John Gilmore On How The NSA Sabotaged A Key Security Standard

from the betrayal-of-trust dept

Mon, Sep 9th 2013 1:27pm — Glyn Moody

In Bruce Schneier's uplifting call to fix the Internet in the wake of key technologies being subverted by the US government, one of the things he asks engineers to do is to come forward with detailed information about how the NSA did that:

We need to know how exactly how the NSA and other agencies are subverting routers, switches, the internet backbone, encryption technologies and cloud systems. I already have five stories from people like you, and I've just started collecting. I want 50. There's safety in numbers, and this form of civil disobedience is the moral thing to do.

Although not directly answering that call, EFF co-founder John Gilmore has written a fascinating short post about what he noticed happening on an IETF standards committee drawing up the important IPsec standard: NSA employees participated throughout, and occupied leadership roles in the committee and among the editors of the documents

...

Every once in a while, someone not an NSA employee, but who had longstanding ties to NSA, would make a suggestion that reduced privacy or security, but which seemed to make sense when viewed by people who didn't know much about crypto.

...

The resulting standard was incredibly complicated -- so complex that every real cryptographer who tried to analyze it threw up their hands and said, "We can't even begin to evaluate its security unless you simplify it radically".
Needless to say, it was never simplified. Gilmore also reports what happened elsewhere: In other circumstances I also found situations where NSA employees explicitly lied to standards committees, such as that for cellphone encryption, telling them that if they merely debated an actually-secure protocol, they would be violating the export control laws unless they excluded all foreigners from the room (in an international standards committee!).
Of course, this remains at the anecdotal level. But if Schneier gets his 50 NSA stories, we should start to have a much clearer picture of what the agency has been up to -- and how to stop it happening in the future.

Follow me @glynmoody on Twitter or identi.ca, and on Google+

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: backdoors, encryption, ietf, john gilmore, nsa, sabotage, standards, surveillance

11 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Anonymous Coward, 9 Sep 2013 @ 2:28pm

There is a simple solution to the problem:

Kill them and take their stuff. 'Tis the Olde Viking way, and it seems apropos now.
[ link to this | view in chronology ]
vastrightwing, 9 Sep 2013 @ 2:34pm

No sarcasm today
I'm very concerned here. It now looks like we have to totally rebuild the entire security scheme for the internet. This means SSL certificates, VPNs, appliances, everything! This will be a long and difficult task because surely the new security model will have to be vetted by experts and where will these experts come from? Not from the NSA. Even the most rudimentary building block such as a random number generator will need to be touched. Since we all know by now the NSA turned even a random number generator into a back door, making all encryption techniques breakable with ease.

As memos noted, citizens are the enemy here. So I say we MUST prevent all government agencies from influencing the design of any security infrastructure. They are immediately ineligible and suspect. The design must be elegant, simple to understand by a reasonable person with security knowledge. The source open so flaws can be detected and fixed. The design needs to be such that current technology would take years to brute force an attack. We don't want to rely on OEM libraries since they are also suspect. That is no using standard or certified libraries, since certification means endorsed by the enemy. All appliances such as switches and routers, telephony, etc. all need the firmware re-written.

Unfortunately we won't be told what encryption is safe, so we must assume none of it is. Further, we need to adopt an update strategy every few years and change the basic algorithm, even if it is strong, merely to ensure the current method has not been compromised.
[ link to this | view in chronology ]
- Bergman (profile), 9 Sep 2013 @ 3:42pm
  
  Re: No sarcasm today
  Unfortunately, right after they get excluded from the process as security risks, they'll go to Congress and get it make illegal to exclude them. And then the US will become a third world country as far as tech development is concerned.
  [ link to this | view in chronology ]
  - Bergman (profile), 9 Sep 2013 @ 3:44pm
    
    Re: Re: No sarcasm today
    And that's if we're lucky. If we're not, it will be a secret court issuing a secret injunction against excluding secret agents and nobody will know they're breaking the law even after people start disappearing into secret jails where national security trumps the right to due process.
    [ link to this | view in chronology ]
- Hephaestus (profile), 9 Sep 2013 @ 4:59pm
  
  Re: No sarcasm today
  Please, it is not that complex. Run two levels of encryption, one that is trusted like we do now for web sites, and another underneath that is public-private key generated at both ends. It does not matter if they have hacked the routers, switches or even have the root certificates for the entire internet at that point all they get is noise.
  
  http://en.wikipedia.org/wiki/Diffie%E2%80%93Hellman_key_exchange
  http://en.wikipedia.org/wiki/P ublic-key_cryptography
  [ link to this | view in chronology ]
  - The Mighty Buzzard (profile), 10 Sep 2013 @ 1:08am
    
    Re: Re: No sarcasm today
    Most implementations of DH are compromised at the moment. Only the ones using elliptical curve algorithms are even in the running for secure.
    [ link to this | view in chronology ]
Anonymous Coward, 9 Sep 2013 @ 4:37pm

i hope this can be sorted out pretty quickly, or there will be no room left in the prisons to take all the criminals the NSA have made out of ordinary people. perhaps a roll reversal is in order?
[ link to this | view in chronology ]
Qyiet, 9 Sep 2013 @ 4:53pm

Of FFS..
So all the bullshit I went through to get my IPsec tunnels between different vendors working was just so the NSA could have an extra complex standard to slip vulnerabilities into.

Talk about backwards engineering.
[ link to this | view in chronology ]
- Anonymous Coward, 10 Sep 2013 @ 2:04am
  
  Re: Of FFS..
  It's worse, considering the crackers now know where to look in secure standards to break into, not just small enterprises, but big ones....y'know, like banks.
  
  Good job, NSA!
  [ link to this | view in chronology ]
Anonymous Coward, 10 Sep 2013 @ 1:02am

Next relevations in (redacted)
Therefore by using only metadata we can now realize that also DNSSEC has been compromised by DOJ and DOD.

Great job guys and gals...
[ link to this | view in chronology ]
Mike Acker (profile), 10 Sep 2013 @ 4:42am

Security starts a home
there is no point in discussing encryption until the question of un-authorized programming is settled

i don't think there is any point in discussing un-authorized programming unless we are using open-source software ( I'm using Linux/Mint )

i tend to agree with Snowden -- nothing wrong with encryption that we have -- e.g. GnuPG -- implemented properly

he means on a secure host, and don't use "123456" for you password

the existing x.509 and CA structure is a mess: you are trusting everything your browser sends you -- and everything that mess has signed for

the First Thing a computer user should do is generate his key pair . once that's done he is in a position to vet and sign certificates . he won't need to do many of these -- just those that need to be secured -- e.g. NewEgg, Amazon, Credit Union, TurboTax, -- anyplace money is involved. you don't need https on a blog site. but you DO need GnuPG on your e/mail

Thunderbird/ENIGMAIL is one solution.
[ link to this | view in chronology ]