News / USA

Study: NSA Infiltrated RSA Security More Deeply Than Thought

A sign marks the entrance to RAS's facility in Bedford, Massachusetts, March 28, 2014.
A sign marks the entrance to RAS's facility in Bedford, Massachusetts, March 28, 2014.
Reuters
Security industry pioneer RSA adopted not just one but two encryption tools developed by the U.S. National Security Agency, greatly increasing the spy agency's ability to eavesdrop on some Internet communications, according to a team of academic researchers.
 
Reuters reported in December that the NSA had paid RSA $10 million to make a now-discredited cryptography system the default in software used by a wide range of Internet and computer security programs. The system, called Dual Elliptic Curve, was a random number generator, but it had a deliberate flaw - or “back door” - that allowed the NSA to crack the encryption.
 
A group of professors from Johns Hopkins, the University of Wisconsin, the University of Illinois and elsewhere now say they have discovered that a second NSA tool exacerbated the RSA software's vulnerability.
 
The professors found that the tool, known as the “Extended Random” extension for secure websites, could help crack a version of RSA's Dual Elliptic Curve software tens of thousands of times faster, according to an advance copy of their research shared with Reuters.
 
While Extended Random was not widely adopted, the new research sheds light on how the NSA extended the reach of its surveillance under cover of advising companies on protection.
 
RSA, now owned by EMC Corp, did not dispute the research when contacted by Reuters for comment. The company said it had not intentionally weakened security on any product and noted that Extended Random did not prove popular and had been removed from RSA's protection software in the last six months.
 
“We could have been more skeptical of NSA's intentions,” RSA Chief Technologist Sam Curry told Reuters. “We trusted them because they are charged with security for the U.S. government and U.S. critical infrastructure.”
 
Curry declined to say if the government had paid RSA to incorporate Extended Random in its BSafe security kit, which also housed Dual Elliptic Curve.
 
An NSA spokeswoman declined to comment on the study or the intelligence agency's motives in developing Extended Random.
 
The agency has worked for decades with private companies to improve cybersecurity, largely through its Information Assurance Directorate. After the 9/11 attacks, the NSA increased surveillance, including inside the United States, where it had previously faced strict restrictions.
 
Documents leaked by former NSA contractor Edward Snowden showed that the agency also aimed to subvert cryptography standards. A presidential advisory group in December said that practice should stop, though experts looking at the case of Dual Elliptic Curve have taken some comfort in concluding that only the NSA could likely break it.
 
“It's certainly well-designed,” said security expert Bruce Schneier, a frequent critic of the NSA. “The random number generator is one of the better ones.”

Random numbers
 
Cryptography experts have long been suspicious of Dual Elliptic Curve, but the National Institute of Standards and Technology and RSA only renounced the technology after Snowden leaked documents about the back door last year.
 
That was also when the academic team set out to see if they could break Dual Elliptic Curve by replacing two government-issued points on the curve with their own. The professors plan to publish a summary of their study this week and present their findings at a conference this summer.
 
Random numbers are used to generate cryptographic keys - if you can guess the numbers, you can break the security of the keys. While no random number generator is perfect, some generators were viewed as more predictable than others.
 
In a Pentagon-funded paper in 2008, the Extended Random protocol was touted as a way to boost the randomness of the numbers generated by the Dual Elliptic Curve.
 
But members of the academic team said they saw little improvement, while the extra data transmitted by Extended Random before a secure connection begins made predicting the following secure numbers dramatically easier.
 
“Adding it doesn't seem to provide any security benefits that we can figure out,” said one of the authors of the study, Thomas Ristenpart of the University of Wisconsin.
 
Johns Hopkins Professor Matthew Green said it was hard to take the official explanation for Extended Random at face value, especially since it appeared soon after Dual Elliptic Curve's acceptance as a U.S. standard.
 
“If using Dual Elliptic Curve is like playing with matches, then adding Extended Random is like dousing yourself with gasoline,” Green said.
 
The NSA played a significant role in the origins of Extended Random. The authors of the 2008 paper on the protocol were Margaret Salter, technical director of the NSA's defensive Information Assurance Directorate, and an outside expert named Eric Rescorla.
 
Rescorla, who has advocated greater encryption of all Web traffic, works for Mozilla, maker of the Firefox web browser. He and Mozilla declined to comment. Salter did not respond to requests for comment.
 
Though few companies appear to have embraced Extended Random, RSA did. The company built in support for the protocol in BSafe toolkit versions for the Java programming language about five years ago, when a preeminent Internet standards group - the Internet Engineering Task Force - was considering whether to adopt Extended Random as an industry standard. The IETF decided in the end not to adopt the protocol.
 
RSA's Curry said that if Dual Elliptic Curve had been sound, Extended Random would have made it better. “When we realized it was not likely to become a standard, we did not enable it in any other BSafe libraries,” he added.
 
The academic researchers said it took about an hour to crack a free version of BSafe for Java using about $40,000 worth of computer equipment. It would have been 65,000 times faster in versions using Extended Random, dropping the time needed to seconds, according to Stephen Checkoway of Johns Hopkins.
 
The researchers said it took them less than 3 seconds to crack a free version of BSafe for the C programming language, even without Extended Random, because it already transmitted so many random bits before the secure connection began. And it was so inexpensive it could easily be scaled up for mass surveillance, the researchers said.

You May Like

Ebola Death Toll Nears 5,000 as Virus Advances

West Africa bears heaviest burden; Mali toddler’s death raises new fears More

Jordan’s Role in Fighting IS Carries Domestic Risks

There are Western concerns Islamic State militants soon may unleash offensive in kingdom that could create upheaval - though nation has solid intel, grip on banking system More

Asian-Americans Enter Public Office in Record Numbers

A steady deepening engagement in local politics pays off for politicians like Chinese-American Judy Chu More

This forum has been closed.
Comments
     
There are no comments in this forum. Be first and add one

Featured Videos

Your JavaScript is turned off or you have an old version of Adobe's Flash Player. Get the latest Flash player.
After Decades of Pressure, Luxembourg Drops Bank Secrecy Rulesi
X
October 21, 2014 12:20 AM
European Union finance ministers have reached a breakthrough agreement that will make it more difficult for tax cheats to hide their money. The new legislation, which had been blocked for years by countries with a reputation as tax havens, was approved last week after Luxembourg and Austria agreed to lift their vetoes. But as Mil Arcega reports, it doesn’t mean tax cheats have run out of places to keep their money hidden.
Video

Video After Decades of Pressure, Luxembourg Drops Bank Secrecy Rules

European Union finance ministers have reached a breakthrough agreement that will make it more difficult for tax cheats to hide their money. The new legislation, which had been blocked for years by countries with a reputation as tax havens, was approved last week after Luxembourg and Austria agreed to lift their vetoes. But as Mil Arcega reports, it doesn’t mean tax cheats have run out of places to keep their money hidden.
Video

Video Kobani Refugees Welcome, Turkey Criticizes, US Airdrop

Residents of Kobani in northern Syria have welcomed the airdrop of weapons, ammunition and medicine to Kurdish militia who are resisting the seizure of their city by Islamic State militants. The Turkish government, however, has criticized the operation. VOA’s Scott Bobb reports from southeastern Turkey, across the border from Kobani.
Video

Video China Political Meeting Seeks to Improve Rule of Law

China’s communist leaders will host a top level political meeting this week, called the Fourth Plenum, and for the first time in the party’s history, rule of law will be a key item on the agenda. Analysts and Chinese media reports say the meetings could see the approval of long-awaited measures aimed at giving courts more independence and include steps to enhance an already aggressive and high-reaching anti-corruption drive. VOA’s Bill Ide has more from Beijing.
Video

Video US ‘Death Cafes’ Put Focus on the Finale

In contemporary America, death usually is a topic to be avoided. But the growing “death café” movement encourages people to discuss their fears and desires about their final moments. VOA’s Jerome Socolovsky reports.
Video

Video Ebola Orphanage Opens in Sierra Leone

Sierra Leone's first Ebola orphanage has opened in the Kailahun district. Hundreds of children orphaned since the beginning of the Ebola outbreak face stigma and rejection with nobody to care for them. Adam Bailes reports for VOA about a new interim care center that's aimed at helping the growing number of children affected by Ebola.
Video

Video Young Nairobi Tech Innovator on 'Track' in Security Business

A 24-year-old technology innovator in Nairobi has invented a tracking device that monitors and secures cars. He has also come up with what he claims is the most robust audio-visual surveillance system yet. As Lenny Ruvaga reports from the Kenyan capital, his innovations are offering alternative security solutions.
Video

Video Latinas Converting to Islam for Identity, Structure

Latinos are one of the fastest growing groups in the Muslim religion. According to the Pew Research Center, about 6 percent of American Muslims are Latino. And a little more than half of new converts are female. VOA’s Carolyn Presutti travelled to Miami, Florida -- where two out of every three residents is Hispanic -- to learn more.
Video

Video Exclusive: American Joins Kurds' Anti-IS Fight

The United States and other Western nations have expressed alarm about their citizens joining Islamic State forces in Syria and Iraq. In a rare counterpoint to the phenomenon, an American has taken up arms with the militants' Syrian Kurdish opponents. Elizabeth Arrott has more in this exclusive profile by VOA Kurdish reporter Zana Omer in Ras al Ayn, Syria.
Video

Video South Korea Confronts Violence Within Military Ranks

Every able-bodied South Korean male between 18 and 35 must serve for 21 to 36 months in the country’s armed forces, depending upon the specific branch. For many, service is a rite of passage to manhood. But there are growing concerns that bullying and violence come along with the tradition. Reporter Jason Strother has more from Seoul.
Video

Video North Carolina Emerges as Key Election Battleground

U.S. congressional midterm elections will be held on November 4th and most political analysts give Republicans an excellent chance to win a majority in the U.S. Senate, which Democrats now control. So what are the issues driving voters in this congressional election year? VOA National Correspondent Jim Malone traveled to North Carolina, one of the most politically competitive states in the country, to find out.
Video

Video Comanche People Maintain Pride in Their Heritage

The Comanche (Indian nation) once were called the “Lords of the Plains,” with an empire that included half the land area of current day Texas, large parts of Oklahoma, New Mexico, Kansas and Colorado.The fierceness and battle prowess of these warriors on horseback delayed the settlement of most of West Texas for four decades. VOA’s Greg Flakus reports from Lawton, Oklahoma, that while their warrior days are over, the 15,000 members of the Comanche Nation remain a proud people.
Video

Video Turkey Campus Attacks Raise Islamic Radicalization Fears

Concerns are growing in Turkey of Islamic radicalization at some universities, after clashes between supporters of the jihadist group Islamic State (IS) or ISIS, and those opposed to the extremists. Pro-jihadist literature is on sale openly on the streets of Istanbul. Critics accuse the government of turning a blind eye to radicalism at home, while Kurds accuse the president of supporting IS - a charge strongly denied. Henry Ridgwell reports from London.

All About America

AppleAndroid