News / USA

Study: NSA Infiltrated RSA Security More Deeply Than Thought

A sign marks the entrance to RAS's facility in Bedford, Massachusetts, March 28, 2014.
A sign marks the entrance to RAS's facility in Bedford, Massachusetts, March 28, 2014.
Security industry pioneer RSA adopted not just one but two encryption tools developed by the U.S. National Security Agency, greatly increasing the spy agency's ability to eavesdrop on some Internet communications, according to a team of academic researchers.
Reuters reported in December that the NSA had paid RSA $10 million to make a now-discredited cryptography system the default in software used by a wide range of Internet and computer security programs. The system, called Dual Elliptic Curve, was a random number generator, but it had a deliberate flaw - or “back door” - that allowed the NSA to crack the encryption.
A group of professors from Johns Hopkins, the University of Wisconsin, the University of Illinois and elsewhere now say they have discovered that a second NSA tool exacerbated the RSA software's vulnerability.
The professors found that the tool, known as the “Extended Random” extension for secure websites, could help crack a version of RSA's Dual Elliptic Curve software tens of thousands of times faster, according to an advance copy of their research shared with Reuters.
While Extended Random was not widely adopted, the new research sheds light on how the NSA extended the reach of its surveillance under cover of advising companies on protection.
RSA, now owned by EMC Corp, did not dispute the research when contacted by Reuters for comment. The company said it had not intentionally weakened security on any product and noted that Extended Random did not prove popular and had been removed from RSA's protection software in the last six months.
“We could have been more skeptical of NSA's intentions,” RSA Chief Technologist Sam Curry told Reuters. “We trusted them because they are charged with security for the U.S. government and U.S. critical infrastructure.”
Curry declined to say if the government had paid RSA to incorporate Extended Random in its BSafe security kit, which also housed Dual Elliptic Curve.
An NSA spokeswoman declined to comment on the study or the intelligence agency's motives in developing Extended Random.
The agency has worked for decades with private companies to improve cybersecurity, largely through its Information Assurance Directorate. After the 9/11 attacks, the NSA increased surveillance, including inside the United States, where it had previously faced strict restrictions.
Documents leaked by former NSA contractor Edward Snowden showed that the agency also aimed to subvert cryptography standards. A presidential advisory group in December said that practice should stop, though experts looking at the case of Dual Elliptic Curve have taken some comfort in concluding that only the NSA could likely break it.
“It's certainly well-designed,” said security expert Bruce Schneier, a frequent critic of the NSA. “The random number generator is one of the better ones.”

Random numbers
Cryptography experts have long been suspicious of Dual Elliptic Curve, but the National Institute of Standards and Technology and RSA only renounced the technology after Snowden leaked documents about the back door last year.
That was also when the academic team set out to see if they could break Dual Elliptic Curve by replacing two government-issued points on the curve with their own. The professors plan to publish a summary of their study this week and present their findings at a conference this summer.
Random numbers are used to generate cryptographic keys - if you can guess the numbers, you can break the security of the keys. While no random number generator is perfect, some generators were viewed as more predictable than others.
In a Pentagon-funded paper in 2008, the Extended Random protocol was touted as a way to boost the randomness of the numbers generated by the Dual Elliptic Curve.
But members of the academic team said they saw little improvement, while the extra data transmitted by Extended Random before a secure connection begins made predicting the following secure numbers dramatically easier.
“Adding it doesn't seem to provide any security benefits that we can figure out,” said one of the authors of the study, Thomas Ristenpart of the University of Wisconsin.
Johns Hopkins Professor Matthew Green said it was hard to take the official explanation for Extended Random at face value, especially since it appeared soon after Dual Elliptic Curve's acceptance as a U.S. standard.
“If using Dual Elliptic Curve is like playing with matches, then adding Extended Random is like dousing yourself with gasoline,” Green said.
The NSA played a significant role in the origins of Extended Random. The authors of the 2008 paper on the protocol were Margaret Salter, technical director of the NSA's defensive Information Assurance Directorate, and an outside expert named Eric Rescorla.
Rescorla, who has advocated greater encryption of all Web traffic, works for Mozilla, maker of the Firefox web browser. He and Mozilla declined to comment. Salter did not respond to requests for comment.
Though few companies appear to have embraced Extended Random, RSA did. The company built in support for the protocol in BSafe toolkit versions for the Java programming language about five years ago, when a preeminent Internet standards group - the Internet Engineering Task Force - was considering whether to adopt Extended Random as an industry standard. The IETF decided in the end not to adopt the protocol.
RSA's Curry said that if Dual Elliptic Curve had been sound, Extended Random would have made it better. “When we realized it was not likely to become a standard, we did not enable it in any other BSafe libraries,” he added.
The academic researchers said it took about an hour to crack a free version of BSafe for Java using about $40,000 worth of computer equipment. It would have been 65,000 times faster in versions using Extended Random, dropping the time needed to seconds, according to Stephen Checkoway of Johns Hopkins.
The researchers said it took them less than 3 seconds to crack a free version of BSafe for the C programming language, even without Extended Random, because it already transmitted so many random bits before the secure connection began. And it was so inexpensive it could easily be scaled up for mass surveillance, the researchers said.

You May Like

Syrian Rebels Poised for Anti-Russia Collaboration

Forty-one insurgent groups issue joint statement vowing retaliation for Russian air offensives More

Political Maneuver Revives Export-Import Bank's Chances

Parliamentary tactic gets bill out of committee, but it faces opposition in the Senate More

Beijing Warns US on S. China Sea Patrols

Warning follows news reports Thursday that US military is planning to sail warships close to artificial islands Beijing has been aggressively building More

This forum has been closed.
There are no comments in this forum. Be first and add one

Featured Videos

Your JavaScript is turned off or you have an old version of Adobe's Flash Player. Get the latest Flash player.
House Republicans in Chaos as Speaker Favorite Withdrawsi
Jim Malone
October 09, 2015 12:32 AM
The Republican widely expected to become the next speaker of the House of Representatives shocked his colleagues Thursday by announcing he was withdrawing his candidacy. The decision by Majority Leader Kevin McCarthy means the race to succeed retiring Speaker John Boehner is now wide open. VOA National Correspondent Jim Malone reports.

Video House Republicans in Chaos as Speaker Favorite Withdraws

The Republican widely expected to become the next speaker of the House of Representatives shocked his colleagues Thursday by announcing he was withdrawing his candidacy. The decision by Majority Leader Kevin McCarthy means the race to succeed retiring Speaker John Boehner is now wide open. VOA National Correspondent Jim Malone reports.

Video German, US Officials Investigate Volkswagen

German officials have taken steps to restore some of the reputation their car industry has lost after a recent Volkswagen diesel emissions scandal. Authorities have searched Volkswagen headquarters and other locations in an effort to identify the culprits in the creation of software that helps cheat on emission tests. Meanwhile, a group of lawmakers in Washington held a hearing to get to the bottom of the cheating strategy that was first discovered in the United States. Zlatica Hoke reports.

Video Why Are Gun Laws So Hard for Congress to Tackle?

Since taking office, President Barack Obama has spoken out or issued statements about 15 mass shootings. The most recent shooting, in which 10 people were killed at a community college, sparked outrage over the nation's gun laws. But changing those laws isn't as easy as many think. VOA's Carolyn Presutti reports.

Video Hungary Criticized for Handling of Refugees

Amnesty International has accused Hungary of breaking multiple international and European human rights laws in its handling of the refugee crisis. As Henry Ridgwell reports, thousands of migrants and refugees continue to travel through the Balkans to Hungary every day.

Video Iraqi-Kurdish Teachers Vow to Continue Protest

Sixteen people were injured when police used tear gas and rubber bullets to disperse teachers and other public employees who took to the streets in Iraq’s Kurdish north, demanding their salaries from the Kurdish Regional Government (KRG). VOA’s Dilshad Anwar, in Sulaimaniya, caught up with protesting teachers who say they have not been paid for three months. Parke Brewer narrates his report.

Video Syrian Village Community Faces Double Displacement in Lebanon

Driven by war from their village in southwestern Syria, a group of families found shelter in Lebanon, resettling en masse in a half-built university to form one of the biggest settlements of its kind in Lebanon. Three years later, however, they now face being kicked out and dispersed in a country where finding shelter as a refugee can be especially tough. John Owens has more for VOA from the city of Saida, also known as Sidon.

Video Bat Colony: Unusual Tourist Attraction in Texas

The action hero Batman might be everyone’s favorite but real bats hardly get that kind of adoration. Put more than a million of these creatures of the night together and it only evokes images of horror. Sarah Zaman visited the largest urban bat colony in North America to see just how well bat and human get along with each other.

Video Device Shows Promise of Stopping Motion Sickness

It’s a sickening feeling — the dizziness, nausea and vomiting that comes with motion sickness. But a device now being developed could stop motion sickness by suppressing certain signals in the brain. VOA’s Deborah Block reports.

Video Making a Mint

While apples, corn, and cranberries top the list of fall produce in the US, it’s also the time to harvest gum, candy, and toothpaste—or at least the oil that makes them minty fresh. Erika Celeste reports from South Bend, Indiana on the mint harvest.

Video Activists Decry Lagos Slum Demolition

Acting on a court order, authorities in Nigeria demolished a slum last month in the commercial capital, Lagos. But human rights activists say the order was illegal, and the community was razed to make way for a government housing project. Chris Stein has more from Lagos.

Video TPP Agreed, But Faces Stiff Opposition

President Barack Obama promoted the Trans-Pacific Partnership on Tuesday, one day after 12 Pacific Rim nations reached the free trade deal in Atlanta. The controversial pact that would involve about 40 percent of global trade still needs approval by lawmakers in respective countries. Zlatica Hoke reports Obama is facing strong opposition to the deal, including from members of his own party.

Video Ukranian Artist Portrays Putin in an Unusual Way

As Russian President Vladimir Putin was addressing the United Nations in New York last month, he was also being featured in an art exhibition in Washington. It’s not a flattering exhibit. It’s done by a Ukrainian artist in a unique medium. And its creator says it’s not only a work of art - it’s a political statement. VOA’s Tetiana Kharchenko has more.

VOA Blogs