expand the framework conditions already in place, then they could be able to monitor the perpetrators without weakening the encryption.
To this end, the source telecommunications monitoring could be examined in more detail: How would the software and the legal situation have to be adapted so that the police are in a position to make better use of the source telecommunications monitoring? Certain subjects, such as the basic types of encryption, were not elaborated as that would have taken us too far from the subject. As a result, it is possible that not every reader who does not have that much experience with technology can be picked up. The discussion was divided into three parts in order to be able to examine the subject areas of technology, society and law separately from one another. However, this has the disadvantage that the content is duplicated. Therefore, the discussion was kept flat in some ways.
A technical form, the consecutive numbering of the authors, was used for the citation. However, the technology is not recognized in all subject areas. Furthermore, not all sources correspond to scientific standards. Among other things, forums and inaccurate content were also used.

swell