IEEE Technology and Society Magazine - Fall 2014 - 12

The NSA and its British counterpart the Gento determine the session key by key-trial, testing the
eral Communications Headquarters (GCHQ) have
effectively smaller set of keys.
enjoyed a distinguished history of success in cryptThe article appearing on the website Arstechanalysis. The two decisive battles of World War II
nica.com entitled "How the NSA (May Have) Put
were the Battle of Midway (1942) in the Pacific and
a Backdoor in RSA's Cryptography: A Technical
the Battle of the Atlantic (1939). The victory, which
Primer" (http://arstechnica.com/security/2014/01/
defeated the German U-boat attacks on U.S. shiphow-the-nsa-may-have-put-a-backdoor-in-rsasping, was necessary in order for England to survive.
cryptography-a-technical-primer/) describes the
These victories were achieved in a major way as a
compromise of the session key when using one
consequence of the cryptanalytic efforts of at NSA
of the approved NIST 800-90A random number
and GCHQ.
generators. The article asserts a deliberate weakIn the early part of the 20th century encryption
ness was introduced in TLS V1.2 as the result of
employed electro-mechanical machines
a contract between RSA Incorporated
to perform polyalphabetic substitution of
and NSA. The claim is based on both
What could
letters; the German Enigma, SZ40, and
the Snowden revelations and the 2007
go wrong?
the Japanese PURPLE machines are three
work of Microsoft's Shumow and ferPlenty!
examples. The Enigma machine used
guson explaining the flaws in the Dual_
rotors, the SZ40 used wired code-wheels,
EC_DRBG's, one of the NIST 800-90A
and the Japanese machines used telephone switches.
generators. To be fair, there are alternate generators
Mechanical components limited the possible comand apparently RSA Security LLC, has recently
plexity of the encryption.
disowned the offending RNG.
The 1977 DES was different; it could be impleHowever, revealing the CA's private key is the
mented as a program and there were no limits in
more serious and effective intrusion and might be
principle to its complexity. The debate surroundhard to prove. There are two possible scenarios:
ing certifying DES as a standard focused largely to
concerns about whether NSA intruded on its design.
1) General_NSA takes the CEO of jungle.com to
In fact, it didn't except for the choice of the strange
lunch on K Street and asks him or her. "Help us
key-length size of 56 bits. It is not possible to prove
protect the U.S. Reveal to us the private key used
this was the only governmental interference, but I sugin signing jungle.com's certificate. We're the
gest that if they did more, then "how come no one has
good guys and know how to keep a secret!" If
uncovered NSA's trap-door in the nearly 40 years?"
the good girl/guy CEO agrees, then all of jungle.
AES may be an improvement on both DES and tricom's TSL transactions are made transparent. As
ple DES (DES3), but the question remains "are they
the fBI learned in 1941, one peek is better than
really totally secure?"
10-20 Cray supercomputers.
After coming to UCSB, I spent seven summers at
2) General_NSA takes the CEO of the CA xxxsethe NSA or IDA/CRD in Princeton which consults for
curecert.com to lunch (or dinner) and makes the
NSA. I have great respect for many of the people I
same argument asking for the CA's private key. If
met. David Kahn describes Edgar Allen Poe's short
there is acquiescence, all of the sellers who cerstory "The Gold Bug" [10]; in it, Poe wrote "yet it
tificates were issued by this CA would be vulnermay be roundly asserted that human ingenuity canable to attack.
not concoct a cipher that human ingenuity cannot
resolve.'' I am no longer certain. Perhaps the GershIs this scenario far-fetched? Perhaps, but the feb.
win brothers made a more percipient judgment, when
28, 2014, web article [9] "Lavabit's Ladar Levison
in Porgy and Bess they wrote the song It Ain't Neceson Snowden, Why He Shut Down, and How to Beat
sarily So. Until a smart university cryptography guru
the NSA" states that "Levison was prohibited from
finds a structural fault, 296 remains too big a number
discussing any details of the case until last Octofor key-trial, although quantum computers might give
ber, when the court unsealed a portion of the docuthem a lift. If this be the case, what can NSA do to stay
ments. The unsealed records reveal that the fBI was
in the cryptanalysis business?
demanding access to Lavabit's Secure Sockets Layer
NIST Special Publication 800-90A [8] entitled
(SSL) keys, which would essentially allow the agency
"Recommendation for Random Number Generaaccess to all messages on Lavabit's server. While the
tion Using Deterministic Random Bit Generators"
fBI was ostensibly targeting only a single user, Levidescribes several NIST approved random number
son was unwilling to sacrifice the privacy of his other
generators used to generate a session key. If a ran400,000+ users."
dom number generator had a structural weakness or
If the fBI can do it, can No-Such-Agency be far
introduced bias, this might permit an eavesdropper
behind?
12

IEEE TECHNOLOGY AND SOCIETY MAGAZINE

fALL 2014

http://www.nica.com http://www.arstechnica.com/security/2014/01/ http://www.jungle.com http://www.curecert.com

Table of Contents for the Digital Edition of IEEE Technology and Society Magazine - Fall 2014