Search the Community

The US National Security Agency (NSA) has offered some sort of apology for pushing insecure cryptography solutions to businesses, describing it as a "regrettable" move. Michael Wertheimer, director of research at the NSA, made the admission about the agency's support of the widely criticised Dual Elliptic Curve Deterministic Random Bit Generator (Dual EC DRBG) in a letter published by the American Mathematical Society (PDF). Dual EC DRBG is a random number generator used by numerous encryption systems that was supported by the NSA throughout the 2000s. The NSA endorsement was a key factor that led the US National Institute of Standards and Technology (NIST) to list the generator as trustworthy. Security firm RSA subsequently integrated Dual EC DRBG into its widely used BSAFE toolkits, despite research from Microsoft and private experts, including cryptography expert Bruce Schneier, suggesting there were backdoors in the system. Reports subsequently broke alleging that the NSA paid RSA $10m to load the tool with the flawed algorithm. RSA has consistently denied this claim. The allegations gained new weight in 2014 when documents leaked by Edward Snowden suggested that ties between the NSA and RSA were deeper than first thought. Addressing these claims, Wertheimer said: "With hindsight, the NSA should have ceased supporting the Dual EC DRBG algorithm immediately after security researchers discovered the potential for a trapdoor. "In truth, I can think of no better way to describe our failure to drop support for the Dual EC DRBG algorithm as anything other than regrettable." He added that the reason for the continued support was a mistaken belief that deploying a new algorithm would be too costly. "The costs to the Defense Department to deploy a new algorithm were not an adequate reason to sustain our support for a questionable algorithm," read the letter. "Indeed, we support NIST's April 2014 decision to remove the algorithm. Furthermore, we realise that our advocacy for the Dual EC DRBG casts suspicion on the broader body of work the NSA has done to promote secure standards." Wertheimer went on to apologise to the maths research community and request that they "continue" to trust the NSA. "NSA mathematicians are fighters in the war on international terrorism, weapons of mass destruction proliferation, narcotics trafficking and piracy," read the report. "It is my sincerest hope that the American Mathematical Society will always see NSA mathematicians as an important part of its membership. "I further hope that dialogue on important issues will always be respectful, informed and focused on inclusivity." The claim has divided the security community, some expressing sympathy towards the NSA and others questioning its cries of innocence. Professor Alan Woodward, of the School of Computer Science at University of Surrey, told V3 that the dangers of pushing a faulty security system far outweigh the benefits for intelligence agencies, such as the NSA. "It is worth remembering that part of the NSA's role is to help secure US government communications as well as gathering foreign intelligence," he said. "It's a bit of a truism but worth repeating: if you deliberately weaken encryption for one set of people whom you consider adversaries, you will weaken it for those you seek to protect as well. "I can imagine that the NSA and every single other signals interception organisation are looking for ways to decrypt internet-based communications. "But I think most realise the dangers of trying to deliberately weaken what is in use. At least I really hope they do." Matthew Green, assistant research professor at the Information Security Institute of Johns Hopkins University, was less positive, pointing out that the NSA still hasn't said why it pushed the standard in the first place, given its technical expertise. "On closer examination, the letter doesn't express regret for the inclusion of Dual EC DRBG in national standards," he noted in a public post. "The transgression Dr Wertheimer identifies is merely that the NSA continued to support the algorithm after major questions were raised. That's bizarre. "It troubles me to see such confusing statements in a publication of the American Mathematical Society. As a record of history, Dr Wertheimer's letter leaves much to be desired, and could easily lead people to the wrong understanding. "Given the stakes, we deserve a more exact accounting of what happened with Dual EC DRBG. I hope someday we'll see that." Wertheimer's comments come during a heated debate about encryption. UK prime minister David Cameron announced plans on 13 January to block encrypted services as a part of a wave of new surveillance laws. Source

In a new article in an academic math journal, the NSA’s director of research says that the agency’s decision not to withdraw its support of the Dual EC_DRBG random number generator after security researchers found weaknesses in it and questioned its provenance was a “regrettable” choice. Michael Wertheimer, the director of researcher at the National Security Agency, wrote in a short piece in Notices, a publication of the American Mathematical Society, that even during the standards development process for Dual EC many years ago, members of the working group focused on the algorithm raised concerns that it could have a backdoor in it. The algorithm was developed in part by the NSA and cryptographers were suspect of it from the beginning. Then, in 2007, well into the life of Dual EC, researchers at Microsoft delivered a talk at a conference that detailed the potential for a backdoor in the algorithm. Still, both the NSA and NIST, which approves technical standards for the United States government, stood by the algorithm. Dual EC was mostly forgotten until late 2013 when allegations emerged that the NSA may have had a secret $10 million contract with RSA Security that prompted the vendor to make Dual EC–which was then known to be weak–the default random number generator in some of its key crypto products. NIST last year removed Dual EC from its guidance on random number generators. “I wrote about it in 2007 and said it was suspect. I didn’t like it back then because it was from the government,” crypto pioneer Bruce Schneier told Threatpost in September 2013. “It was designed so that it could contain a backdoor. Back then I was suspicious, now I’m terrified.” The NSA came under heated criticism for the Dual EC episode, and now one of the agency’s top officials has said it was a mistake for the NSA not to have withdrawn its support for the algorithm after the weaknesses were raised years ago. “With hindsight, NSA should have ceased supporting the dual EC_DRBG algorithm immediately after security researchers discovered the potential for a trapdoor. In truth, I can think of no better way to describe our failure to drop support for the Dual_EC_DRBG algorithm as anything other than regrettable,” Wertheimer wrote in a piece in Notices’ February issue. “The costs to the Defense Department to deploy a new algorithm were not an adequate reason to sustain our support for a questionable algorithm. Indeed, we support NIST’s April 2014 decision to remove the algorithm. Furthermore, we realize that our advocacy for the DUAL_EC_DRBG casts suspicion on the broader body of work NSA has done to promote secure standards. Indeed, some colleagues have extrapolated this single action to allege that NSA has a broader agenda to ‘undermine Internet encryption.'” Wertheimer said that the agency is trying to combat that perception by changing the way that it contributes to standards efforts in order to be more transparent and accountable. “One significant, and correct, change is that all NSA comments will be in writing and published for review. In other words, we will be open and transparent about our cryptographic contributions to standards. In addition, we will publish algorithms before they are considered for standardization to allow more time for public scrutiny,” Wertheimer wrote. “With these measures in place, even those not disposed to trust NSA’s motives can determine for themselves the appropriateness of our submissions, and we will continue to advocate for better security in open-source software, such as Security Enhancements for Linux and Security Enhancements for Android.” Source