NSA Compromises Security of Internet, ECommerce And Crypto-Currencies Via "Backdoors" In The Name of Anti-Terrorism
Internet, ECommerce And Crypto-Currencies
In The Name of Anti-Terrorism
Silent Circle Ditches NIST Cryptographic Standards To Thwart NSA Spying
The U.S. National Security Agency's reported efforts to weaken encryption standards have prompted an encrypted communications company to move away from cryptographic algorithms sanctioned by the U.S. National Institute of Standards and Technology (NIST).
Silent Circle, a provider of encrypted mobile Voice over Internet Protocol (VoIP) and text messaging apps and services, will stop using the Advanced Encryption Standard (AES) cipher and Secure Hash Algorithm 2 (SHA-2) hash functions as default cryptographic algorithms in its products.
"We are going to replace our use of the AES cipher with the Twofish cipher, as it is a drop-in replacement," Silent Circle CTO Jon Callas said Monday in a blog post. "We are going to replace our use of the SHA-2 hash functions with the Skein hash function. We are also examining using the Threefish cipher where that makes sense."
The company also plans to stop using P-384, one of the elliptic curves recommended by the NIST for use in elliptic curve cryptography (ECC).
The NSA has long been a supporter of ECC, an approach to public-key cryptography based on the arithmetic of elliptic curves, arguing that it is more secure and offers better performance than traditional public-key cryptography schemes. P-384 is one of the elliptic curves used in Suite B, a set of cryptographic algorithms used for encryption, key exchange, digital signatures and hashing that was selected by the NSA for use when handling classified information.
Silent Circle plans to replace the P-384 elliptic curve with one or more curves that are being designed by cryptographers Daniel Bernstein and Tanja Lange, who have argued in the past that Suite B elliptic curves are weak.
"If the Suite B curves are intentionally bad, this would be a major breach of trust and credibility," Callas said. "Even in a passive case -- where the curves were thought to be good, but NSA cryptanalysts found weaknesses they have since exploited -- it would create a credibility gap of the highest order, and would be the smoking gun that confirms the Guardian articles."
"Our primary responsibility is to protect our customers, especially in the face of uncertainty."
The New York Times and the Guardian newspapers reported last month, based on documents leaked by former NSA contractor Edward Snowden, that the NSA has used its influence to weaken an encryption standard published by the NIST in 2006.
That standard is the Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG), a secure pseudo-random number generator (PRNG) that's based on the elliptic curve discrete logarithm problem. PRNGs play an important role in many aspects of cryptography, and a vulnerability in one of them could undermine the whole security of a cryptographic system that uses it.
Researchers have warned since 2007 that Dual_EC_DRBG has a serious weakness, but some companies have implemented it in their encryption products anyway because it was a NIST recommendation.
Following the recent reports about the NSA weakening this standard, the NIST reopened Special Publication 800-90A, which includes the Dual_EC_DRBG specification, for public comments. The organization also denied that it would deliberately weaken a cryptographic standard.
However, the harm to the NIST's reputation seems already to have been done.
RSA, the security division of EMC, has since advised customers that its BSAFE cryptographic libraries and its Data Protection Manager products have been using Dual_EC_DRBG by default and strongly recommended that they switch to a different PRNG using instructions in the product documentation.
Silent Circle's new decision to move away from AES, SHA-2 and the P-384 curve doesn't mean that these standards are insecure, Callas said in the blog post. "It doesn't mean we think less of our friends at NIST, whom we have the utmost respect for; they are victims of the NSA's perfidy, along with the rest of the free world. For us, the spell is broken. We're just moving on."
The company still plans to support the NIST-sanctioned algorithms in its services, but they won't be the default choice anymore.
Asked why Twofish and Skein in particular were chosen to be the new default choices for Silent Circle's products, Callas said via email that both algorithms come from trusted sources, including himself in the case of Skein.
Twofish was a finalist in the NIST's selection of the AES cipher, and the team that developed it included people that Silent Circle's co-founders personally know and trust, he said. "A number of the same people produced Skein -- which was a SHA-3 finalist -- and I am a member of the Skein team."
For Silent Circle this was a "decision of conscience," Callas said. "Our primary responsibility is to protect our customers, especially in the face of uncertainty."
However, Callas doesn't think other vendors necessarily should follow suit and move away from NIST cryptographic standards.
"I wouldn't fault anyone for deciding differently," he said. "We need more of the world coming together with security and respecting each other's decisions even if we make different decisions and do different things. If someone decides to stay the course, I respect that."
"That's also why we're going to allow customers to use the old algorithms," Callas said. "We respect their personal decisions, too."
Should We Trust The NIST-Recommended ECC Parameters?
Also, recent articles in the media, based upon Snowden documents, have suggested that the NSA has actively tried to enable surveillance by embedding weaknesses in commercially-deployed technology -- including at least one NIST standard.
The NIST FIPS 186-3 standard provides recommended parameters for curves that can be used for elliptic curve cryptography. These recommended parameters are widely used; it is widely presumed that they are a reasonable choice.
My question. Can we trust these parameters? Is there any way to verify that they were generated in an honest way, in a way that makes it unlikely they contain backdoors?
Reasons for concern. Bruce Schneier has written that he has seen a bunch of secret Snowden documents, and after seeing them, he recommends classical integer discrete log-based cryptosystems over elliptic curve cryptography. When asked to elaborate on why he thinks we should avoid elliptic-curve cryptography, he writes:
I no longer trust the constants. I believe the NSA has manipulated them through their relationships with industry.
This suggests we should look closely at how the "constants" (the curve parameters) have been chosen, if we use ECC. This is where things look concerning. I recently read a message on the tor-talk mailing list that seems to suggest the NIST curve parameters were not generated in a verifiable way. That message examines how the parameters were generated:
I looked at the random seed values for the P-xxxr curves. For example, P-256r's seed is c49d360886e704936a6678e1139d26b7819f7e90. No justification is given for that value.
and ultimately concludes:
I now personally consider this to be smoking evidence that the parameters are cooked.
Based upon my reading of FIPS 186-3, this appears to be an accurate description of the process by which the P-xxxr curves were generated. So, should people be concerned about this? Or is this just paranoia based upon loss of trust in the NSA?
On Nov. 1, 2007, the National Security Agency hosted a talk by Roger Dingledine, principal designer of one of the world’s leading Internet privacy tools. It was a wary encounter, akin to mutual intelligence gathering, between a spy agency and a man who built tools to ward off electronic surveillance.
According to a top-secret NSA summary of the meeting, Dingledine told the assembled NSA staff that his service, called Tor, offered anonymity to people who needed it badly — to keep business secrets, protect their identities from oppressive political regimes or conduct research without revealing themselves. In the minds of NSA officials, Tor was offering protection to terrorists and other intelligence targets.
Beginning at least a year before Dingledine’s visit, the NSA has mounted increasingly successful attacks to unmask the identities and locations of users of Tor. In some cases, the agency has succeeded in blocking access to the anonymous network, diverting Tor users to insecure channels. In others, it has been able to “stain” anonymous traffic as it enters the Tor network, enabling the NSA to identify users as it exits.
Tor works by encrypting traffic repeatedly as it flows across a global network of servers, mostly run by volunteers. The traffic, which can include e-mails, information from a Web site and almost anything else on the Internet, is supposed to arrive at its destination with no identifying information about its origin or the path it took.
The U.S. Naval Research Laboratory first developed Tor more than a decade ago as a tool to allow anonymous communications and Web browsing. It was embraced by privacy advocates, including the Electronic Frontier Foundation, and continues to receive substantial federal funding. Tor is now maintained by Dingledine’s nonprofit group, the Tor Project.
The State Department trains political activists worldwide on how to use Tor to protect communications from the intelligence services of repressive governments. But the anonymity service also has become popular with criminals — especially dealers of illicit drugs, military-grade weapons and child pornography — and terrorists seeking to evade tracking by Western intelligence services.
The intelligence community “is only interested in communication related to valid foreign intelligence and counterintelligence purposes,” Clapper said.
There is no evidence that the NSA is capable of unmasking Tor traffic routinely on a global scale. But for almost seven years, it has been trying.
Since 2006, according to a 49-page research paper titled simply “Tor,” the agency has worked on several methods that, if successful, would allow the NSA to uncloak anonymous traffic on a “wide scale” — effectively by watching communications as they enter and exit the Tor system, rather than trying to follow them inside. One type of attack, for example, would identify users by minute differences in the clock times on their computers.
Dingledine expressed no surprise that the NSA has tried to defeat efforts at anonymity. In the interview, he said the weaknesses in Tor described in the PowerPoint presentation likely could be exploited only against a relatively small number of individual users. That, he said, is reassuring.
“If those documents actually represent what they can do, they are not as big an adversary as I thought,” he said.
The Tor Browser Bundle, available for free at www.torproject.org, was downloaded 40 million times last year. Until a recent security upgrade to the Firefox browser, which is incorporated in the bundle, the NSA could trick the browser into leaking the real Internet address of a targeted user. One slide described these tactics as “pretty much guaranteed to succeed.”
Mozilla, the nonprofit organization that develops Firefox, declined to comment.
One document provided by Snowden included an internal exchange among NSA hackers in which one of them said the agency’s Remote Operations Center was capable of targeting anyone who visited an al-Qaeda Web site using Tor.
Privacy advocates, however, say Tor is valuable and should be protected even if it is sometimes used by criminals. “Tor is networking technology,” said Christopher Soghoian, an American Civil Liberties Union technology expert. “It is no different from a postage stamp or a highway. Good people use highways, and bad people use highways.”
The NSA documents portray a years-long program to defeat what the agency called “The Tor Problem,” with the agency repeatedly updating its tactics as Tor’s developers made changes to the network.
The NSA also altered tactics as Mozilla introduced new versions of Firefox. In anticipation of a new release of Firefox, one agency official wrote in January that a new exploit was under development: “I’m confident we can have it ready when they release something new, or very soon after :).”
In late 2006, when the NSA prepared a working paper on methods to defeat Tor, the anonymous network had an estimated 200,000 users and 1,000 servers. Among the secret NSA documents were lists of hundreds of servers the agency believed to be “nodes” on that network.
Along with EGOTISTICALGIRAFFE, the agency’s cover names for Tor attacks have included MJOLNIR, MOTHMONSTER and EGOTISTICALGOAT. A similar program at Britain’s Government Communications Headquarters, the NSA’s close counterpart, was called STUNT WORM.
One NSA PowerPoint presentation provided by Snowden is titled “Peeling Back the Layers of TOR with EGOTISTICALGIRAFFE.”
The agency began identifying browsers that were using Tor by noting how the encryption program reset what’s called the BuildID — a 14-digit code representing the exact date and time when that version of Firefox was released. On versions using Tor, the BuildID is reset to “0.” That feature made it hard to distinguish one Tor user from another, but it also allowed the NSA to pick out Tor-enabled browsers from among all others in use at any given moment.
“It’s easy!” a slide describing the technique said.
Mozilla issued a patch to Firefox that would protect newer versions of the browser against such an attack, though the NSA documents make clear that research into new exploits remains active.
One PowerPoint slide sums up a multistep method for learning the identity and location of Tor users and implanting NSA code in the browser. It ends with a final bullet point saying, “Win!”
NSA Paid Tech Firm To Use Weak Encryption
If this Reuters report is true, the National Security Agency paid RSA, the security unit of EMCEMC $10 million to make flawed encryption promoted by the government the default setting in one of its encryption programs, which could have allowed the intelligence agency to snoop on customer communications that those users thought they were paying RSA to protect.
The program, called Bsafe, is used to protect individual computers on a network through encypting data and communications.
The Wall Street Journal couldn’t confirm that allegation Friday evening; current and former RSA executives did not return repeated requests for comment. The NSA declined to comment.
In a statement given to Reuters, the company said: “RSA always acts in the best interest of its customers and under no circumstances does RSA design or enable any back doors in our products. Decisions about the features and functionality of RSA products are our own.”
The Reuters story also doesn’t say that RSA knew the encryption standard was flawed when it agreed to the deal. But the story could deal a further blow to American software and networking companies, some of which have faced allegations of creating backdoors for U.S. spies after a half-year of leaks from former NSA contractor Edward Snowden about U.S. government surveillance.
Other news organizations had previously reported that the NSA helped promote a flawed formula for encryption software, according to documents leaked by Snowden. It even got the National Institutes of Standards and Technology, the encryption standards body of the U.S. government, to sign off on the standard, according to the Snowden documents.
Shortly after those revelations, RSA told its customers to stop using the suite.
NSA Affair Forces NetSuite’s Hand
Cloud application vendor NetSuite Inc. is accelerating its construction of data centers in Europe as a result of the National Security Agency’s eavesdropping activities. Zach Nelson, the company’s chief executive, said Wednesday that prospective customers in Europe have grown more concerned about whether the U.S. government could access proprietary information stored in data centers around the world. “There’s now a higher level of concern about keeping data in Europe,” he said.
Documents leaked by contractor Edward Snowden revealed that the NSA has been eavesdropping on the data centers of Google Inc., Apple Inc., and other large technology companies. The revelations are particularly thorny for companies like NetSuite, which store data and applications used by businesses on remote servers around the world, which their customers can access via the Internet. Businesses, particularly outside the U.S., are loath to allow the government to pry into their activities.
According to Mr. Nelson, NetSuite will add two new data centers in 2014, picking two from among prospective locations in Germany, the Netherlands and Ireland. NetSuite would have “ultimately” built the new data centers regardless, said Mr. Nelson, but has sped up its expansion “as a result of concerns about the NSA.” Mr. Nelson said he believes the company “will have the same issue in Asia.”
NetSuite, which provides software used to manage corporate financials and other back office operations, currently has five data centers, including one in California and the other in Massachusetts. It has approximately 16,000 business customers globally, about a quarter of which are located overseas. Third quarter revenues were approximately $107 million, 34% higher than the year-previous quarter.
Google, Apple, Microsoft Corp. and five other technology companies last week issued an open letter calling for “global government surveillance reform,” urging world governments to respect the principles of “free expression and privacy.” Specifically, the companies said they wanted to see greater oversight of the government’s surveillance operations and limits on the government’s authority to compel companies to disclose data about their customers.
Several technology firms have said revelations of the NSA’s activities have hurt business, most notably Cisco Systems Inc. chief executive John Chambers, who said “it is an impact in China.” Tom Leighton, chief executive of Akamai Technologies Inc., which helps companies manage Web traffic, said during a conference sponsored by Bloomberg LP that the scandal is being used to “whip up anti-American sentiment” in Germany, and that the company stands to “lose some business there.”
The NSA scandal is “an opportunity for countries to develop protectionist measures,” said Rebecca Wettemann, vice president of research at Nucleus Research. According to Ms. Wettemann, technological solutions, such as encryption, will eventually help companies better protect their data, but perhaps not soon enough to prevent some of those measures. “History tells us legislation is going to lag behind the technology, and perhaps have unintended consequences,” she said.
Monty Henry, Owner
Next-Generation Bug / Microwave / ELF / Spy Phone / GSM And Camera Detectors (Buy, Rent, Layaway) tinyurl.com/2eo8mlz Open...
— Spy Store Rentals (@MontyHenry1)
Nanny IP (Internet) Cameras, GPS Trackers, Bug Detectors and Listening Devices, etc, (Buy / Rent / Layaway): tinyurl.com/396jlw6...
— Spy Store Rentals (@MontyHenry1)
• Video is Recorded Locally To An Installed SD Card (2GB SD Card included)
• Email Notifications (Motion Alerts, Camera Failure, IP Address Change, SD Card Full)
• Live Monitoring, Recording And Event Playback Via Internet
• Back-up SD Storage Up To 32GB (SD Not Included)
• Digital Wireless Transmission (No Camera Interference)
• View LIVE On Your SmartPhone!
* Nanny Cameras w/ Remote View
* Wireless IP Receiver
* Remote Control
* A/C Adaptor
* 2GB SD Card
* USB Receiver
FACT SHEET: HIDDEN NANNY-SPY (VIEW VIA THE INTERNET) CAMERAS
* Transmission Range of 500 ft Line Of Sight
* Uses 53 Channels Resulting In No Interference
* 12V Power Consumption
* RCA Output
* Supports up to 32gig SD
* 640x480 / 320x240 up to 30fps
* Image Sensor: 1/4" Micron Sensor
* Resolution: 720x480 Pixels
* S/N Ratio: 45 db
* Sensitivity: 11.5V/lux-s @ 550nm
* Video System: NTSC
* White Balance: Auto Tracking
* You Buy Our DVR Boards And We'll Build Your Products! (Optional)
Our New Layaway Plan Adds Convenience For Online Shoppers
Phone: (1888) 344-3742 Toll Free USA
Local: (818) 344-3742
Fax (775) 249-9320
Google+ and Gmail
AOL Instant Messenger
Yahoo Instant Messenger
Alternate Email Address
Join my Yahoo Group!
My RSS Feed