Wednesday, September 11, 2013

Big trouble emerging for the NSA

It looks like the cryptographic community is collectively deciding that the NSA cannot be trusted.  Exhibit A: EFF says that NSA has subverted encryption standards:
EFF co-founder John Gilmore has written a fascinating short post about what he noticed happening on an IETF standards committee drawing up the important IPsec standard:
NSA employees participated throughout, and occupied leadership roles in the committee and among the editors of the documents


Every once in a while, someone not an NSA employee, but who had longstanding ties to NSA, would make a suggestion that reduced privacy or security, but which seemed to make sense when viewed by people who didn't know much about crypto.


The resulting standard was incredibly complicated -- so complex that every real cryptographer who tried to analyze it threw up their hands and said, "We can't even begin to evaluate its security unless you simplify it radically".
Needless to say, it was never simplified.
Exhibit B: NIST Director implies that NSA has subverted encryption standards:
Standing in front of more than 2,000 people, Patrick Gallagher addressed what he referred to as the “elephant in the room.”

Gallagher, director of the National Institute for Standards and Technology, was alluding to reports last week that the National Security Agency was building backdoor entrances into companies’ encryption systems, sometimes without their knowledge. NIST has worked with NSA to build encryption and cryptology standards, which the private sector often adopts.

But during his keynote address at the Amazon Web Services Public Sector Summit, Gallagher strongly rebuked allegations that NIST has voluntarily let NSA weaken its encryption standards.

“As director of NIST, what’s most troubling to me reading these news reports is that it appeared to attack our integrity,” Gallagher said. “NIST’s role is to support technical understanding of the strongest, most secure computer security, including encryption, when you can. We are not deliberately, knowingly, working to undermine or weaken encryption technologies.”
Feathers, ruffled.  But ruffled seems to be enough:
NIST did, however, reopen on Tuesday the public comment period for the three standards in question “to give the public a second opportunity to view and comment on the standards,” according to an official statement.
“If vulnerabilities are found in these or any other NIST standards, we will work with the cryptographic community to address them as quickly as possible,” the statement added.
Exhibit C: More NSA standards fiddling?
More likely is that the NSA has some mathematical breakthrough that affects one or more public-key algorithms. There are a lot of mathematical tricks involved in public-key cryptanalysis, and absolutely no theory that provides any limits on how powerful those tricks can be.

Breakthroughs in factoring have occurred regularly over the past several decades, allowing us to break ever-larger public keys. Much of the public-key cryptography we use today involves elliptic curves, something that is even more ripe for mathematical breakthroughs. It is not unreasonable to assume that the NSA has some techniques in this area that we in the academic world do not. Certainly the fact that the NSA is pushing elliptic-curve cryptography is some indication that it can break them more easily.
All of this is going on in a very public debate.  There are a lot of crypto folks who are pretty sick of the shenanigans, and that's leading to security efforts that may bypass the NSA:
Google's strategy for making surveillance of user Internet activity more difficult for U.S. and foreign governments is as much about economics as data encryption, experts say.

Google recently told The Washington Post that it has stepped up efforts to encrypt data flowing between its data centers around the world. The move follows revelations over the summer of massive Internet surveillance by the U.S. National Security Agency (NSA).

Google's encryption initiative started last year, but was accelerated in June following the release of classified documents on NSA data collection. Whistleblower Edward Snowden, an ex-NSA contractor, supplied the documents to news media, which led to extensive reporting by The New York Times, The Washington Post, The Guardian and ProPublica.
The NSA is alienating a whole community of security and crypto nerds.  That is unlikely to play out well for the NSA.  I'm wondering now whether an open source crypto standard might get created without involvement by NSA (or NIST). 

The NSA was viewed as the Bad Guy back in the 1990s when they were going after Phil Zimmerman and PGP, but now is much, much worse.  I'm not at all sure that NSA can succeed without the active support of the security community.


Anonymous said...

So.....what's really goin' on? Why are they screenin' the goalie?

Borepatch said...

@Shall, I think it's NIST thinking that they're potentially being made to look bad by the rest. I haven't see a government agency yet that is willing to take a hit to its fundamental mission just to support another agency.

I take all the comments about "open and transparent" from the NIST Director to be the tell. These criticisms have drawn blood. All NIST has to do it step asside and let the crypto community do the dirty work of exposing NSA. Then it would be NSA's fault - after all, people can look right now anyway, right? These are published standards.

And so NIST has the PR cover to defend their position as honest brokers.