Why the NSA may not need backdoors

 Image: Declan McCullagh/CNET

James Bamford’s 2012 WIRED article The NSA Is Building the Country’s Biggest Spy Center (Watch What You Say) is a fascinating read about the NSA’s monster data center near Bluffdale, Utah and what it might be used for. Here’s an excerpt:

“Breaking into those complex mathematical shells like the AES is one of the key reasons for the construction going on in Bluffdale,” explains Bamford. “That kind of cryptanalysis requires two major ingredients: super-fast computers to conduct brute-force attacks on encrypted messages and a massive number of those messages for the computers to analyze. The more messages from a given target, the more likely it is for the computers to detect telltale patterns, and Bluffdale will be able to hold a great many messages.”

Bamford then suggests the super-fast computers are part of the High Productivity Computing Systems program located in Oakridge, Tenn. (of Manhattan Project fame), specifically in Building 5300 according to a former senior intelligence official involved in the project interviewed by Bamford.

The official mentions that security intensified in a big way when the Building 5300 team made a huge breakthrough, adding, “They were thinking that this computing breakthrough was going to give them the ability to crack current public encryption.”

Fast forward to 2015 and more evidence

Over the past several months, US law enforcement agencies have been advocating backdoors be added to encryption software, raising the ire of security pundits everywhere. The pundits fought back until finally the federal government cried “uncle.” The battle may have been won, but is the war really over?

Paul Rosenzweig is skeptical. Rosenzweig, founder of Red Branch Consulting PLLC, a Homeland Security consulting company and a senior adviser to The Chertoff Group, wrote an interesting post on the Lawfare Institute’s website. He mentions the whole issue about backdoors is only relevant if current public-key encryption techniques are indeed uncrackable, as per numerous qualified cryptographic sources.

Rosenzweig then speculates, “What if, in fact, certain implementations of public key encryption techniques are not as robust as we think they are?”

Rosenzweig’s theorizing resulted from a Freedom to Tinker article by J. Alex Halderman, associate professor of Computer Science and Engineering at the University of Michigan, and Nadia Heninger, assistant professor of Computer and Information Science at the University of Pennsylvania. In the article How is NSA breaking so much crypto?, the two academics make the case some implementations of the Diffie-Hellman protocol (used by HTTPS and VPN systems) can be cracked.

This is not just idle conjecture. They, along with 12 coauthors, recently presented their paper Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice (PDF) at the Association for Computing Machinery’s 2015 Conference on Computer and Communications Security. Through hard work and serious number-crunching, as evidenced in the paper, the team of authors determined, “Through a confluence of number theory and bad implementation choices, many real-world users of Diffie-Hellman are likely vulnerable to state-level attackers.”

Halderman and Heninger offer the following details:

“If a client and server are speaking Diffie-Hellman, they first need to agree on a large prime number with a particular form. There seemed to be no reason everyone couldn’t just use the same prime, and, in fact, many applications tend to use standardized or hard-coded primes.

“But there was a very important detail that got lost in translation between the mathematicians and the practitioners: an adversary can perform a single enormous computation to ‘crack’ a particular prime, then easily break any individual connection that uses that prime.”

Is it worth the NSA’s bother?

The paper’s authors are realistic, saying the computations required would be a technical feat not seen since the Enigma cryptanalysis during World War II. “Even estimating the difficulty is tricky, due to the complexity of the algorithm involved, but our paper gives some conservative estimates,” write Halderman and Heninger. “For the most common strength of Diffie-Hellman (1024 bits), it would cost a few hundred million dollars to build a machine, based on special purpose hardware, that would be able to crack one Diffie-Hellman prime every year.”

As to whether it’s worth it to the NSA, Halderman and Heninger state:

  • Breaking a single, common 1024-bit prime would allow the NSA to passively decrypt connections to two-thirds of VPNs and a quarter of all SSH servers globally.
  • Breaking a second 1024-bit prime would allow passive eavesdropping on connections to nearly 20% of the top million HTTPS websites.

The authors put it simpler, “In other words, a one-time investment in massive computation would make it possible to eavesdrop on trillions of encrypted connections.”

The NSA’s dilemma

In conclusion, Halderman and Heninger point out the NSA’s dual-purpose mission of gathering intelligence and defending US computational systems is an unrealistic expectation, adding, “If our hypothesis is correct, the agency has been vigorously exploiting weak Diffie-Hellman, while taking only small steps to help fix the problem.”

In the agency’s defense, the authors admit the NSA recommends transitioning to elliptic curve cryptography, which isn’t known to suffer from this loophole. However, Halderman and Heninger also point out, “The security community is hesitant to take NSA recommendations at face value, following their apparent efforts to backdoor cryptographic standards.”

Also see

Security report: Industry and online presence drive your cyberthreat profile

 Image: iStock

What do hackers want to steal from your company, and how will they attempt it? That depends on the kinds of data you have, and how you primarily transact your business: online or face-to-face.

Alert Logic explains in its 2015 Cloud Security Report that cyberattackers are changing their tactics based on industry. An online retailer or financial services firm will more likely face attacks on its external web apps with customer credit card information as the target, whereas an oil company or a manufacturer with minimal online presence can expect to deal with more traditional hacking methods focused on proprietary data.

Also in the report, Alert Logic notes an increase in cyberattacks on cloud environments due to the popularity of public cloud solutions, and recommends two main approaches for protecting your firm’s IT environment, which I discuss below.

Alert Logic provides security solutions for on-premises, cloud, and hybrid infrastructures. The Texas-headquartered firm built up the data for the report from its customer base, analyzing over 800,000 security incidents in 2014, from more than 3,000 organizations around the world.

Cloud vs. on-premise

No surprise here: in 2014, more enterprises migrated their infrastructure to the cloud, and cyberattackers have taken note. Alert Logic reports that hackers view cloud targets as easier prey, and the authors believe that to a certain extent, the hackers are correct.

Some enterprises have the false notion that cloud infrastructure (IaaS) providers fully take care of security concerns — they don’t. Alert Logic recommends the “shared security” model: knowing where IaaS security measures end and where your firm has to place its own defenses.

Cyberattacks on cloud environments grew significantly over the previous year, while the number of attacks against on-premise infrastructure stayed “relatively flat.” The growth figures for 2014 cloud attack methods are:

Alert Logic recommends these two ways to enhance your firm’s cloud security.

  • Know the shared security model: Cloud providers, such as Amazon Web Services (AWS), typically have security controls that include physical, perimeter network and hypervisor layer. IaaS customers need to secure their own applications, data, and network infrastructure that are located in that external cloud environment. Your IT security plan under the shared model has to include technology, information, people, and processes.
  • Understand your threat profile: Your industry, degree of online interactions, the applications you run, and the kinds of data you own will determine the types of attacks that hackers will initiate against your enterprise. Knowing that and your compliance requirements will drive the kinds of security solutions that you need to focus on.

The authors caution that on-premise attacks have not stopped — there is just more effort being put into compromising cloud environments. The “relatively flat” trend comes as no surprise to Alert Logic: hackers have experience penetrating on-premise infrastructures and will keep using what they consider to be effective methods.

And since on-premise environments will not disappear in the near future, Alert Logic issues this warning:

… it is important that organizations continue to invest in their security framework for all of their physical data centers, applications, and mission-critical infrastructure.

The report authors stress that successful attacks on internal, on-premise applications can give hackers the “keys to the kingdom,” i.e., user credentials. With these, “the attacker has unfettered access to an organization’s application and the valuable data it can access,” resulting in information theft over a considerable period of time, and, quite possibly, damage to a company’s reputation.

Divergence by industry

The main takeaway of the report is the “even wider divergence of threats” when Alert Logic reviewed cybersecurity incidents by industry. Alert Logic found that the biggest factors determining attack vectors are a company’s online presence and how it interacts with its customers. In addition, they concluded that the amount of online interaction was an even more significant factor than a firm’s IT environment.

The report’s authors use the example of an e-commerce company compared to a heavy equipment manufacturer. The e-commerce company needs multiple pathways for customer interactions via mobile devices, and also processes numerous customer transactions each day, all of which makes it a target for hackers seeking credit card data.

The equipment manufacturer has fewer online interactions, and its sales are based mainly on formal, in-person meetings. There is little of value for hackers to steal in its customer-facing applications — the real “gold” for cyberattackers is its proprietary data, such as confidential product designs and financial information. Hackers would take the company’s internal data and try to sell it to the manufacturer’s competition.

Alert Logic sums up this industry difference trend by writing that:

Businesses with a large volume of online customer interactions are targets for web application attacks to gain access to customer data. Businesses with few online customer interactions are more likely to be targeted for their proprietary company data, not their customer data.

For more details, download the Alert Logic 2015 Cloud Security Report.

Also see