Published: 03 Feb 2014
One of the responses to early salvos of former NSA contractor Edward Snowden's surveillance releases was "trust the math." That's how security veteran Bruce Schneier put it in a posting to his blog site. Snowden himself, when answering reader questions on the Guardian website, said, "Encryption works. Properly implemented strong cryptosystems are one of the few things that you can rely on."
A lot of us heaved a huge sigh of relief upon hearing that. Not because NSA surveillance will reveal our big, dark secrets, but if the security community can't say with confidence that it stores the world's digital data securely, it's time to dismantle the industry. And beyond that, privacy is essential. A sense of privacy fosters self-aware, independent identities, which are fundamental to creating modern civilization.
Problems in theory
It appears Snowden was wrong -- at least, partially -- about NSA's access to encrypted data. Or, perhaps, he was putting a lot of weight on the phrase "properly implemented." Because if you had hung your trust on RSA, the security division of EMC Corp.'s BSafe cryptosoftware, and used its default settings (Dual Elliptic Curve Deterministic RBG algorithms), it's pretty clear that the NSA had a backdoor to your plaintext. Snowden should have been aware of this issue. (When his identity was first revealed in the Guardian, he said, "I carefully evaluated every single document that I disclosed to ensure that each was legitimately in the public's interest.")
If the security community can't say with confidence that it stores the world's digital data securely, it's time to dismantle the industry.
On the other hand, Snowden had a lot of documents, and there are plenty of instances where you have to line up the PowerPoint slides side-by-side to make sense of what the NSA is allegedly up to. Whether Snowden was aware of the BSafe alleged backdoor or not, the backdoor was there.
This backdoor was essentially a class break -- the NSA could violate the protections of anything encrypted with the default BSafe arrangement. It was a completely different approach than selectively "pwning" equipment or software distributed to specific targets (which the NSA has also done).
In this instance, you couldn't really trust the math. The core precepts of encryption (e.g., products of very large prime numbers are hard to factor) may still hold. But one element at least that's darned nearly as important -- the ability to pick pseudorandom numbers that others can't systematically guess -- is up for grabs.
Shutting the door on surveillance?
But it's worse than that. There are perfectly good reasons to suspect even more security problems that the NSA discovered or, perhaps, purposefully injected. As reports surface alleging that various products from Cisco Systems Inc., Dell Corp. and other major hardware vendors have potential security weaknesses, only Apple Inc. has responded with a truly ironclad-sounding denial of any involvement in the NSA's surveillance activities. Other responses have seemed rather carefully worded. Huawei Technologies Co., for instance, released a statement that said it will "conduct appropriate audits to determine if any compromise has taken place and to implement and communicate any fixes as necessary."
It appears Snowden was wrong -- at least, partially -- about NSA's access to encrypted data.
That's just the hardware vendors. I'm no mathematician, but it doesn't appear that we're entirely out of the woods, based on the NSA's capabilities for directly weakening or attacking cryptosystems -- namely, elliptical curve-based algorithms, the mechanism used in Dual_EC_DRBG, one of four DRBGs standardized by the National Institute of Standards and Technology (NIST SP 800-90A) in 2007.
Peter Woit, a senior lecturer in the mathematics department at Columbia University, blogged back in September that there was speculation in the math community that "there are other ways in which NIST standard elliptic curve cryptography has been compromised by the NSA (see here for some details of the potential problems)." Woit noted:
[T]he NSA for years has been pushing this kind of cryptography (see here), and it seems unlikely that either they or the NIST will make public the details of which elliptic curve algorithms have been compromised and how (presumably the NIST people don't know the details but do know who at the NSA does).
We can't trust the math. Some of it needs to be reexamined publicly, and soon. The industry -- and, in particular, vendors that say they'll fix any surveillance-enabling vulnerabilities "as necessary" -- need to pour on the funding for research and standards development that returns us to a state where we can store data with confidence that it's secure.
About the author:
Robert Richardson is the editorial director of TechTarget's Security Media Group. Follow him on Twitter @cryptorobert.