Who do you trust? That's a question asked increasingly by a security industry with a growing sense that the National Security Agency (NSA) has sought to weaken encryption or get backdoors into computers, based on documents leaked by Edward Snowden to the media. Now, trust is also the theme of a new conference called TrustyCon that will vie for attention on Feb. 27 in San Francisco while the big RSA Conference for security pros is also taking place in that city.
TrustyCon, organized by iSec Partners, the Electronic Frontier Foundation (EFF) and Defcon, pretty much sold out in a few days after it was announced last week. Microsoft and Cloudflare are sponsoring the event, with others expected to join them, and proceeds go to the EFF. The rise of TrustyCon has been fueled by industry backlash against the NSA, which the security industry widely believes weakened the crypto algorithm called Dual Elliptic Curve Deterministic Random Bit Generator (Dual EC DRBG) to be a backdoor for the agency.
A document on the National Institute of Standards and Technology (NIST) website suggests computer scientists there, who opened up a review of the NSA-influenced Dual EC DRBG last year, suspect it is a backdoor too, and will recommend removing Dual EC DRBG as a NIST standard.
+ Also on NetworkWorld: President Obama praises NSA, offers little in mass surveillance reform | Reuters story: “Secret contract tied NSA and security industry pioneer” by Joseph Menn | Security researcher cancels RSA Conference speech in protest +
TrustyCon is also a backlash against security company RSA, which organizes the huge annual RSA Conference. A recent Reuters report said RSA accepted $10 million from the NSA to make Dual EC DRBG as the default in its BSAFE toolkit. RSA in late December awkwardly responded to this investigative news story by saying there was no “'secret contract’ with the NSA to incorporate a known flawed random number generator into its BSAFE encryption libraries. We categorically deny this allegation.” Since the BSAFE topic arose, RSA has emphasized it would not knowingly do anything to hurt its customers.
But RSA didn’t — and still won’t — clearly refute the article’s main point that RSA had a contract with the NSA related to Dual EC DRBG in the BSAFE toolkit. RSA’s response to the world on Dec. 22 says the company has worked with the NSA “both as a vendor and an active member of the security community. We have never kept this relationship secret and in fact have openly publicized it. Our explicit goal has always been to strengthen commercial and government security.” RSA goes on to say it added Dual EC DRBG into BSAFE in 2004. “At that time, the NSA had a trusted role in the community-wide effort to strengthen, not weaken, encryption.”
The bigger problem to companies is: Can you trust NIST?
— Alex Stamos, CTO at Artemis Internet
Sources at RSA say this topic of the NSA and trust will be taken up at its conference next month. RSA Executive Chairman Art Coviello typically uses his time in front of thousands of conference attendees to announce new products or strategies, but this year the pressure is on to explain the assertions whirling around BSAFE, Dual EC DRBG and the NSA.
Some in the security industry are so upset with RSA, or at least its lack of clear explanations about the BSAFE toolkit, NSA and Dual EC DRBG, that they are dropping out as speakers at the RSA Conference in protest. These include Mikko Hypponen of F-Secure, Chris Soghoian of the American Civil Liberties Union, Adam Langley and Chris Palmer of Google, Marcia Hoffman of the EFF, Alex Fowler of Mozilla, and Roel Schouwenberg of Kaspersky Lab.
Thus TrustyCon has sprung to light. Organizer Alex Stamos, CTO at NCC Group’s Artemis Internet, says he has mixed emotions about the idea of boycotts, and the TrustyCon conference certainly isn’t meant to be anti-RSA. But Stamos does say the theme of what can be trusted is going to be discussed, and he predicts TrustyCon, which will include some RSA Conference protesters, will be held for years to come. When asked whether the NSA can be trusted, Stamos says the agency’s dual role makes it hard to know which NSA you’re talking to at any given time.
“In its information assurance role, it sets standards for business and keeps the U.S. safe from adversaries,” says Stamos. But in a more military role, the NSA is engaging in many practices to gain access to information and collect data that aren’t necessarily in the interest of business. Many high-tech companies offering all manner of online services feel rather “betrayed” by the Snowden revelations that the NSA has worked so hard to undermine their security to get to information it wants, he pointed out.
Most security experts today do believe Dual EC DRBG is an NSA backdoor, says Stamos. “The bigger problem to companies is: Can you trust NIST?” They can’t, he points out, if NIST -- which works closely with the NSA -- is also countenancing NSA backdoors in standards.
The Dual EC DRBG algorithm, standardized by NIST in 2006, has made its way into many network products, including via the BSAFE toolkit sold by EMC security division RSA. After outrage last fall over news that Dual EC DRBG is likely an NSA backdoor, NIST re-opened the controversial crypto standard for new comments.
Materials in PowerPoint format posted publicly on NIST’s website under the name of NIST computer scientist John Kelsey suggest that the institute does believe Dual EC DRBG likely could be an NSA backdoor and that NIST plans to remove it as a standard. Neither Kelsey, who was involved in the original approval process for Dual EC DRBG, nor NIST public affairs, were immediately available for comment, perhaps because it’s a snow day in the Washington, D.C. area.
The NIST PTT document, titled “800-90 and Dual EC DRBG, John Kelsey, NIST,” says it simply enough about where an NSA trap door may lie.
In a technical description of Dual EC DRBG’s “parameters, P & Q,” which came “ultimately from designers of Dual EC DRBG at NSA,” the basic question is: “What if you don’t trust the people who generated P and Q?”
The NIST document then states, “P and Q can be generated to insert a backdoor,” noting this issue was raised years ago. The NIST document says news stories suggesting that Dual EC had a trap door inserted by the NSA “put the discussions in an entirely different light.” NIST issued a “bulletin telling everyone to stop using Dual EC DRBG until further notice” back in the fall of last year.
“Our current plan is to remove Dual EC DRBG,” the NIST document states. “Its performance is pretty slow; many vendors have already scrambled to remove or disable it in their products.” The document says there may be a “phase-out period.”
The topic of the NSA and trust keeps grinding along in countless media reports. Today, for instance, at the World Economic Forum Annual Meeting in Davos, Swizerland, Yahoo CEO Marissa Mayer is quoted as saying during a panel discussion that she wants the Obama administration to provide greater transparency on data collected by the NSA. “We need to be able to rebuild trust with our users, not only in the U.S. but internationally,” she said.
However, in his speech about the NSA last week, President Obama did not take up the prickly topic of NSA backdoors or weakening encryption, leaving no indication he will.
Ellen Messmer is senior editor at Network World, an IDG website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail: firstname.lastname@example.org