News / USA

Study: NSA Infiltrated RSA Security More Deeply Than Thought

A sign marks the entrance to RAS's facility in Bedford, Massachusetts, March 28, 2014.
A sign marks the entrance to RAS's facility in Bedford, Massachusetts, March 28, 2014.
Reuters
Security industry pioneer RSA adopted not just one but two encryption tools developed by the U.S. National Security Agency, greatly increasing the spy agency's ability to eavesdrop on some Internet communications, according to a team of academic researchers.
 
Reuters reported in December that the NSA had paid RSA $10 million to make a now-discredited cryptography system the default in software used by a wide range of Internet and computer security programs. The system, called Dual Elliptic Curve, was a random number generator, but it had a deliberate flaw - or “back door” - that allowed the NSA to crack the encryption.
 
A group of professors from Johns Hopkins, the University of Wisconsin, the University of Illinois and elsewhere now say they have discovered that a second NSA tool exacerbated the RSA software's vulnerability.
 
The professors found that the tool, known as the “Extended Random” extension for secure websites, could help crack a version of RSA's Dual Elliptic Curve software tens of thousands of times faster, according to an advance copy of their research shared with Reuters.
 
While Extended Random was not widely adopted, the new research sheds light on how the NSA extended the reach of its surveillance under cover of advising companies on protection.
 
RSA, now owned by EMC Corp, did not dispute the research when contacted by Reuters for comment. The company said it had not intentionally weakened security on any product and noted that Extended Random did not prove popular and had been removed from RSA's protection software in the last six months.
 
“We could have been more skeptical of NSA's intentions,” RSA Chief Technologist Sam Curry told Reuters. “We trusted them because they are charged with security for the U.S. government and U.S. critical infrastructure.”
 
Curry declined to say if the government had paid RSA to incorporate Extended Random in its BSafe security kit, which also housed Dual Elliptic Curve.
 
An NSA spokeswoman declined to comment on the study or the intelligence agency's motives in developing Extended Random.
 
The agency has worked for decades with private companies to improve cybersecurity, largely through its Information Assurance Directorate. After the 9/11 attacks, the NSA increased surveillance, including inside the United States, where it had previously faced strict restrictions.
 
Documents leaked by former NSA contractor Edward Snowden showed that the agency also aimed to subvert cryptography standards. A presidential advisory group in December said that practice should stop, though experts looking at the case of Dual Elliptic Curve have taken some comfort in concluding that only the NSA could likely break it.
 
“It's certainly well-designed,” said security expert Bruce Schneier, a frequent critic of the NSA. “The random number generator is one of the better ones.”

Random numbers
 
Cryptography experts have long been suspicious of Dual Elliptic Curve, but the National Institute of Standards and Technology and RSA only renounced the technology after Snowden leaked documents about the back door last year.
 
That was also when the academic team set out to see if they could break Dual Elliptic Curve by replacing two government-issued points on the curve with their own. The professors plan to publish a summary of their study this week and present their findings at a conference this summer.
 
Random numbers are used to generate cryptographic keys - if you can guess the numbers, you can break the security of the keys. While no random number generator is perfect, some generators were viewed as more predictable than others.
 
In a Pentagon-funded paper in 2008, the Extended Random protocol was touted as a way to boost the randomness of the numbers generated by the Dual Elliptic Curve.
 
But members of the academic team said they saw little improvement, while the extra data transmitted by Extended Random before a secure connection begins made predicting the following secure numbers dramatically easier.
 
“Adding it doesn't seem to provide any security benefits that we can figure out,” said one of the authors of the study, Thomas Ristenpart of the University of Wisconsin.
 
Johns Hopkins Professor Matthew Green said it was hard to take the official explanation for Extended Random at face value, especially since it appeared soon after Dual Elliptic Curve's acceptance as a U.S. standard.
 
“If using Dual Elliptic Curve is like playing with matches, then adding Extended Random is like dousing yourself with gasoline,” Green said.
 
The NSA played a significant role in the origins of Extended Random. The authors of the 2008 paper on the protocol were Margaret Salter, technical director of the NSA's defensive Information Assurance Directorate, and an outside expert named Eric Rescorla.
 
Rescorla, who has advocated greater encryption of all Web traffic, works for Mozilla, maker of the Firefox web browser. He and Mozilla declined to comment. Salter did not respond to requests for comment.
 
Though few companies appear to have embraced Extended Random, RSA did. The company built in support for the protocol in BSafe toolkit versions for the Java programming language about five years ago, when a preeminent Internet standards group - the Internet Engineering Task Force - was considering whether to adopt Extended Random as an industry standard. The IETF decided in the end not to adopt the protocol.
 
RSA's Curry said that if Dual Elliptic Curve had been sound, Extended Random would have made it better. “When we realized it was not likely to become a standard, we did not enable it in any other BSafe libraries,” he added.
 
The academic researchers said it took about an hour to crack a free version of BSafe for Java using about $40,000 worth of computer equipment. It would have been 65,000 times faster in versions using Extended Random, dropping the time needed to seconds, according to Stephen Checkoway of Johns Hopkins.
 
The researchers said it took them less than 3 seconds to crack a free version of BSafe for the C programming language, even without Extended Random, because it already transmitted so many random bits before the secure connection began. And it was so inexpensive it could easily be scaled up for mass surveillance, the researchers said.

You May Like

Obama: Alaskans Feel Signs of Climate Change

They're seeing bigger storm surges as sea ice melts, more wildfires, erosion of glaciers, shorelines More

Katrina Brought Enduring Changes to New Orleans

The city’s recovery is the result of the people and culture the city is famous for, as well as newcomers and start-up industries More

Magical Photo Slides Show Native Americans in Late 1800s

Walter McClintock spent 20 years photographing the Blackfoot Indians and their vanishing culture at the dawn of the modern age More

This forum has been closed.
Comments
     
There are no comments in this forum. Be first and add one

Featured Videos

Your JavaScript is turned off or you have an old version of Adobe's Flash Player. Get the latest Flash player.
Colombians Flee Venezuela as Border Crisis Escalatesi
X
August 27, 2015 2:08 AM
Hundreds of Colombians have fled Venezuela since last week, amid an escalating border crisis between the two countries. Last week, Venezuelan President Nicolas Maduro ordered the closure of a key border crossing after smugglers injured three Venezuelan soldiers and a civilian. The president also ordered the deportation of Colombians who are in Venezuela illegally. Zlatica Hoke reports.
Video

Video Colombians Flee Venezuela as Border Crisis Escalates

Hundreds of Colombians have fled Venezuela since last week, amid an escalating border crisis between the two countries. Last week, Venezuelan President Nicolas Maduro ordered the closure of a key border crossing after smugglers injured three Venezuelan soldiers and a civilian. The president also ordered the deportation of Colombians who are in Venezuela illegally. Zlatica Hoke reports.
Video

Video Is China's Economic Data Accurate?

Some investors say China's wild stock market gyrations have been made worse by worries about the reliability of that nation's economic data. And some critics say the reports can mislead investors by painting an unrealistically-strong picture of the economy. A key China scholar says Beijing is not fudging ((manipulating)) the numbers, but that the economy is evolving quickly from smoke-stack industries to services, and the ways of tracking new economic activity are falling behind the change. V
Video

Video Next to Iran, Climate at Forefront of Obama Agenda

President Barack Obama this week announced new initiatives aimed at making it easier for Americans to access renewable energy sources such as solar and wind. Obama is not slowing down when it comes to pushing through climate change measures, an issue he says is the greatest threat to the country’s national security. VOA correspondent Aru Pande has more from the White House.
Video

Video Shipping Containers Provide Experimental Housing

Housing prices around the San Francisco Bay area are out of reach for many people, so some young entrepreneurs, artists and tech industry workers are creating their own houses using converted shipping containers. But as VOA's Mike O’Sullivan reports from Oakland, the effort requires ingenuity and dealing with restrictive local laws.
Video

Video Arctic Draws International Competition for Oil

A new geopolitical “Great Game” is underway in earth’s northernmost region, the Arctic, where Russia has claimed a large area for resource development and President Barack Obama recently approved Shell Oil Company’s test-drilling project in an area under U.S. control. Greg Flakus reports.
Video

Video Philippine Maritime Police: Chinese Fishermen a Threat to Country’s Security

China and the Philippines both claim maritime rights in the South China Sea.  That includes the right to fish in those waters. Jason Strother reports on how the Philippines is catching Chinese nationals it says are illegal poachers. He has the story from Palawan province.
Video

Video Technique May Eliminate Drill-and-Fill Dental Care

Many people dread visiting dentists because they're afraid of drills. Now, however, a technology developed by a British firm promises to eliminate the need for mechanical cleaning of dental cavities by speeding a natural process of tooth repair. VOA’s George Putic reports.
Video

Video China's Spratly Island Building Said to Light Up the Night 'Like A City'

Southeast Asian countries claim China has illegally seized territory in the Spratly islands. It is especially a concern for a Philippine mayor who says Beijing is occupying parts of his municipality. Jason Strother reports from the capital of Palawan province, Puerto Princesa.
Video

Video Ages-old Ice Reveals Secrets of Climate Change

Ice caps don't just exist at the world's poles. There are also tropical ice caps, and the largest sits atop the Peruvian Andes - but it is melting, quickly, and may be gone within the next 20 years. George Putic reports scientists are now rushing to take samples to get at the valuable information about climate change locked in the ice.
Video

Video French Experiment in Integrating Roma Under Threat

Plans to destroy France’s oldest slum have sparked an outcry on the part of its Roma residents. As Lisa Bryant reports from the Paris suburb of La Courneuve, rights groups argue the community is a fledgling experiment on integrating Roma who are often outcasts in many parts of Europe.
Video

Video Kenyans Turn to Agriculture for Business

Each year Kenyan universities continue to churn out graduates for the job market despite the already existing high rate of unemployment among youth in the country. Some of these young men and women have realized that agriculture can be as rewarding as any other business or job, and they are resorting to agribusiness in large numbers as a way of tackling unemployment. Rael Ombuor reports for VOA.
Video

Video First Women Graduate Elite Army Ranger School

Two women are making history for the U.S. Army by proving they are among the toughest of the tough. VOA's Carla Babb reports from Fort Benning, Georgia as 94 men and those two women rise as graduates of the difficult Ranger school.

VOA Blogs