Six years ago, something interesting took place at Microsoft’s Windows annual Crypto conference in Santa Barbara. In the course of the presentations, two members of the company’s security group (Dan Shumow and Niels Ferguson) gave a talk that dealt with internet security and the possibility that major systems could be hacked.
They called their presentation “On the Possibility of a Back Door in the NIST SP800-90 Dual Ec Prng”. That’s a name few people outside of the techy community would recognize, as it refers to a pseudorandom number generating program that is used extensively in cryptography. And thought the presentation was only nine slides and a few minutes long, they managed to capture the attention of the crowd with some rather stark observations.
Basically, they laid out a case showing that the new encryption standard, given a stamp of approval by the U.S. government, possessed a glaring weakness that made one of the program’s algorithms susceptible to cracking. But the weakness they described wasn’t just an average vulnerability, it had the kind of properties one would want if one were intentionally inserting a backdoor to make the algorithm susceptible to cracking by design.
At the time, no one thought much of it. But today, that’s all changed, thanks to Edward Snowden. Apparently, cryptographers and journalists are seeing a connection between the talk given by Shumow and Ferguson and the classified NSA documents Snowden leaked. Apparently, some of that information confirms that the weakness in the Dual_EC_DRBG algorithm might be indeed a backdoor.
Earlier this month, an article appeared in the New York Times that implied that the backdoor was intentionally put there by the NSA as part of a $250-million, decade-long covert operation by the agency to weaken and undermine the integrity of a number of encryption systems used by millions of people around the world.
Naturally, these allegations not only stoked the fires over the NSA’s long history of spying on databases, both domestic and foreign, it has also raised questions over the integrity of the rather byzantine process that produces security standards in the first place. The National Institute of Standards and Technology (NIST) approved Dual_EC_DRBG and the standard, is now facing criticism alongside the NSA.
And while NIST has since been forced to re-open the program to examination and public discussion, security and crypto firms around the world are scrambling to unravel just how deeply the suspect algorithm infiltrated their code, if at all. Some even went so far as to publicly denounce it, such as corporate giant RSA Security.
But of course, a number of crypto experts have noted that the Times hasn’t released the memos that purport to prove the existence of a backdoor. What’s more, the paper’s direct quotes from the classified documents don’t mention a backdoor or efforts by the NSA to weaken it or the standard, only the efforts of the agency to push the standard through NIST’s committees for approval.
One such person is Jon Callas, the CTO of Silent Circle – a company that offers encrypted phone communication. Having attended the Crypto conference in 2007 and heard the presentation by Shumow, he believes that the real problem may lie in the fact that the algorithm was poorly made:
If [the NSA] spent $250 million weakening the standard and this is the best that they could do, then we have nothing to fear from them. Because this was really ham-fisted. When you put on your conspiratorial hat about what the NSA would be doing, you would expect something more devious, Machiavellian … and this thing is just laughably bad. This is Boris and Natasha sort of stuff.
Sources at Microsoft agree. In addition to the presenters – who never mention the NSA in their presentation and went out of their way to avoid accusing NIST of any wrongdoing – a manager who spoke with WIRED on condition of anonymity believes the reporters at the Times saw the classified documents dealing with the program, read about the 2007 talk, and assumed their was a connection.
But Paul Kocher, president and chief scientist of Cryptography Research, says that regardless of the lack of evidence in the Times story, he discounts the “bad cryptography” explanation for the weakness, in favor of the backdoor one:
Bad cryptography happens through laziness and ignorance. But in this case, a great deal of effort went into creating this and choosing a structure that happens to be amenable to attack.
Personally, I find it interesting that the NSA would be so committed to making sure a program passed inspection. Especially one that had a fatal flaw that, when exploited properly, could be used to give someone who knew about it access to encrypted information. But of course, it’s not like the NSA has been known to invade people’s privacy, right? RIGHT?
Clearly, all there is at this point is speculation. One thing is certain though. In the coming weeks and months, the NSA is going to be the recipient of even more flak over its monitoring and cryptographic activities. Whether this effects any change in policy remains to be seen, but I doubt anyone will be holding their breaths.
Sources: wired.com, nytimes.com