NSA inserted backdoor into NIST random number generator method


The National Security Agency appears to have inserted a vulnerability into an encryption technical standard adopted by the National Institute of Standards and Technology in 2006, says reporting based on more leaked documents from former intelligence contractor Edward Snowden.

The backdoor insertion is one revelation of many contained in articles based on the new leaks, published simultaneously Sept. 6 in a joint The New York Times-ProPublica article and in a separate piece in The Guardian.

None of the news organizations identify the standard specifically. But, the Times and ProPublica state that the apparent NSA backdoor was discovered by two Microsoft engineers in 2007--and Microsoft cryptologists Dan Shumow and Niels Ferguson in August 2007 gave a presentation (.pdf) about a possible backdoor in one of four random number deterministic generating techniques contained in NIST Special Publication 800-90. At the time, security scientist Bruce Schneier wrote in Wired that the weakness found by Shumow and Ferguson "can only be described a backdoor."

Schneier recommended against use of the technique, also stating that the backdoor was "rather obvious" and the algorithm in any case was "too slow for anyone to willingly use it."

According to NSA classified memos cited by the Times and ProPublica, the NSA wrote the standard and later also aggressively pushed for its adoption by the International Organization for Standardization. "Eventually, NSA became the sole editor" of the technical standard, the joint news article quotes a NSA memo as stating.

NIST withdrew SP 800-90 as a standard in January 2012, issuing a revision, SP 800-90A (.pdf).

In a prepared statement, NIST said that it uses "a transparent, public process to rigorously vet our recommended standards. If vulnerabilities are found, we work with the cryptographic community to address them as quickly as possible."

In a redacted top secret document (.pdf) posted online as part of the leak reporting, the NSA says it has an ongoing effort to "influence policies, standards and specification for commercial public key technologies" as part of an effort dubbed SIGINT Enabling Project for which the agency requested $254.9 million in fiscal 2013 funding, after receiving $275.4 million in fiscal 2012 and $298.6 million the year before.

The SIGINT (it stands for signals intelligence) Enabling Project in general seeks to "covertly influence and/or overly leverage" domestic and foreign information technology to make them exploitable to decryption by the NSA, the document also says.

Another ongoing effort of the project is to "shape the worldwide commercial cryptography marketplace to make it more tractable to advanced cryptanalytic capabilities" being developed by the NSA and Defense Department's Central Security Service.

For more:
- go to the New York Times and ProPublica article
- download a redacted TOP SECRET//SI/TK/NOFORN NSA budget document on the SIGINT Enabling Project (.pdf)

Related Articles:
Wiretaps up 24 percent in 2012
Leaked documents show Information Sharing Environment budget of $25M
NSA broke data collection rules, finds audit