Juniper Networks hopes to remove any clouds of uncertainty that its networking gear might still have a backdoor that could allow the NSA or hackers to snoop on traffic running through its hardware.
On Thursday, Juniper completed an update to the way its ScreenOS software handles encryption. Juniper said it has integrated the company’s widely used random number generator component into the ScreenOS software, abandoning older controversial methods.
The random number generator (RNG) component is a key ingredient used to encrypt and protect network traffic that passes through the company’s networking hardware. It has also been ground zero in a controversy over Juniper and its possible collusion with the National Security Agency (NSA) to spy on digital communications.
In a brief 58-word bulletin posted to the company’s website Thursday, Juniper said it has phased out use of two controversial RNG components, DUAL_EC_DRBG and the ANSI X9.31 PRNG, that security experts said were flawed. Juniper said it has completed a transition to “the same random number generation technology currently employed across (its) broad portfolio of Junos OS products.”
The latest version of the software, ScreenOS 6.3.0r22, is available now. The new random number generator is HMAC-DRBG, widely regarded as a trusted and superior replacement to DUAL_EC_DRBG and ANSI X9.31 PRNG.
“This is absolutely a good move on Juniper’s behalf,” said Stephen Checkoway, assistant professor of computer science at the University of Illinois at Chicago. “There are some unresolved questions. But moving from a bad random number generator to a better one is the right thing to do technically.”
Juniper, a leading networking equipment manufacturer, has been on the defensive since 2015 when it said it found two instances of computer code used to eavesdrop on data sent over certain models of its firewalls running the ScreenOS software. At the time, many argued the revelation was tied to state-sponsored tampering.
Juniper released critical patches to address concerns. However the remedial efforts did nothing to stop a wave of intense scrutiny and finger pointing surrounding Juniper’s ScreenOS software and who was behind the spy code.
To many, these revelations seemed to confirm the widely held belief the vulnerabilities were tied to operations by the NSA described in the 2013 article published by the German publication Der Spiegel. That article described the existence of a catalog of hardware and software tools used by the NSA to infiltrate equipment manufactured by Juniper, Cisco and Huawei. The story was based on leaked 2013 document by former contractor Edward Snowden.
Juniper’s two initial patches that address these problems and attempted to put the controversy to bed were quickly overshadowed by new allegations.
Soon after Juniper released the patches, security researchers at Fox-IT and Rapid7 discovered and publish a secret password it found buried in the ScreenOS source code that granted remote admin access to Netscreen devices running the OS.
Almost in parallel, researchers discovered in Juniper documentation that the company had included the Dual_EC_DRBG random number generator, which has long been considered a US government backdoor and used to hobble the encryption algorithm used for Juniper’s VPN. The problem was that the use of the Dual_EC_DRBG random number generator wasn’t random enough, and gave a backdoor advantage to the algorithm’s designers—the NSA.
Juniper then implemented the ANSI X9.31 random number generator. That implementation proved problematic when uniper’s implementation of the component proved faulty. According to security experts, Juniper used both Dual_EC and ANSI X9.31 RNG random number generators in its ScreenOS. But because of a software bug, only the suspect Dual_EC was ever actually used.
In January, Juniper said it would remove Dual_EC and ANSI X9.31 RNG from ScreenOS. On Thursday it did just that.
“Juniper goes a long way toward fixing the problem,” Checkoway said. But, he said, Juniper hasn’t absolved itself of past suspect behavior. “Juniper needs to be more transparent and explain some of the decisions it made in implementing Dual_EC and ANSI X9.31 RNG into ScreenOS.”