UK Cryptographers Call For Outing of Deliberately Weakened Protocols, Products

A Belgian telecom company that handles some of the undersea cables that carry international voice traffic said Monday that its internal network had been compromised sometime in the last few months and malware had planted on some of its systems. Belgacom said the attack only affected its own systems, and not those of customers, and said it has filed a complaint with the Belgian federal authorities about the incident.

A group of cryptographers in the UK has published a letter that calls on authorities in that country and the United States to conduct an investigation to determine which security products, protocols and standards have been deliberately weakened by the countries’ intelligence services. The letter, signed by a number of researchers from the University of Bristol and other universities, said that the NSA and British GCHQ “have been acting against the interests of the public that they are meant to serve.”

The appeal comes a couple of weeks after leaked documents from the NSA and its UK counterpart, Government Communications Headquarters, showed that the two agencies have been collaborating on projects that give them the ability to subvert encryption protocols and also have been working with unnamed security vendors to insert backdoors into hardware and software products. Security experts have been debating in recent weeks which products, standards and protocols may have been deliberately weakened, but so far no information has been forthcoming.

The cryptography researchers in the UK are asking the UK and U.S. governments to reveal which ones are suspect.

“By weakening cryptographic standards, in as yet undisclosed ways, and by inserting weaknesses into products which we all rely on to secure critical infrastructure, we believe that the agencies have been acting against the interests of the public that they are meant to serve. We find it shocking that agencies of both the US and UK governments now stand accused of undermining the systems which protect us. By weakening all our security so that they can listen in to the communications of our enemies, they also weaken our security against our potential enemies,” the letter says.

Published on Monday, the letter is signed by cryptographers from the University of Bristol, University of London, University of Birmingham, University of Luxembourg, University of Southampton, University of Surrey, University of Kent, Newcastle University and University College London. In it, the researchers call on the relevant authorities to publicly name the products and standards that have been weakened in order to inform users which systems they should avoid.

“We call on the relevant parties to reveal what systems have been weakened so that they can be repaired, and to create a proper system of oversight with well-defined public rules that clearly forbid weakening the security of civilian systems and infrastructures. The statutory Intelligence and Security Committee of the House of Commons needs to investigate this issue as a matter of urgency. In the modern information age we all need to have complete trust in the basic infrastructure that we all use,” the letter says.

In the weeks since the documents detailing the NSA’s cryptographic capabilities emerged, further details about exactly which protocols the agency can attack successfully and which standards it may have influenced have been scarce. NIST, the U.S. agency that develops technical standards for cryptography, among other things, as denied accusations that the NSA was able to weaken some of the NIST standards. However, at the same time, NIST officials have issued a recommendation that people no longer use one of the encryption standards it previously published.

“NIST strongly recommends that, pending the resolution of the security concerns and the re-issuance of SP 800-90A, the Dual_EC_DRBG, as specified in the January 2012 version of SP 800-90A, no longer be used,” the NIST statement says.

The standard in question is an elliptic curve random bit generator, and cryptographers have called into question its integrity in the wake of the latest NSA revelations, mainly because its difficult to tell how the points on the elliptic curve were determined.

“This algorithm includes default elliptic curve points for three elliptic curves, the provenance of which were not described. Security researchers have highlighted the importance of generating these elliptic curve points in a trustworthy way. This issue was identified during the development process, and the concern was initially addressed by including specifications for generating different points than the default values that were provided. However, recent community commentary has called into question the trustworthiness of these default elliptic curve points,” the NIST statement says.

Image from Flickr photos of Elliott Brown

Suggested articles

Black Hat and DEF CON Roundup

‘Summer Camp’ for hackers features a compromised satellite, a homecoming for hackers and cyberwarfare warnings.