[Cryptography] Tamper-evident cryptographic systems

[Ralf Senderek]

On Sat, 22 Mar 2014, Jerry Leichter wrote:

>  Imagine it's five years from now.  TLS with PFS is essentially universal
>  for all Web services.

And is working.

>  The big guys have strongly encrypted all their internal links.

We as users won't notice, they may or may not do it, it'll be "transparent" to 
us.

>  Data at rest is encrypted.

If it is done securely, _we will notice_, because to reliably encrypt data
at rest the decryption key must come from the outside (from the user),
it cannot be stored on the server where the data rests. So in principle,
if our co-operation is not required to use the data at rest, it is not
reliably encrypted. This may be a sign to watch out for that can help to
disqualify encryption that won't protect users and is only security
theatre or marketing.

>  Are we really secure?

The focus has to be on systems, not algorithms. Any signature scheme must
be tamper-evident in theory, but in order to detect successful tampering
in practice the implementation details of the system as a whole have to
be evaluated.

It's certainly counter-productive to focus on one approach only, but I'd
like to know what the direction of the development to secure the internet
might be. Let me (artificially) construct an alternative:

Is it the decentralisation of the internet, working to enable more people
to take things into their own hands by using less-complex, better
analysed and smaller systems, like a cryptobox or other well-audited
end-point solutions?

OR

Is it the transfer of encryption into the cloud / internet backbone on
the assumption that a user's end-point will never be secure and therefore
encryption must happen without counting on the user's responsibility.

Signals of tamper-evidence in systems will be quite different in both
scenarios.

        --ralf