Computer scientists Nadia Heninger and J. Alex Halderman write: Of all of the revelations about the NSA that have come to light in recent months, two stand out as the most worrisome and surprising to cybersecurity experts. The first is that the NSA has worked to weaken the international cryptographic standards that define how computers secure communications and data. The second is that the NSA has deliberately introduced backdoors into security-critical software and hardware. If the NSA has indeed engaged in such activities, it has risked the computer security of the United States (and the world) as much as any malicious attacks have to date.
No one is surprised that the NSA breaks codes; the agency is famous for its cryptanalytic prowess. And, in general, the race between designers who try to build strong codes and cryptanalysts who try to break them ultimately benefits security. But surreptitiously implanting deliberate weaknesses or actively encouraging the public to use codes that have secretly been broken — especially under the aegis of government authority — is a dirty trick. It diminishes computer security for everyone and harms the United States’ national cyberdefense interests in a number of ways.
Few people realize the extent to which the cryptography that underpins Internet security relies on trust. One of the dirty secrets of the crypto world is that nobody knows how to prove mathematically that core crypto algorithms — the foundations of online financial transactions and encrypted laptops — are secure. Instead, we trust that they are secure because they were created by some of the world’s most experienced cryptographers and because other specialists tried diligently to break them and failed.
Since the 1970s, the U.S. National Institute of Standards and Technology (NIST) has played a central role in coordinating this trust, and in deciding which algorithms are worthwhile, by setting the cryptographic standards used by governments and industries the world over. NIST has done an admirable job of organizing the efforts of cryptographic experts to design and evaluate ciphers. It has also been able to harness the clout of the U.S. government to get those designs — including such state-of-the-art technology as the AES cipher, the SHA-2 hash functions, and public-key cryptography based on elliptic curves — adopted by industry. In turn, American industry believed that it could trust that these technologies had been designed by a competent organization with its interests at heart.
There is now credible evidence that the NSA has pushed NIST, in at least one case, to canonize an inferior algorithm designed with a backdoor for NSA use. Dozens of companies implemented the standardized algorithm in their software, which means that the NSA could potentially get around security software on millions of computers worldwide. Many in the crypto community now fear that other NIST algorithms may have been subverted as well. Since no one knows which ones, though, some renowned cryptographers are questioning the trustworthiness of all NIST standards. [Continue reading…]
