SAN FRANCISCO – RSA Security executive chairman Art Coviello today at RSA Conference 2014 made his first public comments about the security company’s relationship with the National Security Agency, painting the landmark firm as a victim of the spy agency’s blurring of the lines between its offensive and defensive missions.
A Reuters report in December alleged RSA Security was paid $10 million in a secret contract with the NSA to use encryption software—specifically the Dual EC DRBG random number generator—that the spy agency could easily crack as part of its surveillance programs. The deal goes back nearly a decade to 2006, and according to Reuters, represented one third of the company’s crypto revenue at the time.
The bombshell came three months after RSA Security followed NIST’s lead in September and recommended that developers no longer use the algorithm, which has long been considered weak and likely backdoored.
Coviello reiterated that RSA’s partnership with the NSA is a matter of public record, but that circumstances require a re-evaluation of that relationship. RSA, for example, works closely with the NSA’s defensive arm, the Information Assurance Directive (IAD); Coviello said he supports a presidential review group’s recommendation to simplify the NSA’s role as solely a foreign intelligence gathering unit and that the IAD be spun out and managed by another agency.
“When or if the NSA blurs the line between its defensive and intelligence gathering roles, and exploits its position of trust within the security community, then that’s a problem,” Coviello said during his keynote address kicking off the conference. “Because, if in matters of standards, in reviews of technology, or in any area where we open ourselves up, we can’t be sure which part of the NSA we’re actually working with, and what their motivations are, then we should not work with the NSA at all.”
Coviello also called for global reform of surveillance and privacy protections, outlining four principles he urges governments worldwide to consider. Those include the international renouncing of cyberweapons; cooperation between governments to investigate and prosecute cybercriminals; ensure the security of commerce online and the protection of intellectual property; and ensure privacy for individuals.
“All intelligence agencies around the world need to adopt a governance model that enables them to do more to defend us, and less to offend us,” said Coviello, who strongly denounced the use of cyberweapons and said governments should put limitations and bans on them similar to those imposed on nuclear and chemical weapons.
Coviello tried to bring historical context to the Dual EC DRBG controversy, which he said has flipped the industry’s perception of RSA Security to one of being in cahoots with the government rather than leading the charge against it in matters of privacy and protecting infrastructure. Coviello said the landscape changed in the late 1990s when RSA’s crypto patents expired and open source implementations of the famed RSA algorithm became the norm. Rather than fight the trend, Coviello said the company made a decision to lead as a contributor to standards efforts, including NIST and ANSI X9.
Coviello said in the early 2000s, RSA Security supported the moved to the NIST-sponsored Dual EC DRBG, an elliptic-curve algorithm, over hash-derived algorithms. By 2006, NIST had made Dual EC DRBG a standard and RSA made the algorithm the default random-number generator in its BSAFE crypto libraries that were made available to developers and became foundational encryption technology in any number of home-grown and commercial applications. Dual EC DRBG was also the default RNG in its key management product RSA Data Protection Manager. BSAFE is embedded in many applications, providing cryptography, digital certificates and TLS security.
“Given that RSA’s market for encryption tools was increasingly limited to the U.S. federal government and organizations selling applications to the federal government, use of this algorithm as a default in many of our toolkits allowed us to meet government certification requirements,” Coviello said.
Dual EC DRBG had a target on its back going back to 2007 when suspicions were raised by cryptographers Dan Shumow and Niels Ferguson during a presentation at the CRYPTO conference, as well as in an essay by Bruce Schneier who said the inherent weakness in the algorithm “can only be described as a backdoor.”
The knock against the maligned algorithm is that it’s slow and contains a bias, meaning the random numbers it generates aren’t so random. Schneier wrote that the numbers have a relationship with a secret second set of numbers that enables anyone who knows that second set to predict the output of the random number generator.
“To put that in real terms, you only need to monitor one TLS Internet encryption connection in order to crack the security of that protocol. If you know the secret numbers, you can completely break any instantiation of Dual_EC_DRBG,” Schneier said. “The researchers don’t know what the secret numbers are. But because of the way the algorithm works, the person who produced the constants might know; he had the mathematical opportunity to produce the constants and the secret numbers in tandem.”
Coviello said the rapid growth and relative young age of the Internet as a platform for commerce and communication has put us at a crossroads where “norms” are required.
“We are in the midst of chaos and confusion, but if we don’t figure out digital norms and do so quickly, the alternative may be extinction,” Coviello said. “Extinction of the Internet as a trusted environment to do business; extinction as a trusted environment to coordinate research and development; extinction as a trusted environment to communicate with each other.”