Explaining perfect forward secrecy

Dec 02, 2013 by Richard Mortier, The Conversation
How do you keep your private info under lock and key? Credit: IntelFreePress

Twitter has announced it is introducing perfect forward secrecy to help users protect their information from spies and cyber-criminals.

Even if we don't realise it, we all rely on cryptography when we use the web. It is at the heart of social networks, retail sites and any other sites that provide web addresses beginning with HTTPS, the secure HTTP protocol.

When you use HTTPS instead of HTTP, it invokes a set of protocols that encrypt communications between your and the server it's talking to so no eavesdropper can listen in. But a malicious will still do their best to get at what you're saying. It is one class of attack like this that perfect forward secrecy attempts to block.

Chatting without PFS

Encryption schemes all rely on some secret information held by one or both parties to the communication. The basic operation of the HTTPS protocol is for the browser and server to exchange information so both can agree on a secret session key. This key is used to encrypt the rest of the communication session. The clever bit is that while all the information in the exchange is public, even if an attacker observes the entire exchange, they still cannot capture the secret your browser and the server agree on.

To agree on this session key browser and server use public key cryptography where a secret key used to encrypt communications is split into two parts, one public, the other private. Then, if one user, let's call him Bob, encrypts his data with another, Alice's, public key, only Alice's – and thus, if she's careful, only Alice – can decrypt it. Assuming Alice is running the web server and Bob is running a browser connecting to Alice's server, in traditional HTTPS Bob's browser would generate a random session key, encrypt it with Alice's and send it to Alice. Alice can then use her private key to decrypt this session key, and the session key becomes a shared secret that can be used to encrypt the rest of the session's communication between Alice and Bob.

If an attacker were able to capture Alice's private key – whether due to Alice's carelessness, legal demands requiring Alice to surrender her keys, or through more nefarious means – and they're also able to capture all communications with Alice's server, then the attacker would be able to decrypt the key exchange part of these sessions. They could then extract the no-longer-secret session keys and read all of these communications between clients and Alice's server.

What makes PFS different

By applying PFS, a different set of cryptographic protocols replace the session key exchange process with one that never sends the secret session key across the network, even in an encrypted form. As a result, even if the attacker manages to get Alice's private key, they will not be able to recover the still-secret-session keys, and so they will not be able to decrypt any of the communications with Alice's server.

There is a cost to doing this: the cryptography used in PFS is slightly more complex than the traditional techniques so it does take more processing power. But it is not an insurmountable burden. In practice it will usually be negligible compared to all the other things that the server and browser will be doing at the same time.

The other problem arises if you run a farm of rather than a single server, as all modern large-scale web services must. Much as with human conversation, sessions between browser and server will often go idle but then start up again. To manage the load in their web-farm, a service provider will often wish to resume a session on a different server from that it originated on. To do this with PFS means sharing the session keys among all the servers in the web-farm. And of course, this has to be done without recording the secret session keys anywhere. Otherwise all that's been achieved is to change the file that the attacker needs to steal from the one containing the private key to the one containing the session keys.

Ultimately then, PFS should be a good thing for everyone, keeping your communications secure against another class of attack. Everyone, that is, who can make use of it – not all browsers, particularly older browsers, support it. But that's just another good reason to upgrade.

Explore further: Study: Social media users shy away from opinions

add to favorites email to friend print save as pdf

Related Stories

Perfecting email security

Sep 10, 2012

Millions of us send billions of emails back and forth each day without much concern for their security. On the whole, security is not a primary concern for most day-to-day emails, but some emails do contain personal, proprietary ...

Quantum eavesdropper steals quantum keys

Jun 20, 2011

(PhysOrg.com) -- In quantum cryptography, scientists use quantum mechanical effects to encrypt and then communicate confidential information. Although quantum cryptography codes are unbreakable in principle, even the best ...

Patch for flaw in key Internet protocol

Jan 15, 2010

(PhysOrg.com) -- A flaw was found in November in a key Internet protocol that encrypts most sensitive online transactions and communications, including credit card and banking transactions. A patch has now ...

Recommended for you

Study: Social media users shy away from opinions

17 hours ago

People on Facebook and Twitter say they are less likely to share their opinions on hot-button issues, even when they are offline, according to a surprising new survey by the Pew Research Center.

US warns shops to watch for customer data hacking

Aug 23, 2014

The US Department of Homeland Security on Friday warned businesses to watch for hackers targeting customer data with malicious computer code like that used against retail giant Target.

Fitbit to Schumer: We don't sell personal data

Aug 22, 2014

The maker of a popular line of wearable fitness-tracking devices says it has never sold personal data to advertisers, contrary to concerns raised by U.S. Sen. Charles Schumer.

Should you be worried about paid editors on Wikipedia?

Aug 22, 2014

Whether you trust it or ignore it, Wikipedia is one of the most popular websites in the world and accessed by millions of people every day. So would you trust it any more (or even less) if you knew people ...

How much do we really know about privacy on Facebook?

Aug 22, 2014

The recent furore about the Facebook Messenger app has unearthed an interesting question: how far are we willing to allow our privacy to be pushed for our social connections? In the case of the Facebook ...

Philippines makes arrests in online extortion ring

Aug 22, 2014

Philippine police have arrested eight suspected members of an online syndicate accused of blackmailing more than 1,000 Hong Kong and Singapore residents after luring them into exposing themselves in front of webcam, an official ...

User comments : 0