Fears that the National Security Agency (NSA) has managed to convince U.S.-based suppliers of software, hardware and services to install backdoors for espionage purposes has created a crisis of confidence around the world.
There has been, of course, perennial suspicion that the NSA has sought backdoors, but documents leaked by former NSA contractor Edward Snowden last month confirm it. And neither the NSA nor the Director of National Intelligence, James Clapper — whose office has frequently been the mouthpiece of the Obama Administration to speak about the NSA imbroglio — has attempted to dissuade us otherwise. Mounting concern that NSA backdoors might be literally everywhere is causing network vendors, their customers, and security researchers to question what they trust.
An article in the New York Times based on Snowden-leaked documents, even questions whether a crypto random-bit generator known called "Dual Elliptic Curve Deterministic Random Bit Generator" promoted by the National Institute of Technology was subverted by NSA cryptographers that worked on it several years ago. Crypto experts had raised questions about oddities they saw in Dual EC DRBG years ago, but the standard went on to be widely adopted and used.
Reacting to an outpouring of anger, NIST, which says it has no knowledge of any NSA backdoors, decided to open the Dual EC DRBG standard on Sept. 10 to public comments, saying if vulnerabilities are found NIST would work with the cryptographic community to address them. "NIST would not deliberately weaken a cryptographic standard," NIST said in a statement.
Paul Kocher, president and chief scientist at Cryptography Research, is one of many crypto experts that think Dual EC DRGB does contain an NSA backdoor. "It's an unusual backdoor in that it requires a secret to exploit it," explains Kocher. He says it's "consistent with the conclusion that NSA could break it." The only way to get the "smoking gun" on this, though, is to "reveal the secrets to break it." And the absolute proof would be the key itself, he says.
The Dual EC DRBG technology has been widely deployed, not least through the RSA BSAFE toolkit which contained it. RSA, the security division of EMC, makes the BSAFE toolkit available to add a range of crypto functions to vendor- or enterprise-designed software, and Dual EC DRBG was the default in it.
The day after NIST said it was opening up Dual EC DRBG to public comment, RSA issued an advisory related to its RSA BSAFE and RSA Data Protection Manager, telling customers they should drop Dual EC DRBG and use another crypto technology. Some cryptographers have even cast aspersions on RSA's motives, but RSA adamantly denies any willful act related to NSA backdoors.
Sign up for Computerworld eNewsletters.