Saturday, September 7, 2013

An American Cryptographer's Worst Nightmare? How About... The NSA Deliberately Weakening Cryptographic Standards?

(This is only a parody of the NSA logo.)
This article on Johns Hopkins cryptographer Matthew Green's blog Cryptographic Engineering contains enough to make you lie awake nights. Or not, if you're a sound sleeper. The crux: While most businesses and all nations today assume that it's good — for business and for national security and for international relations — if everyone has readily available secure encryption for documents and similarly secure networks for the transmission of securely encrypted documents, the New York Times published on Thursday an article forcing everyone to consider seriously the apparent likelihood that the NSA has been waging a war against encryption, including "working with industry to weaken encryption standards, making design changes to cryptographic software, and pushing international encryption standards it knows it can break."

I am no expert. Certainly I am not qualified to comment on the technological underpinnings at risk here, and I'm not going to try to speculate on the consequences to business and diplomacy; there are plenty of qualified people engaging in just such speculation. In my case, encrypted documents have impacted me about as minimally as possible: though all my clients used what was available to them, no one spent much time thinking about it.

Now we learn that one of the ultimate US government security agencies has been secretly undermining the entire structure on which secure storage and transmission of documents is based. How does that make us all feel?

Welcome to 1984... thirty years late.

Here is Mr. Green's summary of the NSA's activity:
If you haven't read the NYT or Guardian stories, you probably should. The TL;DR is that the NSA has been doing some very bad things. At a combined cost of $250 million per year, they include:
  1. Tampering with national standards (NIST is specifically mentioned) to promote weak, or otherwise vulnerable cryptography.
  2. Influencing standards committees to weaken protocols.
  3. Working with hardware and software vendors to weaken encryption and random number generators.
  4. Attacking the encryption used by 'the next generation of 4G phones'.
  5. Obtaining cleartext access to 'a major internet peer-to-peer voice and text communications system' (Skype?)
  6. Identifying and cracking vulnerable keys.
  7. Establishing a Human Intelligence division to infiltrate the global telecommunications industry.
  8. And worst of all (to me): somehow decrypting SSL connections.
All of these programs go by different code names, but the NSA's decryption program goes by the name 'Bullrun' so that's what I'll use here.
Your government and your tax dollars at work. Have a nice day!

(H/T TarheelDem on FDL.)


  1. You aren't an expert, but I am. When I look at SSL, I'm looking at a standard that requires private keys to be deployed to vulnerable web servers, web servers from whence they can be subpoenaed secretly by the NSA (since the web servers are in a public data center, not a private premise). The design decisions involved were made in the late 1990's and were heavily influenced by the NSA. Coincidence? I think not.

    That said, there's a bit of sensationalization going on here. The SSL/TLS standards are clearly influenced by the desire to be able to get at those private keys, but there are other NIST encryption standards, such as AES, which are just as clearly *not* influenced by the NSA. It is a Belgian algorithm that was vetted by the best cryptographers on the planet and for which reference implementations exist as public domain which have been heavily scrutinized by our best and brightest. What interests me more is the security of the systems at either end of the connection, which is where the vulnerabilities are. Worst case is that the NSA has to do a black bag job to inject a daemon that will siphon off the unencrypted data before it disappears into the black hole of the encryption algorithm. And I think we can presume that the NSA can decrypt Microsoft's Bitlocker volumes.

    I trust most Open Source encryption software because it can be easily vetted. Unfortunately, most of it suffers from Geek's Disease -- i.e., it's so difficult to use that nobody uses it. So it goes...

    - Badtux the Cryptography Penguin

    1. 'tux, I guess I have a naive attitude toward government agencies, an attitude resembling the increasingly inapplicable Google slogan: "don't be evil." NSA may or may not be evil, but it's pretty clearly criminal. With all it has stolen, just call it "Alexander's Bag Crime Band." <grin_duck_run />

  2. SSL was never really secure, it was designed more to prevent spoofing of URIs than real encryption, but it has slowly gotten better, so that the newest version is reasonable if people would just update their software and use it.

    I haven't used US encryption for years because of export controls and other silliness that the US engages in, so they are out of luck on the easy hit with the stuff I want to protect.

    The only way to fight this crap is to make it too expensive to do. The real 'bad guys' tend not to trust technology, so this isn't targeted at 'terrorists', this is part of Alexander the Geek's empire building.

    1. Bryan, I've read (somewhere?) that in Arab cultures the most important messages are made short enough to be committed to memory and delivered in person by a single mutually trusted individual. It certainly limits message length and complexity, but it defeats all the fancy cracking that opponents may attempt with software. (It may also explain America's disgustingly common resort to torture... which doesn't work, but does yield some kind of answer, meaningful or not.)



• Click here to view existing comments.
• Or enter your new rhyme or reason
in the new comment box here.
• Or click the first Reply link below an existing
comment or reply and type in the
new reply box provided.
• Scrolling manually up and down the page
is also OK.

Static Pages (About, Quotes, etc.)

No Police Like H•lmes