Tuesday, January 21, 2014

NSA, CSEC, the CMVP, and Dual_EC_DRBG

Globe and Mail reporter Omar El Akkad has written an article examining the role played by NSA and CSEC in the certification of deliberately weakened encryption ("The strange connection between the NSA and an Ontario tech firm," Globe and Mail, 20 January 2014):
At the heart of digital security is the concept of encryption – making information indecipherable to anyone who doesn’t have the right passcode.

And since 1995, any software developer building encryption for technology they intended to sell to the American or Canadian government has had to consult something called the Cryptographic Module Validation Program. It’s a list of algorithms blessed by the CMVP that are, according to the government agencies that publish it, “accepted by the Federal Agencies of both countries for the protection of sensitive information.”

There’s only one problem. For more than six years, one of the central items listed in the CMVP – an algorithm for generating the random numbers that form the foundations of an encryption scheme – has had a glaring and well-known backdoor, a means of rendering the encryption totally ineffective.


For years, many wondered why the NIST in America and CSEC in Canada would continue to give their official blessing to a compromised algorithm. Last year, a potential answer to that question emerged, when documents leaked by Edward Snowden revealed the NSA to be a holder of the Dual_EC secret keys – essentially, allowing the spy agency to crack the encryption at will. In addition, a Reuters report in December revealed that the NSA had paid RSA Security LLC $10-million to continue making Dual_EC the default form of encryption on its products.
The Globe and Mail article also looks at the role of the Canadian company that developed the Dual_EC_DRBG algorithm, Certicom Corp., which was purchased by Blackberry in 2009.

(Also interesting is the Twitter link that El Akkad posted pointing to this 2003 press release announcing the licensing of Certicom's encryption technology by the NSA.)

The Cryptographic Module Validation Program was established by CSE and the U.S. National Institute of Standards and Technology in July 1995.

[Update 19 November 2014: The new CSE CMVP page is here. The old page can be read here. H/T to Ron Deibert.]

As it happens, I have the 1995-96 Business Plan of CSE's Information Technology Security (ITS) Program sitting on my desk right now. (Fear not, security folks; it's the redacted version that was released under the Access to Information Act.)

The unredacted portion of the document doesn't mention the CMVP, and it most certainly doesn't mention that NSA and CSE might use the program to foist crippled encryption on the public.

But it does make the following rather interesting comment, which given the news coverage of the past six months is even more relevant today:
The SIGINT program... has recently experienced high visibility in the press. As a result, CSE has become synonymous with the SIGINT mission even though the organization's name was originally based on the COMSEC [communications security] mission. Now, even more than ever, ITS's association with SIGINT has the potential [of] negatively affecting its reputation as a trusted security organization. CSE's communication policy has also restricted marketing efforts crucial to the success of the ITS program. To succeed, the program will initiate a number of actions which will ensure its reputation and image as a trusted security organization.
Good luck rebuilding that trust now.

Previous coverage of this case here.


Post a Comment

<< Home