NSA's reported tampering could change how crypto standards are made
- By William Jackson
- Nov 04, 2013
In the wake of reports that the National Security Agency successfully inserted a backdoor into government specifications for generating cryptographic keys, the National Institute of Standards and Technology has begun a formal review of its processes for developing crypto standards.
NIST did not mention the NSA’s backdoor programs in announcing its review, referring only to concerns in the cryptographic community raised by “recent news reports about leaked classified documents.” But reports from documents released by former NSA contractor Edward Snowden indicate that a random number generator included in NIST recommendations for creating crypto keys is vulnerable to attacks that can reveal keys being generated.
Matthew Scholl, deputy director of NIST’s Computer Security Division, said the reports were the catalyst for the review.
NIST, which develops standards for the federal government that often are adopted by other governments and by industry, in September reopened public review of a suite of publications that contain the suspect specification. The newly announced review focuses on the development process rather than the soundness of any standards.
“Our mission is to protect the nation’s IT infrastructure and information through strong cryptography,” NIST said in a statement announcing the review. “We cannot carry out that mission without the trust and assistance of the world’s cryptographic experts.”
Unfortunately, that trust has been eroded by revelations that the NSA --NIST’s partner in crypto development -- has attempted to subvert the process by inserting vulnerabilities into systems and by reports that it might have succeeded.
Random number and bit generation are important in cryptography because they are used to provide seeds for crypto keys, which must be unpredictable to effectively protect data being encrypted. NIST, in the 800 series of special publications, specifies methods for random number generation that can be used with government encryption systems. These documents are:
- SP 800-90A, Recommendations for Random Number Generation Using Deterministic Random Bit Generators.
- SP 800-90B, Recommendation for the Entropy Sources Used in Random Bit Generation.
- SP 800-90C, Recommendations for Random Bit Generator Constructions.
The random number generator in question is Dual EC_DRBG, the Dual Elliptic Curve Deterministic Random Bit Generator.
Distrust in the NSA’s participation in crypto standards-making has deep roots, dating back to at least 1976 when many believed that it had inserted a backdoor into the Data Encryption Standard, the approved algorithm for government encryption. More recently, information about a wide-ranging set of programs to weaken technical standards and subvert commercial operations to facilitate data collection has raised serious concerns about not only random number generation but other possible backdoors as well.
“NIST is also deeply concerned by these reports, some of which have questioned the integrity of the NIST standards development process,” the agency said in its statement. “Trust is critical to the adoption of strong cryptographic algorithms. To ensure that our guidance has been developed according to the highest standard of inclusiveness, transparency and security, NIST has initiated a formal review of our standards development efforts.”
Although NIST not infrequently reopens public review of specific standards or other products when problems are found or suspected, Scholl could not say if there was a precedent for this type of broad review of processes. But he said, “It is not out of line for NIST to do this.”
The agency is cataloging the processes’ goals and objectives, principles of operation, processes for identifying algorithms for standardization, methods of review and resolving public comment and other procedures. It will bring in an outside organization to evaluate the process and invite public comment. It also will review the existing body of cryptographic work to ensure that its development meets these standards.
“If any current guidance does not meet the high standards set out in this process, we will address these issues as quickly as possible,” the announcement said.
Scholl said that NIST’s standards-making work is built on collaboration across government as well as with industry and that there are no plans to move NSA out of the process. “We have worked with the NSA for a long time on many different projects and will continue to do that,” he said.
There was no timetable given for accomplishing the review.