The incredible allegations that developers working under the auspices of the FBI and Justice Department planted a backdoor in the IPSec stack of the OpenBSD operating system are likely just that, experts say: not credible.
“There is no way that the FBI paid anyone to create backdoors in OpenBSD and put it out there for the world to use. It just doesn’t happen that way,” E.J. Hilbert, president of Online Intelligence and a former FBI computer crimes investigator. “Imagine the implications if that was done. It can’t be done. The FBI is subject to the Justice Department’s regulations and every method has to stand up in court.”
The news that there might be a backdoor in OpenBSD first hit Tuesday afternoon when the project’s founder, Theo de Raadt, posted an email that was sent to him by someone claiming to be a man named Gregory Perry, whose former employer, NetSec (now defunct), supposedly did some security work for the FBI in the early part of the last decade on crypto frameworks. The email claimed that the FBI had paid the company to plant backdoors in the OpenBSD IPSec stack so that the bureau could eavesdrop on supposedly private traffic carried on VPNs used inside the Justice Department.
At the time, crypto was impractical to do in software alone, so many implementations used hardware accelerators and dedicated crypto chips and boards to help speed up the performance of IPSec VPNs. One such board that the OpenBSD Cryptographic Framework was designed to support was the NetSec Hifn 7751.
“If you will recall, a while back I was the CTO at NETSEC and arranged funding and donations for the OpenBSD Crypto Framework. At that same time I also did some consulting for the FBI, for their GSA Technical Support Center, which was a cryptologic reverse engineering project aimed at backdooring and implementing key escrow mechanisms for smart card and other hardware-based computing technologies,” the email from Perry said. “My NDA with the FBI has recently expired, and I wanted to make you aware of the fact that the FBI implemented a number of backdoors and side channel key leaking mechanisms into the OCF, for the express purpose of monitoring the site to site VPN encryption system implemented by EOUSA, the parent organization to the FBI. “
One of the OpenBSD developers that Perry mentions in his email to De Raadt is a man named Jason L. Wright, who co-authored the original paper on the OpenBSD Cryptographic Framework in 2003. In a response on an OpenBSD mailing list to Perry’s email, Wright said that he knows nothing about a backdoor in the operating system.
“I will state clearly that I did not add backdoors to the OpenBSD operating system or the OpenBSD crypto framework (OCF). The code I touched during that work relates mostly to device drivers to support the framework. I don’t believe I ever touched isakmpd or photurisd (userland key management programs), and I rarely touched the ipsec internals (cryptodev and cryptosoft, yes). However, I welcome an audit of everything I committed to OpenBSD’s tree,” he wrote.
Security experts say that not only is it implausible that the FBI would conspire to plant a vulnerability into a widely distributed open-source package, but it’s also an allegation that’s very difficult to disprove. It will be almost impossible for the OpenBSD team to make a blanket statement at any point saying that there is no backdoor. Proving a negative is not an easy proposition.
“It would be nearly impossible to prove or disprove,” said Nate Lawson of Root Labs, a cryptographer and security expert who has done a lot of work on embedded device and hardware security. “These allegations are almost certainly false, at least in the broadest sense (subtle side channels being introduced into the main OpenBSD source tree). It is possible that someone added a backdoor in an individual (maybe privately-created) OpenBSD source or binary distribution. There’s a wide variety of ways that it could have been done, from the simple and obvious to the subtle and devious. It’s possible to create something that looks like a simple code error and it would be impossible to prove intent.”
One potentially plausible scenario, however, is that someone could have intentionally introduced a vulnerability into a privately modified copy of OpenBSD or into one specific binary. If the FBI–or anyone else–had taken the time and effort to do that, it would make the problem not only harder to address but even more difficult to disprove, since only the people involved would have access to that code.
“This is ten-year-old code we’re talking about for one specific board that no one uses at this point,” Lawson said. “If that’s the case, then the FBI could have never used it, or only used it against one person or whatever. Who knows what they did with it? But it all sounds fishy. Maybe it’s just a subtle interaction with one piece of hardware. If it’s not an obvious thing, it would be very hard to replicate. And we’re talking about boards on machines that would be 10 years old now at least and it wouldn’t affect anyone really.”
De Raadt said in his message to an OpenBSD mailing list that he had no idea whether the allegations were true. In an email interview on Wednesday, de Raadt said that he and the rest of the OpenBSD team were in the process of auditing the code in question but had so far not come up with any evidence of a backdoor.
“Since yesterday, I have nothing new to add to the story. Our group still does not know if it is true, and our audit has not yet found anything. I’m just as eager as anyone else to find out if it is true, and if so, to find the alleged backdoors so that we can fix them,” he said.
The allegations about the FBI-sponsored backdoor in OpenBSD have echoes of the controversies over the Clipper Chip and key escrow from the 1990s. The federal government at the time was quite concerned about strong crypto being exported to foreign countries and proposed the idea of allowing exportation as long as the government was given a master key that would allow for the decryption of messages. That didn’t go over very well and, following an outcry from the security and privacy communities, the idea eventually was abandoned.
Hilbert, the former FBI agent, said that what the bureau does do–as many federal agencies do–is to perform stringent testing of any new software package that it is considering for internal use. That testing can include vulnerability assessments and attempts to find exploitable flaws in the application, but that’s not the same as deliberately inserting a flaw and then repackaging the app for public consumption.
“Anytime there’s a new software package that’s going to be used by the investigative unit, it’s ripped to shreds to make sure there are no backdoors in there,” he said. “It’s a matter of risk assessment and analysis. We have to know the parameters of what we’re working with. We have to test it. This is something that should be happening non-stop as people try to identify backdoors or other things. Are other people out there doing it? Probably. But it isn’t the FBI. They’re not this evil group of people that everyone wants to make them out to be.”