NSA Backdoors In Open Source and Open Standards: What Are the Odds? 407
New submitter quarrelinastraw writes "For years, users have conjectured that the NSA may have placed backdoors in security projects such as SELinux and in cryptography standards such as AES. However, I have yet to have seen a serious scientific analysis of this question, as discussions rarely get beyond general paranoia facing off against a general belief that government incompetence plus public scrutiny make backdoors unlikely. In light of the recent NSA revelations about the PRISM surveillance program, and that Microsoft tells the NSA about bugs before fixing them, how concerned should we be? And if there is reason for concern, what steps should we take individually or as a community?" Read more below for some of the background that inspires these questions.
quarrelinastraw "History seems relevant here, so to seed the discussion I'll point out the following for those who may not be familiar. The NSA opposed giving the public access to strong cryptography in the '90s because it feared cryptography would interfere with wiretaps. They proposed a key escrow program so that they would have everybody's encryption keys. They developed a cryptography chipset called the "clipper chip" that gave a backdoor to law enforcement and which is still used in the US government. Prior to this, in the 1970s, NSA tried to change the cryptography standard DES (the precursor to AES) to reduce keylength effectively making the standard weaker against brute force attacks of the sort the NSA would have used.Since the late '90s, the NSA appears to have stopped its opposition to public cryptography and instead (appears to be) actively encouraging its development and strengthening. The NSA released the first version of SELinux in 2000, 4 years after they canceled the clipper chip program due to the public's lack of interest. It is possible that the NSA simply gave up on their fight against public access to cryptography, but it is also possible that they simply moved their resources into social engineering — getting the public to voluntarily install backdoors that are inadvertently endorsed by security experts because they appear in GPLed code. Is this pure fantasy? Or is there something to worry about here?"
This is stupid (Score:5, Insightful)
This is fearmongering. Encryption standards that have been adopted are open source and mathematicians comb over them with a fine tooth comb before giving them their blessing. Yes, there is a worry among mathematicians about the NSA developing an algorithm that would permit a pre-computed set of numbers to decrypt all communication. Which is why they make sure it DOESN'T HAPPEN.
See https://www.schneier.com/essay-198.html
Back doors are so 90s (Score:0, Insightful)
Who needs back doors when you can buy an 0day for a few 100k? Backdoors are passé.
Linux Kernel has had bugs publicly reintroduced. (Score:5, Insightful)
Last year or early this year there was a fix for a Linux kernel bug that could provide root privilege escalation. Here's the kicker though: The bug had been fixed years earlier but had been reintroduced into the kernel and nobody caught it for a very long time. For some reason, OpenSuse's kernel patches still included the bug fix, so OpenSuse couldn't be exploited, but mainline didn't reintroduce the fix for a long time.
Given the complexity of the kernel as just one example of a large open-source project, I don't really buy the "all bugs are shallow" argument from days of past. That argument was making a presumption that people *wanted* to fix the bugs, and as we all know there are large groups of people who don't want the bugs fixed. That's not to say that there is a magical NSA backdoor in Linux (and no, there isn't a magical NSA backdoor in Windows either, get over it conspiracy fanboys). That is to say that simply not running Windows isn't enough to give you real security and yes, your Linux box can be attacked by a skilled and determined adversary.
Historically, NSA have done the opposite. (Score:5, Insightful)
DES was developed in the early 1970's, and has been proven to be quite resistent to differential cryptanalysis, which didn't appear in the public literature until the late 1980's.
During the development of DES, IBM sent DES's S-boxes to NSA, and when they came back, they had been modified. At the time there was suspicion that the modifications were a secret government back door, however when differential cryptanalysis was discovered in the 1980s, the researchers found that DES was surprisingly hard to attack. It turned out that the modifications to the S-boxes actually strengthened the cipher.
Inefficient != Incompetent (Score:5, Insightful)
I have yet to have seen a serious scientific analysis of this question, as discussions rarely get beyond general paranoia facing off against a general belief that government incompetence plus public scrutiny make backdoors unlikely.
Government's are not nearly as incompetent as many pundits would have you believe. We have some very seriously talented people doing some pretty amazing things in our government. Government isn't always a model of efficiency but inefficient does not (always) equal incompetent. And in some cases inefficiency is actually a good thing. Sometimes you want the government to be slow and deliberative and to do it right instead of fast. Some of the most remarkable organizations and talented people I've met are in government. Sadly some of the worst I've met are in government as well but my point remains. Assuming government = incompetent is in clearly wrong in the face of copious evidence to the contrary.
Re:Well they COULD put a backdoor in some OSS... (Score:3, Insightful)
Nahhh the backdoors are in the compilers.. They've modified GCC to install it for you. Your code looks fine and the backdoor is there. Everyone wins!
AC.
No need to (Score:0, Insightful)
There are plenty of holes in the kernel and privileged program "as is". All they have to do is find them
Re:Linux Kernel has had bugs publicly reintroduced (Score:5, Insightful)
Re:This is stupid (Score:5, Insightful)
Fearmongering, yes.
But not impossible.
It's not so easy to make sure that a program is a correct implementation of a mathematical algorithm or of an open standard.
A subtle bug (purposeful or not) in a crypographic algorithm or protocol can be exploited.
Writing a bug is much easier than spotting it.
Many applications and OSes get security updates almost dayly. They certainly haven't found them all yet.
Perhaps the NSA has engineered backdoors in our free software at some point, but those vunerabilities have been patched already.
Mosty paranoia then....
Rick
Re:This is stupid (Score:5, Insightful)
Belgian ffs.
Belgium, I hate it when people mistake us for Dutch!
Comment removed (Score:5, Insightful)
Yep (Score:5, Insightful)
AES was developed in Belgium by Joan Daemen and Vincent Rijmen. It was originally called Rijndael and was one of the AES candidates. What happened is the NIST put out a call for a replacement for the aging DES algorithm. It was one of a number of contenders and was the one that one the vote. The only thing the NSA has had to do with it is that they weighed in on it, and all the other top contenders, before a standard was chosen and said they were all secure and that they've since certified it for use in encrypting top secret data.
It was analyzed, before its standardization and since, by the world community. The NSA was part of that, no surprise, but everyone looked at it. It is the sole most attacked cypher in history, and remains secure.
So to believe the NSA has a 'backdoor' in it, or more correctly that they can crack it would imply that:
1) The NSA is so far advanced in cryptography that they were able to discover this prior to 2001 (when it got approved) and nobody else has.
2) That the NSA was so confident that they are the only group to be able to work this out that they'd give it their blessing, knowing that it would be used in critical US infrastructure (like banking) and that they have a mission to protect said infrastructure.
3) So arrogant that they'd clear it to be used for top secret data, meaning that US government data could potentially be protected with a weak algorithm.
Ya, I'm just not seeing that. That assumes a level of extreme mathematical brilliance, that they are basically better than the rest of the world combined, and a complete disregard for one of their missions.
It seems far more likely that, yes, AES is secure. Nobody, not even the NSA, has a magic way to crack it.
Re:Windows does have a backdoor. (Score:2, Insightful)
Who guards the guards? (Score:5, Insightful)
I can attest to the lack of backdoors in SELinux. I am the SELinux maintainer. I'm the guy responsible for it.
Then the only question remaining is whether we should trust you.
Re:This is stupid (Score:5, Insightful)
The question to ask is:
What happens for the VERY VERY FIRST TIME this sort of tampering is spotted?
What if we found something in Linux, or something in PKE, or something in anything we use?
Would we just go "Oh, well, that's the NSA for you" and then carry on as normal? No. Likely there'd be a complete fork from a clean workbase to start over again, a complete distrust of code from day one, and a complete overhaul of all existing systems.
It's just not something that, as a government agency, you'd want to get implicated in whatsoever. For a start, you have a backdoor into systems in the German government? Or the Koreans? Holy crap you're in trouble for it being found out.
And what purpose would it serve, above and beyond traditional spying? Not a lot. The effort and secrecy required, and the implications if you're found out EVER, is far too large-scale to reap any benefit from it.
It's much more incredibly likely that they are using standard spying techniques (i.e. let's tap X's computer because we know he's involved) than planting things into major pieces of open source software. Closed commercial? That's a different matter but - again - compared to just issuing an order that they do it for you and never speak about it, it's too difficult. And, even then, we've found out that that eventually comes out and has diplomatic effects on entire nations (including allies).
I don't believe they wouldn't try. I don't believe they wouldn't have some way into the system. I don't believe for a second, though, that they've backdoored something quite so open and visible, or that the people involved in reviewing it wouldn't - EVENTUALLY - spot it and the outcry from that having a 100 times greater impact on the world than anything some twat leaks from diplomatic cables.
I'd be so incredibly disappointed if that was the height of their capabilities, to do something some clumsy and ineffective, and that they couldn't choose their targets better.
These people are spies. I expect them to perform all manner of dirty manoeuvres as a routine job. But the fact is that good, old-fashioned spying is a million times more effective.
I would also have to say that an "enemy" of any description who has the capability to use only compiled-from-source software on regulated hardware, and uses them exclusively in whatever activities might be of interest to the NSA or GCHQ probably has the resources to verify that code or write it themselves.
And, you have to remember the old "fake-Moon-landings-Russians" argument - if your enemy is capable of DETECTING that you've done that, and they announce it to the world and show it was you that did it, they'd do it. Just to discredit you. Just to make you forget about the guy in the airport. Just to make you look like fools. Just to prove that THEY know what's going on and it's not so easy to get into their systems.
If you have a perfect government entity, then yes it's theoretically possible. But in real life, no, I'm sorry, it's just implausible on anything other than a trivial scale. They might get a "euid=root" type bug into the code if they try hard and find a weak target, but to be honest, it's not a concern.
And if I was really worried, I'd use FreeDOS. Or Minix. Or FreeBSD. Or whatever. And any "common point" like gcc, well you can verify those kinds of things with the double-compilation tricks or just using a different piece of software. Either they would have to have infected EVERYTHING or NOTHING. And I'll go with nothing.
Re:This is stupid (Score:5, Insightful)
We already had a closed algorithm pushed on us in the 1990s -- Skipjack. It was broken shortly after it was declassified.
Weak algorithms will get torn apart quickly, because there are many people looking for weaknesses, both university researchers as well as criminal organizations.
Best thing one can do if worried about one algorithm -- do cascades. Realistically, three 256 bit algorithms won't give 768 bit security, but 258 bits. However, if one algorithm gets broken, the data is still protected. This applies to public key crypto as well. The ideal would be RSA, ECC, and maybe one more that is resistant to Shor's algorithm like Unbalanced Oil and Vinegar or something lattice based.
Re:This is stupid (Score:4, Insightful)
Hell, the State of California practically does that now.
Practically? In some parts of S. California I could walk outside my front door and not be able to read the commercial signs. You'd never know the official langauge of the country was English.
Point of order... that's because the US has no official language. It is generally held that such would be a violation of the First Amendment. :)
Some States, California among them, have passed official language laws but as far as I know they all lack enforcement clauses.