News / USA

Study: NSA Infiltrated RSA Security More Deeply Than Thought

A sign marks the entrance to RAS's facility in Bedford, Massachusetts, March 28, 2014.
A sign marks the entrance to RAS's facility in Bedford, Massachusetts, March 28, 2014.
Reuters
Security industry pioneer RSA adopted not just one but two encryption tools developed by the U.S. National Security Agency, greatly increasing the spy agency's ability to eavesdrop on some Internet communications, according to a team of academic researchers.
 
Reuters reported in December that the NSA had paid RSA $10 million to make a now-discredited cryptography system the default in software used by a wide range of Internet and computer security programs. The system, called Dual Elliptic Curve, was a random number generator, but it had a deliberate flaw - or “back door” - that allowed the NSA to crack the encryption.
 
A group of professors from Johns Hopkins, the University of Wisconsin, the University of Illinois and elsewhere now say they have discovered that a second NSA tool exacerbated the RSA software's vulnerability.
 
The professors found that the tool, known as the “Extended Random” extension for secure websites, could help crack a version of RSA's Dual Elliptic Curve software tens of thousands of times faster, according to an advance copy of their research shared with Reuters.
 
While Extended Random was not widely adopted, the new research sheds light on how the NSA extended the reach of its surveillance under cover of advising companies on protection.
 
RSA, now owned by EMC Corp, did not dispute the research when contacted by Reuters for comment. The company said it had not intentionally weakened security on any product and noted that Extended Random did not prove popular and had been removed from RSA's protection software in the last six months.
 
“We could have been more skeptical of NSA's intentions,” RSA Chief Technologist Sam Curry told Reuters. “We trusted them because they are charged with security for the U.S. government and U.S. critical infrastructure.”
 
Curry declined to say if the government had paid RSA to incorporate Extended Random in its BSafe security kit, which also housed Dual Elliptic Curve.
 
An NSA spokeswoman declined to comment on the study or the intelligence agency's motives in developing Extended Random.
 
The agency has worked for decades with private companies to improve cybersecurity, largely through its Information Assurance Directorate. After the 9/11 attacks, the NSA increased surveillance, including inside the United States, where it had previously faced strict restrictions.
 
Documents leaked by former NSA contractor Edward Snowden showed that the agency also aimed to subvert cryptography standards. A presidential advisory group in December said that practice should stop, though experts looking at the case of Dual Elliptic Curve have taken some comfort in concluding that only the NSA could likely break it.
 
“It's certainly well-designed,” said security expert Bruce Schneier, a frequent critic of the NSA. “The random number generator is one of the better ones.”

Random numbers
 
Cryptography experts have long been suspicious of Dual Elliptic Curve, but the National Institute of Standards and Technology and RSA only renounced the technology after Snowden leaked documents about the back door last year.
 
That was also when the academic team set out to see if they could break Dual Elliptic Curve by replacing two government-issued points on the curve with their own. The professors plan to publish a summary of their study this week and present their findings at a conference this summer.
 
Random numbers are used to generate cryptographic keys - if you can guess the numbers, you can break the security of the keys. While no random number generator is perfect, some generators were viewed as more predictable than others.
 
In a Pentagon-funded paper in 2008, the Extended Random protocol was touted as a way to boost the randomness of the numbers generated by the Dual Elliptic Curve.
 
But members of the academic team said they saw little improvement, while the extra data transmitted by Extended Random before a secure connection begins made predicting the following secure numbers dramatically easier.
 
“Adding it doesn't seem to provide any security benefits that we can figure out,” said one of the authors of the study, Thomas Ristenpart of the University of Wisconsin.
 
Johns Hopkins Professor Matthew Green said it was hard to take the official explanation for Extended Random at face value, especially since it appeared soon after Dual Elliptic Curve's acceptance as a U.S. standard.
 
“If using Dual Elliptic Curve is like playing with matches, then adding Extended Random is like dousing yourself with gasoline,” Green said.
 
The NSA played a significant role in the origins of Extended Random. The authors of the 2008 paper on the protocol were Margaret Salter, technical director of the NSA's defensive Information Assurance Directorate, and an outside expert named Eric Rescorla.
 
Rescorla, who has advocated greater encryption of all Web traffic, works for Mozilla, maker of the Firefox web browser. He and Mozilla declined to comment. Salter did not respond to requests for comment.
 
Though few companies appear to have embraced Extended Random, RSA did. The company built in support for the protocol in BSafe toolkit versions for the Java programming language about five years ago, when a preeminent Internet standards group - the Internet Engineering Task Force - was considering whether to adopt Extended Random as an industry standard. The IETF decided in the end not to adopt the protocol.
 
RSA's Curry said that if Dual Elliptic Curve had been sound, Extended Random would have made it better. “When we realized it was not likely to become a standard, we did not enable it in any other BSafe libraries,” he added.
 
The academic researchers said it took about an hour to crack a free version of BSafe for Java using about $40,000 worth of computer equipment. It would have been 65,000 times faster in versions using Extended Random, dropping the time needed to seconds, according to Stephen Checkoway of Johns Hopkins.
 
The researchers said it took them less than 3 seconds to crack a free version of BSafe for the C programming language, even without Extended Random, because it already transmitted so many random bits before the secure connection began. And it was so inexpensive it could easily be scaled up for mass surveillance, the researchers said.

You May Like

Video Migrants Caught in No-Man's Land In French Port

The deaths of hundreds of migrants in the Mediterranean this week has only recast the spotlight on the perils of reaching 'Fortress Europe' More

Video Westgate Mall Attack Survivors Confront Painful Memories

On anniversary of terror attack, survivors discuss how they have coped with trauma they experienced that day More

New Hints That Dark Matter Exists

New evidence from International Space Station hints at existence of dark matter and dark energy More

This forum has been closed.
Comments
     
There are no comments in this forum. Be first and add one

Featured Videos

Your JavaScript is turned off or you have an old version of Adobe's Flash Player. Get the latest Flash player.
Migrants Caught in No-Man's Land Called Calaisi
X
Lisa Bryant
September 19, 2014 5:04 PM
The deaths of hundreds of migrants in the Mediterranean this week has only recast the spotlight on the perils of reaching Europe. And for those forunate enough to reach a place like Calais, France, only find that their problems aren't over. Lisa Bryant has the story.
Video

Video Migrants Caught in No-Man's Land Called Calais

The deaths of hundreds of migrants in the Mediterranean this week has only recast the spotlight on the perils of reaching Europe. And for those forunate enough to reach a place like Calais, France, only find that their problems aren't over. Lisa Bryant has the story.
Video

Video Westgate Siege Anniversary Brings Back Painful Memories

One year after it happened, the survivors of the terror attack on Nairobi's Westgate Shopping Mall still cannot shake the images of that tragic incident. For VOA, Mohammed Yusuf tells the story of victims still waiting for the answer to the question 'how could this happen?'
Video

Video Militant Assault in Syria Displaces Thousands of Kurds

A major assault by Islamic State militants on Kurds in Syria has sent a wave of new refugees to the Turkish border, where they were stopped by Turkish border security. Turkey is already hosting about 700,000 Syrian refugees who fled the civil war between the government and the opposition. But the government in Ankara has a history of strained relations with Turkey's Kurdish minority. Zlatica Hoke reports Turkey is asking for international help.
Video

Video CERN Accelerator Back in Business

The long upgrade of the Large Hadron Collider is over. The scientific instrument responsible for the discovery of the Higgs boson -- the so-called "God particle" -- is being brought up to speed in time for this month's 60th anniversary of the European Organization for Nuclear Research, known by its French acronym CERN. Physicists hope the accelerator will help them uncover more secrets about the origins of the universe. VOA’s George Putic reports.
Video

Video Whaling Summit Votes to Uphold Ban on Japan Whale Hunt

The International Whaling Commission, meeting in Slovenia, has voted to uphold a court ruling banning Japan from hunting whales in the Antarctic Ocean. Conservationists hailed the ruling as a victory, but Tokyo says it will submit revised plans for a whale hunt in 2015. Henry Ridgwell reports from London.
Video

Video Russian Economy Reeling After New Western Sanctions

A new wave of Western sanctions is hitting Russia’s economy hard. State-owned energy firms continue to bleed profits and Russia’s national currency plunged to a new low this week after the U.S. and the European Union announced new sanctions to punish Russia's aggressive stance in eastern Ukraine. But as Mil Arcega reports, the sanctions could also prove costly for European and American companies.
Video

Video Belgian Researchers Discover Way to Block Cancer Metastasis

Cancer remains one of the deadliest diseases, despite many new methods to combat it. Modern medicine has treatments to prevent the growth of primary tumor cells. But most cancer deaths are caused by metastasis, the stage when primary tumor cells change and move to other parts of the body. A team of Belgian scientists says it has found a way to prevent that process. Zlatica Hoke has more.
Video

Video Mogadishu's Flood of Foreign Workers Leaves Somalis Out of Work

Unemployment and conflict has forced many young Somalians out of the country in search of a better life. But a newfound stability in the once-lawless nation has created hope — and jobs — which, some say, are too often being filled by foreigners. Abdulaziz Billow reports from Mogadishu.
Video

Video A Dinosaur Fit for Land and Water

Residents and tourists in Washington D.C. can now examine a life-size replica of an unusual dinosaur that lived almost a hundred million years ago in northern Africa. Scientists say studying the behemoth named Spinosaurus helps them better understand how some prehistoric animals adapted to life on land and in water. The Spinosaurus replica is on display at the National Geographic museum. VOA’s George Putic has more.
Video

Video Iraqi Kurdistan Church Helps Christian Children Cope find shelter in churches in the Kurdish capital, Irbil

In the past six weeks, tens of thousands of Iraqi Christians have been forced to flee their homes by Islamic State militants and find shelter in churches in the Kurdish capital, Irbil. Despite U.S. airstrikes in the region, the prospect of people returning home is still very low and concerns are starting to grow over the impact this is having on the displaced youth. Sebastian Meyer reports from Irbil on how one church is coping.
Video

Video NASA Picks Boeing, SpaceX to Carry Astronauts Into Space

The U.S. space agency, NASA, has chosen Boeing and SpaceX companies to build the next generation of spacecraft that will carry U.S. astronauts to the International Space Station by the year 2017. The deal with private industry enables NASA to end its dependence on Russia to send space crews into low Earth orbit and back. Zlatica Hoke has more.
Video

Video Future of Ukrainian Former President's Estate Uncertain

More than six months after Ukraine's former President Viktor Yanukovych fled revolution to Russia, authorities have yet to gain control of his palatial estate. Protesters occupy the grounds and opened it to tourists but they are also refusing to turn it over to the state. VOA's Daniel Schearf reports from Mezhigirya, just north of Kyiv.


Carnage and mayhem are part of daily life in northern Nigeria, the result of a terror campaign by the Islamist group Boko Haram. Fears are growing that Nigeria’s government may not know how to counter it, and may be making things worse. More

AppleAndroid