Are cloud communication protocols secure?
Dear Control Engineering: I was reading the article about networking protocols, and there is a statement that Skype, and by implication, other cloud technologies, are secure. Is this true?
Yes, it is if you are specific about what means exactly. Let’s digress for a moment and consider a historical parallel. Back during WWII, the German armed services used a device called an Enigma machine that encrypted messages sent by radio using Morse code. While the allies were able to intercept the radio traffic, without breaking the code, they were unable to understand the messages. So, there were enormous efforts to find ways to break the process. Those stories are fascinating and you can read them elsewhere, but successes usually came as a result of sloppy radio operators or largely brute force methods to simply try every possible key using early electro-mechanical computers.
Modern encryption is far more complex. The AES (advanced encryption standard) used with most communication on the Internet can employ a 256-bit key which would require 2200 operations to break by brute force. So it isn’t possible to decode the information by intercepting the transmission. That doesn’t mean it is secure necessarily. A determined hacker will simply find another way, and that probably means getting the message by going after one of the people that is sending or receiving. Even if the code is unbreakable, if someone breaks into my computer from outside, he or she can likely see the same information I can. My security depends on how well I protect the information once it is decoded. Using my earlier analogy, it would be like looking over the radio operator’s shoulder and seeing the message in plain text before it’s encoded.
Peter Welander, firstname.lastname@example.org