by Stephen Bryen
[Update: We can now add to our October 7th story the following: RSA was paid $10 million by NSA to produce an encryption algorithm in their products with a backdoor. See the Reuters’ article “Exclusive: Secret contract tied NSA and security industry pioneer.” One wonders about the intent behind the RSA compromise. RSA security products are used primarily by industry, so it would seem the primary purpose would be to have access to industry computers.]
The National Security Agency has three distinct hats –first its job is to collect national security intelligence primarily through signals collection. The second is to support both the government and the private sector by helping in what NSA calls “information assurance.” This assignment includes coming up with encryption techniques and codes that can be used by government agencies and by the public. And NSA’s third hat, a relatively recent one, is to take action against malefactors who attempt to harm computer networks or pose other national security threats –a cyber attack command to put the bad guys out of business or harm their operations (something like “Stuxnet” against Iraq’s nuclear program, for those who follow these things).
Each of NSA’s “hats” impinges on the other “hats” so that the job of spying intrudes on the job of information assurance, and the job of attacking malefactors impinges on both other hats. On top of that each of the “hats” has lots of internal risks. If you destroy an adversary’s computer network, will that stop the adversary or just cut off your source of information? If you build a better crypto mousetrap will the bad guys use it against you?
No one has yet suggested any good way to disentangle NSA’s conflicting responsibilities. Nor do we yet know if there is a practical manner in which spying can be confined only to foreign targets in a highly globalized world.
Just last month one of the nation’s most respected security development companies, RSA, decided to remove an important crypto tool from its products. The tool was developed by NSA and there is an interesting history surrounding it.
Called a “Dual_EC_DRBG” for Dual Elliptical Curve Deterministic Random Number Generator, elliptical curve cryptography is a popular public key methodology that improves on earlier generation systems. It was introduced in the middle 1980’s and was approved by the National Institute of Standards and Technology (NIST) in 2006. RSA used Dual_EC_DBRG in a wide range of its products, which are sold to governments and to private companies for information security protection.
All modern encryption algorithms requires a mathematical technique called “seeding” to assure no pattern is inadvertently introduced that would make it easy to untangle the encryption. This is achieved by using a pseudo random number generator. In 2006 when the elliptical curve approach was approved, the Dual_EC_DRBG random number generator was pushed by NSA and made part of the library of encryption tools adopted at that time.
In November 2007, Bruce Schneier, an important American cryptographer and computer security specialist, published an article called “The Strange Story of Dual_EC_DRBG.” In that article Schneier took a look at the NSA-championed DBRG and quoted from an informal presentation at the Crypto 2007 Conference by two other cryptographers, Dan Shumrow and Niels Ferguson. They showed that the Dual_EC_DRBG had a weakness that could “only be described as a backdoor.”
The backdoor is thought to be a kind of skeleton key that makes it easy to break the encryption.
Despite the fact the Schneier, Shumrow and Ferguson (among others) believed there was a back door in the encryption, companies around the world, particularly RSA, went ahead anyway and used the tool.
It was not until this past September, with new revelations as part of the Snowden leaks, that the matter again came up. The documents showed that NSA, acting in concert with the National Institute of Standards and Technology, had inserted a backdoor in its crypto suites. This confirmed exactly what Schneier et al had said six years before. Here was something approaching proof of what Dual_EC_DRBG was all about.
Naturally this is an earthquake in the crypto business world and it makes it clear that NSA “information assurance” program also might be an information spying operation, but aimed at whom?
Foreign governments tend not to use U.S. encryption tools because they don’t trust them. But foreign companies do use them because the U.S. “system” (government, banking, health care) require the use of the U.S. crypto. Was the backdoor needed to spy on the private sector?
But there is an even greater risk when a backdoor is put into an encryption system. An adversarial government with significant resources might also figure out how to exploit the backdoor, or if they cannot they will find other ways to get “behind” the encryption engine.
NSA had one interesting, though now transitory, triumph with its backdoor, or at least one can surmise that is the case. Al Qaeda used American encryption libraries to build its own encryption tool for use by its Jihadist terrorists. Their product is called “Mujahideen Secrets 2″ and it is just a repackaging of NSA/NIST approved material. We can all hope Al Qaeda keeps on using the product.