NIST to review standard for cryptographic development - do we really care?

Filed Under: Cryptography, Featured

NIST logo, creative commonsWhether you use it to protect personal data, protect customer data or secure your communications, cryptography is an integral part of our digital world, but the announcement late in 2013 that NIST is reviewing its standards for cryptography seems to have gone largely unnoticed.

What's NIST?

The National Institute of Standards and Technology is an American governmental body that is tasked with creating and maintaining de jure standards.

NIST has brought us such popular hits as:

the inch;
the pound;
and the mile.

→ Seeing as NIST is a US-based institution, I opted for non-metric measures. Readers in countries who have adopted the metric system - or as it is also known, the rest of the world* - will be more familiar with the International System of Units.

Standards bodies are indeed important.

Think of all the different parts in a car.

If the manufacturer of each part decided independently how to measure a given widget, you would be lucky to get your flux capacitor to fit into your DeLorean.

More germane to this discussion on encryption, NIST is responsible for standards like the Federal Information Processing Standards (FIPS) which include the Digital Signature Standard and the Advanced Encryption Standard.

Why the review?

In a statement back in November 2013, NIST shared the following:

Recent news reports about leaked classified documents have caused concern from the cryptographic community about the security of NIST cryptographic standards and guidelines. NIST is also deeply concerned by these reports, some of which have questioned the integrity of the NIST standards development process.

So NIST is stepping up and addressing the public's concern over the National Security Agency's (NSA) alleged meddling in cryptographic standards.

From a public relations view, this makes sense.

The standards created and maintained by NIST go into virtually every product we consume today.

Everywhere - from the keys you use to encrypt your email to the switch that carries the packets to the electrical grid that powers the infrastructure.

But has the damage already been done?

NIST officially reports to the US Department of Commerce, but by law it is required to consult with the NSA when drafting new cryptographic standards.

NIST also draws heavily on the NSA's cryptographers because it simply does not have the in-house resources.

In their excellent book, "Privacy on the Line", Whitfield Diffie and Susan Landau walk through the history of cryptography and describe in great detail how the NSA was not going to let NIST develop any cryptographic standards without their involvement.

Like it or not, the NSA was going to be involved and was going to be instrumental in creating new cryptographic standards.

So the NSA and NIST are intimately involved in creating cryptographic algorithms. So what?

The relationship is not what makes this troubling but NIST has responded in a manner that suggests it is.

Why should we care?

Our mission is to protect the nation’s IT infrastructure and information through strong cryptography. We cannot carry out that mission without the trust and assistance of the world's cryptographic experts. We’re committed to continually earning that trust.

As response to the Snowden leaks, NIST withdrew one cryptographic standard from public.

It was called the Dual EC DRBG and the allegation was that the NSA had influenced NIST into creating a relatively weaker and flawed pseudo random number generator.

→ I have grossly summarized the problem. If interested, there's a paper found here that was presented at CRYPTO 2007 conference which explains the problem. Be warned, the math contained in the paper is not for the faint of heart!

In 2013, NIST also came under criticism from cryptographers that Keccak, the winning algorithm in the five-year contest to choose a new secure hashing algorithm (FIPS 180-4) [PDF], had been weakened by NIST in the course of standardization.

Some of these changes were made with the help of the Keccak team and others solely by NIST.

There is no evidence to suggest that the NSA had anything to do with the SHA3 incident but trust has been eroded to the point of non-existence by many in the industry.

The NSA will do what it needs to protect the interests of the United States.

That is neither a judgement nor conjecture.

The fact that NIST and the NSA have and will continue to work closely together is also not conjecture.

The question that remains is this: To the extent that we trust the NSA, do we trust NIST to act in the best interest public at large when it comes to cryptographic standards?

To many, the answer is no.

Conclusion

The thing that rankles many is that NIST has been trusted for a very long time to provide unbiased standards. Even in the realm of cryptography.

AES and SHA are prime examples.

While we may still trust NIST to keep accurate time or provide measurements that ensure curling stones have a diameter no greater than 36 inches (91.44 cm.) and weigh no more than 44 pounds (19.96 kg.) regardless of where the game is played, I'm afraid that for many the ship has sailed on things like cryptography.

There are a good number legacy cryptographic algorithms that have stood the test of time and were not created nor influenced by the NSA.

There are also plenty of brilliant minds working on the next set of cryptographic algorithms and they are doing it in an open, peer-reviewed and collaborative manner.

On 18 February 2014, NIST published a document outlining the proposed changes.

If you find yourself interested in such things, NIST is accepting comments until 18 April 2014.

*Yes, I am well aware of the shunning of the metric system in places like Liberia and Myanmar as well.

, , ,

You might like

3 Responses to NIST to review standard for cryptographic development - do we really care?

  1. chase43 · 157 days ago

    The computer I am on now uses AES. I'm happy that algorithm is 'secure.'

    .... but that word needs a statement of 'secure against what/who?'

    Is AES is secure against the NSA ?

    Would the NSA assist in creating a wide ranging crypto algorithm that they themselves could not access ?

    If they are able access AES, then that is quite a coup.

  2. Ramiro Fernandez · 157 days ago

    Like it or not, the industry is not moving away from NIST. Their recommendations are used for FIPS certification, a requirement in many industries for secure cryptographic processing. Don't expect this to change any time soon.

    Remember, NIST recommendations are acted on by the US government and NSA itself. They will not purposefully weaken a cryptographic algorithm, as it will make their own data vulnerable. This is what made their move with dual ec drbg so brilliant, they made a strong algorithm with a back-door that only they can access. Such a thing is not possible with a symmetric algorithm such as AES (as far as anyone publically knows, anyway). And the back door in dual ec drbg was immediately obvious, the Snowden leaks just told us that yes, the NSA did have the balls to do it.

    I don't think NIST will become irrelevant any time soon, and I'm not sure that it is a huge concern.

    • Magyver · 154 days ago

      I think you underestimate the US govy.

      Re: "They will not purposefully weaken a cryptographic algorithm, as it will make their own data vulnerable."

      Bullfrog. The US govt has two different standards: One for the public and one for them.

      The NSA isn't giving up their back door keys anytime soon.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

John Shier is a Senior Security Expert at Sophos. John is a popular presenter at security events, and is well-known for the clarity of his advice, even on the most complex security topics. John doesn't just talk the talk: he also gives hands-on technical support and product education to Sophos partners and customers.