With all of the disturbing revelations that have come to light in the last few weeks regarding the NSA’s collection methods and its efforts to weaken cryptographic protocols and security products, experts say that perhaps the most worrisome result of all of this is that no one knows who or what they can trust anymore.
The fallout from the most-recent NSA leaks, which revealed the agency’s ability to subvert some cryptographic standards and its “partnerships” with software and hardware vendors to insert backdoors into various unnamed products, has continued to accumulate over the course of the last couple of weeks. Cryptographers and security researchers have been eager to determine which products and protocols are suspect, and the discussion has veered in a lot of different directions. But one thing that’s become clear is that when the government lost the so-called Crypto Wars in the 1990s, the NSA didn’t just go back to Fort Meade and tend to its knitting.
“The good news, I thought until a couple of weeks ago, is that the government lost that war. What we didn’t realize is that the Crypto Wars never ended, they just moved underground,” Matthew Green, a cryptographer and research professor at Johns Hopkins University, said during a roundtable sponsored by the university on Wednesday. “Some of these standards were actually built to be less secure so that the NSA might be able to spy on us.”
One of the few bits of concrete information that’s emerged in all of this is that a random-number generator developed by NIST several years ago is now in question. Cryptographers have suspected for some time that the Dual_EC_DRBG random-number generator, which is included in some standards, may have been deliberately weakened. NIST issued a statement in the last few days warning people not to use Dual_EC_DRBG.
“Concern has been expressed about one of the DRBG algorithms in SP 800-90/90A and ANS X9.82: the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm. This algorithm includes default elliptic curve points for three elliptic curves, the provenance of which were not described. Security researchers have highlighted the importance of generating these elliptic curve points in a trustworthy way. This issue was identified during the development process, and the concern was initially addressed by including specifications for generating different points than the default values that were provided. However, recent community commentary has called into question the trustworthiness of these default elliptic curve points,” the NIST statement says.
Green said that the recent NSA leaks have reinforced the difficulty of producing good standards and algorithms, never mind trying to do so when the NSA has inserted itself surreptitiously into the process.
“Crypto is incredibly hard to get right when you’re not fighting someone like the NSA. How we deal with that when someone very powerful is going around us to build weaknesses in from the start?” Green said.
“We don’t know how good these standards are. Is there any way to rebuild that trust? How secure are we going to be when every moron in the world starts to build their own standards? If the NSA is doing it, then who knows who else might be doing it.”
Aside from the questions about weak or deliberately compromised protocols, experts also say there could be long-range ramifications for security vendors who are trying to sell their products to a suddenly skeptical customer base.
“Should we accept that being secure is worth the blowback? Should anybody trust us now?” Green said. “If we’re building this technology and exporting it to the rest of the world, why should anybody buy it? I don’t know what the impact is.”
Image from Flickr photos of Sebastien Wiertz.