A security scheme that Britain's spy agency is promoting for encrypting phone calls contains a backdoor that can be accessed by anyone in possession of a master key, according to an analysis published Tuesday by a security expert at University College in London.
The MIKEY-SAKKE protocol is a specification based on the Secure Chorus, an encryption standard for voice and video that was developed by the Communications Electronics Security Group, the information security arm of the UK's Government Communications Headquarters. British governmental officials have indicated that they plan to certify voice encryption products only if they implement MIKEY-SAKKE and Secure Chorus.
According to Steven J. Murdoch, a Royal Society University Research Fellow in the Information Security Research Group of University College, MIKEY-SAKKE contains a backdoor that allows communications to be decrypted in bulk. It can be activated by anyone who has access to a master private key that's responsible for generating intermediate private keys. Because the master key is required to create new keys and to update existing ones, network providers must keep the master key permanently available.