Security Experts:

Alleged NSA Payment to RSA Raises New Fears of Gov't Undermining Crypto Security

During the past several months, leaks about the NSA's electronic surveillance operations have pooled into a river that has spilled into calls for reform.

The most recent drop in that river is a report from Reuters that the NSA paid RSA $10 million to ensure a vulnerable encryption algorithm was used by default in RSA's BSAFE toolkit. RSA, now a division of EMC, denied ever entering into a contract or being involved in any project with the intention of weakening its products. Still, the report, which was based on sources familiar with the contract, has sparked additional questions about collusion between the tech industry and intelligence agencies.

"The bad part is – if the story is true – the very, very large downside is that it's compromising a security product," said John Pescatore, director of emerging security trends at SANS Institute. "It's one thing if somebody buys a switch or a typewriter or whatever you are not expecting it to sort of protect you…crypto, you are. You're buying security products with the assumption that the company selling them to you is selling the most secure products. So if NSA has been successful at getting companies like RSA or Microsoft or any of them to compromise the security of their products,  that's sort of taking it to a different level than we have seen in the past."

In September, leaks by former NSA contractor Edward Snowden led to media reports that the NSA had engaged in an to insert vulnerabilities into commerical encryption systems so that it could more easily decrypt communications. Last week, Reuters reported the agency created a backdoor in the Dual Elliptic Curve Deterministic Random Bit Generator (Dual EC DRBG) that could be exploited and then pushed for RSA to adopt it. Problems with the algorithm have been known for several years, though RSA continued to use it in BSAFE until NIST [National Institute of Standards and Technology] withdrew its support for the standard in September in the wake of growing concerns.  

Last week, the Obama administration's Review Group on Intelligence and Communications Technologies released a report in which recommended the NSA abandon efforts to undermine cryptographic standards.

"The US Government should take additional steps to promote security, by (1) fully supporting and not undermining efforts to create encryption standards; (2) making clear that it will not in any way subvert, undermine, weaken, or make vulnerable generally available commercial encryption; and (3) supporting efforts to encourage the greater use of encryption technology for data in transit, at rest, in the cloud, and in storage," according to the report.

"Recent press coverage has asserted that RSA entered into a "secret contract" with the NSA to incorporate a known flawed random number generator into its BSAFE encryption libraries," RSA said in a statement. "We categorically deny this allegation. We have worked with the NSA, both as a vendor and an active member of the security community. We have never kept this relationship a secret and in fact have openly publicized it. Our explicit goal has always been to strengthen commercial and government security."

RSA said it made the decision to use Dual EC DRBG back in 2004, two years before NSA entered into a contract with RSA to use BSAFE. 

"We no longer know whom to trust," blogged noted cryptographer Bruce Schneier today. "This is the greatest damage the NSA has done to the Internet, and will be the hardest to fix."

Pescatore, who has worked for the NSA and U.S. Secret Service in the past, said it is a mistake for the NSA to be charged with both the offensive and defensive aspects of the cyber-war, and that the conflicting priorities of those roles can create a mindset where injecting security flaws into encryption standards make sense. Currently, both the NSA and the US Cyber Command are under the direction of NSA Director Gen. Keith Alexander. 

The idea of strong encryption getting into the wrong hands however should not be enough of a reason for the intelligence community to undermine encryption, Pescatore said. After all, if the NSA can find the backdoor, others can as well, he argued. 

"I do not think that there needs to be sort of reduced strength [in] security products in case the bad guys get a hold of them any more than I think people's houses should use easy to pick locks just in case the police need to get in," he said. 

*This story has been updated.