Experts Report Potential Software ‘Back Doors’ in US Standards

San Francisco: U.S. government standards for software may enable spying by the National Security Agency through widely used coding formulas that should be jettisoned, some of the country's top independent experts concluded in papers released on Monday.

Such mathematical formulas, or curves, are an arcane but essential part of most technology that prevents interception and hacking, and the National Institute of Standards and Technology (NIST) has been legally required to consult with the NSA's defensive experts in approving them and other cryptography standards.

But NIST's relationship with the spy agency came under fire in September after reports based on documents from former NSA contractor Edward Snowden pointed to one formula in particular as a Trojan horse for the NSA.

NIST discontinued that formula, called Dual Elliptic Curve, and asked its external advisory board and a special panel of experts to make recommendations that were published on Monday alongside more stinging conclusions by the individual experts.

Noting the partially obscured hand of the NSA in creating Dual Elliptic Curve - which Reuters reported was most broadly distributed by security firm RSA- the group delved into the details of how it and other NIST standards emerged. It found incomplete documentation and poor explanations in some cases; in others material was withheld pending legal review.

As a whole, the panels recommended that NIST review its obligation to confer with the NSA and seek legal changes "where it hinders its ability to independently develop the best cryptographic standards to serve not only the United States government but the broader community."

They also urged NIST to weigh the advice of individual task force members who made more dramatic suggestions, such as calling for the replacement of a larger set of curves approved for authenticating users, in part because they were selected through unclear means by the NSA.

"It is possible that the specified curves contain a back door somehow," said Massachusetts Institute of Technology professor Ron Rivest, a co-founder of RSA and the source of the letter R in its name. Though the curves could be fine, he wrote, "it seems prudent to assume the worst and transition away."

More broadly, Rivest wrote, "NIST should ask the NSA for full disclosure regarding all existing standards... If NSA refuses to answer such an inquiry, then any standard developed with significant NSA input should be assumed to be 'tainted,'" absent proof of security acceptable to outsiders.

In an email exchange, Rivest told Reuters that "NIST needs to have a process whereby evidence is publicly presented" about how the curves were chosen.

Read more:
Experts Report Potential Software 'Back Doors' in US Standards