By Sheri Pan – Edited by Elise Young
November 1, 2013 Notice from NIST
The National Institute of Standards and Technology (“NIST”) recently announced that it has begun formal review of its standards development process for approving cryptographic algorithms. The notice appears to be a reaction to recent reports in the New York Times regarding the National Security Agency’s (“NSA”) back door access to encrypted data through an NIST-approved cryptographic algorithm. The article suggests that the NSA inserted back door access into the algorithm, one that many companies use to encrypt data sent over the Web.
On November 1st, NIST announced it will undertake a formal review of its standards development process used to recommend encryption algorithms. The agency indicated the review was precipitated by documents concerning the security of NIST cryptographic standards leaked by Edward Snowden. NIST has begun internal audits, plans to involve an independent organization, and will invite public comment on the process. It will also reexamine all current cryptographic standards and guidelines based on changes to the standards development procedures. The agency emphasized its commitment to transparency, openness and earning the trust of the world’s cryptographic experts.
The undertaking is likely a reaction to recent reports by the New York Times and the Guardian on Dual_EC_DRBG, a pseudorandom number generator. Random number generators are algorithms used in the data encryption process to output random values and thereby prevent decryption by unauthorized parties. According to the New York Times, internal memos leaked by Edward Snowden suggest that Dual_EC_DRBG was created by the NSA and contains a back door for the agency to access and decipher data encrypted using the algorithm. NIST first recommended its use in a 2006 publication.
According to Ars Technica, Dual_EC_DRBG is widely used to encrypt information, and the recently-discovered back door undermines the security of any data encryption system that employs it. In response to the reports, RSA Security, which uses Dual_EC_DRBG as the default generator in its commercial cryptographic libraries, has strongly recommended that its customers no longer use the generator. According to NIST, Cisco, Blackberry, McAfee, and Microsoft have used Dual_EC_DRBG in some of their implementations.
The cryptography community has long been concerned about the relationship between NIST and the NSA, noted Matthew Green, a cryptographer at Johns Hopkins University, in A Few Thoughts on Cryptographic Engineering. As early as 2007, Bruce Schneier, an author on security technology, speculated on NSA’s involvement in developing and promoting the use of Dual_EC_DRBG.
Prior to the November notice, NIST initially responded to reports on the leaked memos in a statement released on September 10. There, NIST defended its standards development process and reopened commenting on its 2012 Recommendations publication and drafts of two other publications. The release also noted that NIST consults with the NSA in its standards development process for its expertise and as required by law.
In light of the recent reports, NIST has advised against use of Dual_EC_DRBG pending resolution of security concerns.
Sheri Pan is a 1L at Harvard Law School interested in the intersection of technology and public interest law