Recent revelations about RSA collusion with the NSA to include the compromised Dual Elliptic Curve random number generating algorithm into its flagship security suite may be shocking, but the NSA has a long history building backdoors into widely used security protocols, and thanks to the efforts of Ethan Heilman, Research Fellow at Boston University, we can present a list of its highlights.
1946 – 1970, The ‘Ultra Secret’
During World War 2 the German military used electro-mechanical rotor cipher machines, called Enigma machines, to send and receive secret messages, and it was Alan Turing’s famous breaking of the cipher used by these machines that helped bring the war to an early conclusion, and is widely seen as the birth of modern computing.
Following the Allied invasion of Europe, the US and Britain captured many of these devices, which after the war they then sold to many of their allies and (in Britain’s case) former colonies, neglecting to mention that they could decipher the supposedly secret communications made using them. For almost 30 years the US and UK kept this secret to themselves, and used it spy on ‘friendly’ governments.
Crypto AG is a Swiss security firm who specialises in making encryption machines and other cipher devices. In 1957 NSA cryptographer William Freedman colluded with Crypto AG founder Boris Hegalin to weaken Crypto AG’s ciphers, and by no later than the early 1970s backdoors had been introduced which allowed full key reconstruction.
Over the years various clues began to make it clear that Crypto AG could not be trusted, and in 1983 Ronald Reagan all but gave the game away by letting it drop during a television broadcast that the US could decrypt Libyan combinations. In 1991 the Iranian government was shocked to find supposedly secure diplomatic communications turn up in a French court case, and a year later charged a Crypto AG salesman with espionage. This does not however seem to have prevented it continuing to use Crytpo AG machines until at least 2003.
In 2004 Iraqi politician Ahmed Chalabi, formerly considered a close ally of the Pentagon, gave away US code breaking secrets (supposedly obtained from a drunk American code-beaker) to Iran. It is speculated that this information related to Crypto AG backdoors or weaknesses.
Despite large amounts of evidence of NSA tampering with its ciphers, Crypto AG remains a large and popular manufacturer of cryptography hardware.
1970 – now, Data Encryption Standard
Developed in the early 1970’s, the Data Encryption Standard (DES) was the predominant symmetric-key algorithm for the encryption of electronic data, but in 1976 the NSA pushed the US standards body NBS (National Bureau of Standards – now called NIST) to change the algorithm.
Although the changes did fix a known vulnerability, it also reduced the key size from 128-bits to 56-bits, making it much more vulnerable to brute force attacks by the NSA, and introduced mysterious ‘S-boxes’, which caused cryptography legends Martin Hellman and Whitfield Diffie to criticise the changes.
Despite this criticism it received NBS approval, although in 1999 distributed.net and the Electronic Frontier Foundation collaborated to publicly break a DES key in 22 hours and 15 minutes, proving that the standard is fundamentally insecure.
1993 – 1996, The Clipper chip
Under the Clinton administration the NSA made its most brazen and public attempt to circumvent growing public use of encryption and introduce blanket surveillance with the attempted introduction of the Clipper chip. The idea was to enforce the use of the chipset on all devices that used encryption (including computers, modems, telephones and televisions) so that the US government readily decrypt all communications.
Public resistance to the plan, led by organizations such as the Electronic Privacy Information Center and the Electronic Frontier Foundation was fierce, but it was only when the government conceded that enforcing such a chip on US products would be disastrous to US business interests the idea was finally abandoned.
However, it government’s failure to implement the compulsary Clipper chip which led directly the NSA starting its program of secretly and systematically undermining public encryption standards.
1996, Lotus Notes
Lotus Notes (now IBM Notes) is a collaborative application suite that combines e-mail, calendaring and scheduling, address book, database, web server and programming functions under a single front-end. In 1997 Lotus worked with the NSA to build a backdoor into the international version of Lotus.
‘When sending e-mail messages, Lotus uses a 64 bit key. But in export editions, 24 bits of the key are broadcast with the message, reducing the effective key length to 40 bits. The 24 bits are encrypted using a public key created by the NSA. This is called the Workfactor Reduction Field. Only NSA can decrypt the information in the Workfactor Reduction Field. Once the key length is reduced to 40 bits, fast modern computers can break the code in seconds or minutes.’
Later that year Notes had to be weakened even further to prevent users simply removing the NSA backdoor from being sent along with their messages.
The export version of Lotus was widely sold to non-US businesses, ordinary international users, and many European governments, including the German Ministry of Defence, the French Ministry of Education and Research and the Ministry of Education in Latvia.
200? – now, Present, Actel ProASIC3 FPGA
The Actel FPGA chip is ‘is prevalent in many systems from weapons, nuclear power plants to public transport.’ In 2012 researchers from Cambridge University discovered that a backdoor exists in the JTAG interface of the ProASIC3 family of low-powered FPGAs, and further investigation revealed that all other Actel chips have the same backdoor.
China, were the actual chips were made, was initially blamed for the backdoor which has critical implications for US military hardware, but Skorobogatov, the researcher who discovered the backdoor stated that it was Actel, not a Chinese manufacturer, who had inserted it.
Although there is no proof that the NSA was involved, it seems probable, as it is very unlikely that a prominent US company would install such a backdoor into critical military hardware without governmental approval and collusion. Additionally, as Heilman observes, ‘if Actel had created this backdoor without US approval I would expect more of a response from the US government. The US response has been, to my knowledge, complete silence on the issue.’
2004- 2013, Dual Elliptic Curve Deterministic Random Bit Generator
Dual_EC_DRBG (Dual Elliptic Curve Deterministic Random Bit Generator) is an encryption standard engineered by NIST, who have never kept their close relationship with the NSA a secret. Since 2006, when the Eindhoven University of Technology in the Netherlands noted that an attack against it was easy enough to launch on ‘an ordinary PC, ’it has been known to be insecure, and in 1997 Microsoft engineers flagged up a suspected backdoor in the algorithm.
Despite these concerns, where NIST leads, industry will follow, and Microsoft, Cisco, Symantec and RSA all include the algorithm in their product’s cryptographic libraries, in large part due the fact that compliance with NIST standards is a prerequisite to obtaining US government contracts. Last week it was revealed that RSA included Dual_EC_DRBG into the library of its flagship BSAFE products after being paid $10 million by the NSA.
2013, SIGINT enabling
In September 2013 one of the secret documents made available by whistle-blower Edward Snowden exposed the scale of the NSA’s attack on encryption standards. One aspect of this comprehensive assault was to ‘enable’ commercial encryption systems,
‘The SIGINT Enabling Project actively engages the US and foreign IT communities to covertly influence their commercial products design. These designs make the systems in question exploitable through SIGINT collection (e.g. Endpoint, Midpoint etc.) with foreknowledge of the modification. To the consumer and other adversaries, however, the system’s security design remains intact.’
The NSA would also ‘insert vulnerabilities into commercial encryption systems, IT systems, networks, and endpoint communications used by targets,’ and ‘influence policies, standards and specifications for commercial public key technologies.’
The same budget request document also mentions that the NSA would ‘exploit foreign trusted computing platforms and technologies,’ and the German government has already expressed concern that, when combined with version 2.0 of the Trusted Platform Module (TPM) that is being developed by the Trusted Computing Group (TCG), Windows 8 could provide an ‘unlockable’ backdoor.