NIST Panel Finds That NSA Influence Over NIST Weakened Crypto Standards
There's an interesting article in Computerworld about the report of a blue-ribbon panel of the NIST looking into allegations in the Snowden documents that a key cryptography standard was weakened by the inclusion, at the NSA's behest, of a weak pseudo-random number generator.
The Visiting Committee on Advanced Technology (VCAT) was convened to examine the process by which NIST adopts cryptographic standards and recommend improvements. The committee had an impressive membership roster:
- Vint Cerf, Google VP and chief evangelist
- Ron Rivest, MIT professor, cryptographer, the "R" in RSA
- Edward Felten, professor and director of the Center for Information Technology Policy at Princeton
- Ellen Richey, Executive VP and Chief Enterprise Risk Officer at Visa
- Steve Lipner, Partner Director of software security at Microsoft
- Bart Preenel, Belgian cryptographer, professor at the University of Leuvel
- Fran Schotter, COO of ANSI
The allegations were that the NSA inserted a back door into the random number generator Dual_EC_DRBG and convinced NIST to include it in the SP 800-90A recommendation. (It's also been alleged that RSA was paid to make Dual_EC_DRBG the default generator in its toolkits.)
The VCAT found that NIST has too little native cryptographic expertise and was too heavily dependent upon and influenced by the NSA. As Computerworld reports
Regarding the inclusion of Dual_EC in its SP 800-90A recommendation, the "NIST failed to exercise independent judgment but instead deferred extensively to NSA," Felten wrote in his assessment. "After DUAL_EC was proposed, two major red flags emerged. Either one should have caused NIST to remove DUAL_EC from the standard, but in both cases NIST deferred to NSA requests to keep DUAL_EC."
The panel looked at two other issues where, despite possible security concerns, NSA recommendations were included in NIST standards.
Certainly this has poisoned the well -- NIST's reputation has been damaged as has the trust placed in US government sponsored standards activity. The VCAT strongly recommends that NIST develop its own expertise in evaluating cryptographic algorithms.
"NIST may seek the advice of the NSA on cryptographic matters but it must be in a position to assess it and reject it when warranted. This may be accomplished by NIST itself or by engaging the cryptographic community during the development and review of any particular standard."
We all depend upon good cryptographic algorithms and standards to protect privacy and commerce on the Internet. The independence and integrity of NIST is essential to making that happen, and the VCAT report is a good first step to restoring trust in the government's ability to help, rather than hinder, the process.
About Andy Sherman
Andy Sherman, Eden Technologies’ security practice lead has a PhD in physics from Rensselaer Polytechnic Institute and started his career in the academic world. He then went to AT&T Bell Laboratories where he discovered the power – and hazards – of large distributed computer networks. It was also at Bell Labs, during the early days of the Internet, that Andy became interested in the security problems associated with public networks. From Bell Labs Andy moved to the financial services industry. There he worked on a large range of infrastructure design, deployment, and management projects, but is best known for his 15+ years in information and technology security.