Security Experts:

Juniper to Enhance RNG in ScreenOS

Following the discovery of unauthorized code, Juniper Networks announced on Friday that it will replace the random number generation (RNG) technology in its ScreenOS operating system with the one currently used in Junos OS products.

Juniper revealed in mid-December that it had identified unauthorized code in ScreenOS, the operating system used by the company’s NetScreen firewalls. The unauthorized code introduces a vulnerability that can be leveraged to remotely gain administrative access to affected devices via SSH or telnet, and a weakness that allows an attacker with access to VPN connections to decrypt VPN traffic.

The vulnerabilities have been patched by the company with the release of ScreenOS 6.2.0r19 and 6.3.0r21. However, researchers found that despite attempts by malicious actors to exploit the authentication bypass flaw, more than 1,500 devices had remained unpatched as of last week.

After examining the available evidence, external researchers determined that the VPN decryption vulnerability might be related to the use of the Dual Elliptic Curve Deterministic Random Bit Generator (Dual EC DRBG) in ScreenOS.

Dual EC DRBG came in the spotlight in late 2013 when reports surfaced that the NSA created a backdoor and allegedly paid RSA $10 million to get the company to use it by default in one of its toolkits.

Juniper has argued that the Dual EC DRBG standard has not been used as the primary RNG, and the company says it hasn’t used the curve points recommended by NIST and instead uses self-generated basis points, which should provide sufficient crypto.

Experts suggested that while Juniper changed the “locks” on the system, someone might have broken in and changed them again. Some also suggested that the use of Dual EC might have also made the patches released by the company ineffective.

In a statement published on Friday, Juniper Networks’ SVP chief information officer, Bob Worrall, denied reports that the use of Dual EC in ScreenOS prevents the recently discovered vulnerabilities from being fixed properly.

Juniper has conducted a thorough investigation of the source code for ScreenOS and Junos OS, the operating system that powers the company’s routing, switching and security devices. The investigation found no additional evidence of tampering and led to the conclusion that it would be much more difficult to plant unauthorized code in Junos.

The company has decided to replace Dual EC and ANSI X9.31 in ScreenOS 6.3 with the same RNG technology used in Junos OS products. The ScreenOS release that will include a more robust RNG subsystem will become available in the first half of 2015.

In the meantime, Juniper says it’s confident that the current version of ScreenOS has sufficient cryptology.

“We believe that the existing code using Dual_EC with self-generated basis points provides sufficient cryptology notwithstanding issues with the second ANSI X.9.31 random number generator,” Worrall said.

Some experts suspected that the NSA might have had something to do with the backdoors found in Juniper firewalls, especially since leaked documents showed that the agency targeted the security firm’s products in the past. However, the FBI has launched an investigation into the incident after U.S. officials raised concerns that the backdoors might have been planted by a foreign government. Juniper Networks says the investigation into the origin of the unauthorized code continues.

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.