International Professional Fora:

A study of civil society organisation participation in internet governance

International Professional Fora:

A study of civil society organisation participation in internet governance

Security concerns in MIKEY-SAKKE

The MIKEY-SAKKE (Multimedia Internet KEYing – Sakai Kasahara Key Exchange) protocol was designed by the then known as the Information Security arm of UK’s GCHQ, CESG (now National Cyber Security Centre - NCSC), and published in IETF RFCs 6507, 6508, 6509.

According to the NCSC, the development of the protocol was initiated following the transition of police, fire and ambulance services from TETRA to the 4G Public Safety system, LTE (PS-LTE), in order to avoid communications security being compromised in the more congested advanced network environment. Thus, public safety was one of the intended use cases. The second was intended to ensure security of enterprise communications. The protocol promised security of communications with third parties and end-to-end encryption. In addition, it was promoted as providing the organisations the possibility to monitor their employees against misconduct, by recording the encrypted communications and then decrypt them. The MIKEY-SAKKE protocol was also incorporated into the Secure Chorus technology providing for interoperability in secure voice communications. The protocol was published as an open source in IETF RFCs, seen as ‘the best way’ to ensure people had easy access to the information needed for developing products and solutions based on MIKEY-SAKKE’s specifications.

A security researcher from the University College London, Steven Murdoch, analysed the protocol in a web blog, using the Version 1.0 of EFF secure messaging scorecard. The scoreboard was developed following the first phase of the EFF Campaign for Secure and Usable Crypto in the face of mass surveillance of personal communications. The civil society organisation admitted that, although the seven criteria1 were necessary measures for ensuring security, they could not fully guarantee it. The scorecard is currently being updated by the EFF in search for a more ‘nuanced’ guide for measuring securing messaging. Based on the criteria published in its first version, however, Steven Murdoch, argued that contrary to the NCSC statement, the designed MIKEY-SAKKE protocol provided ‘minimal security while allowing undetectable mass surveillance.’ The key concern of the researcher was that the protocol allowed for a backdoor service that was possible on the basis of the ‘mandatory key-escrow’ approach incorporated into the protocol. According to Murdoch, although key-escrow was never mentioned in the protocol, MIKEY-SAKKE, and, therefore, the Secure Chorus voice communications standards essentially allowed the domain manager/key management server (e.g. network provider), if served with a warrant or hacked ‘to recover responder private keys and so decrypt past calls without the legitimate communication partners being able to detect this happening.’ As explained, the design of the protocol required the keys for encryption to be distributed by third parties, thus incorporating the man-in-the-middle approach and presenting opportunities for eavesdropping. In addition, the researcher argued that MIKEY-SAKKE diverged from other protocols in that it did not ‘attempt to protect the identity of the communication partners, only the call content.’ In Murdoch’s view, this would allow for the collection of metadata, ‘showing who [wa]s communicating with whom, when and how often, even if anonymising technology [wa]s used.’ The NCSC has refused any backdoor mechanism to be inherently incorporated into the protocol, adding that ‘only the owners of the individual systems can decrypt their conversations.’

In any case, if proven right, the security vulnerabilities of the MIKEY-SAKKE protocol would be at odds with the latest decision of the Court of Justice of the European Union (CJEU), which stipulated that generalised data retention was disproportionate and unlawful. As representatives of the civil society, UK’s Open Rights Group and Privacy International took key role to introduce changes in the Investigatory Powers Act following the Court’s judgement.


1 1) Is your communication encrypted in transit? 2) Is your communication encrypted with a key the provider doesn't have access to? 3) Can you independently verify your correspondent's identity? 4) Are past communications secure if your keys are stolen? 5) Is the code open to independent review? 6) Is the crypto design well-documented? 7) Has there been an independent security audit?