05:53 PM
Connect Directly

Keep Calm, Keep Encrypting -- With A Few Caveats

The NSA's systematic crypto-cracking and other tactics have changed the data-protection game for enterprises

Encryption remains a key security tool despite newly leaked documents revealing the National Security Agency's efforts to bend crypto and software to its will in order to ease its intelligence-gathering capabilities, expert say. But these latest NSA revelations serve as a chilling wake-up call for enterprises to rethink how they lock down their data.

"The bottom line is what Bruce Schneier said: For all of these [NSA] revelations, users are better off using encryption than not using encryption," says Robin Wilton, technical outreach director of the Internet Society. "But if you're a bank [or other financial institution], and you rely on the integrity of your transactions, what are you supposed to be doing now? Are you compromised?"

The New York Times, The Guardian, and ProPublica late last week reported on another wave of leaked NSA documents provided by former NSA contractor Edward Snowden. They revealed that the agency has been aggressively cracking encryption algorithms and even urging software companies to leave backdoors and vulnerabilities in place in their products for the NSA's use. The potential exposure of encrypted email, online chats, phone calls, and other transmissions has left many organizations reeling over what to do now to keep their data private.

[Concerns over backdoors and cracked crypto executed by the spy agency is prompting calls for new more secure Internet protocols -- and the IETF will address these latest developments at its November meeting. See Latest NSA Crypto Revelations Could Spur Internet Makeover.]

[UPDATE: 9/11/13, 7:30am: The New York Times reported last night that the Snowden documents "suggest" the NSA "generated one of the random number generators used in a 2006 N.I.S.T. standard -- called the Dual EC DRBG standard -- which contains a back door for the N.S.A."]

Still a mystery is which, and if any, encryption specifications were actually weakened under pressure of the NSA, and which vendor products may have been backdoored. The National Institute of Standards and Technology (NIST), which heads up crypto standards efforts, today issued a statement in response to questions raised about the encryption standards process at NIST in the wake of the latest NSA program revelations: "NIST would not deliberately weaken a cryptographic standard. We will continue in our mission to work with the cryptographic community to create the strongest possible encryption standards for the U.S. government and industry at large."

NIST reiterated its mission to develop standards and that it works with crypto experts from around the world -- including experts from the NSA. "The National Security Agency (NSA) participates in the NIST cryptography development process because of its recognized expertise. NIST is also required by statute to consult with the NSA," NIST said in its statement.

The agency also announced today that it has reopened public comments for Special Publication 800-90A and draft Special Publications 800-90B and 800-90C specs that cover random-bit generation methods. These specifications have been under suspicion by some experts because the NSA was involved in their development, and NIST says if any vulnerabilities are found in the specs, it will fix them.

The chilling prospect of the NSA building or demanding backdoors in encryption methods, software products, or Internet services is magnified by concerns that would also give nation-states and cybercriminals predrilled holes to infiltrate.

"There's a strong technological argument that putting backdoors in encryption is just a foolish thing to do. Because if you do that, it's just open to abuse" by multiple actors, says Stephen Cobb, security evangelist for ESET. "This makes it very complicated for businesses. I would not want to be a CSO or CIO at a financial institution right now."

So how can businesses ward off the NSA, China and other nation-states, or Eastern European cybercriminals if crypto and backdoors are on the table?

1. Use encryption.
Encryption is still very much a viable option, especially if it's strong encryption, such as the 128-bit Advanced Encryption Standard (AES). "Don't stop using encryption, review the encryption you're using, and potentially change the way you're doing it. If you've got a Windows laptop with protected health information, at least be using BitLocker," for example, says Stephen Cobb, security evangelist for ESET.

David Frymier, CISO and vice president at Unisys, says even the NSA would be hard-pressed to break strong encryption, so using strong encryption is the best bet. Even Snowden said that, Frymier says.

Still unclear is whether the actual algorithms the NSA has cracked will be revealed publicly.

"Most algorithms are actually safe," says Tatu Ylonen, creator of the SSH protocol and CEO and founder of SSH Communications Security.

2. Beef up your encryption key management.
David Frymier, CISO and vice president at Unisys, is skeptical of the claims that the NSA worked to weaken any encryption specifications. "I just don't find that [argument] compelling. All of these algorithms are basically published in the public domain, and they are reviewed by [various parties]," he says.

Even so, the most important factor is how the keys are managed: how companies deploy the technology, store their keys, and allow access to them, experts say. The security of the servers running and storing that code is also crucial, especially since the NSA is reportedly taking advantage of vulnerabilities much in the way hackers do, experts note.

Dave Anderson, a senior director with Voltage Security, says it's possible for the NSA to decrypt a financial transaction, but probably only if the crypto wasn't implemented correctly or there keys weren't properly managed. "A more likely way that the NSA is reading Internet communications is through exploiting a weakness in key management. That could be a weakness in the way that keys are generated, or it could be a weakness in the way that keys are stored," Anderson says. "And because many of the steps in the life cycle of a key often involve a human user, this introduces the potential for human error, making key life-cycle management never as secure as the protection provided by the encryption itself."

Keep your servers up-to-date with patches, too, because weaknesses in the operating system or other software running on the servers that support the crypto software are other possible entryways for intruders or spies.

One of the most common mistakes: not restricting or knowing who has access to the server storing crypto keys, when, and from where, according to SSH's Ylonen. "And that person's access must be properly terminated when it's no longer needed," he says. "I don't think this problem is encryption: It is overall security."

Ylonen says it's also a wake-up call for taking better care and management of endpoints.

Not having proper key management is dangerous, he says. One of SSH Communications' bank customers had more than 1.5 million keys for accessing its production servers, but the bank didn't know who had control over the keys, he says.

"There are two kinds of keys -- keys for encryption and keys for gaining access that can give you further access to encryption keys," he says. And access-granting keys are often the worst-managed, he says. "Some of the leading organizations don't know who has access to the keys to these systems," he says.

"If you get the encryption keys, you can read [encrypted data]. If you get the access keys, you can read the data, and you can modify the system ... or destroy the data," he says.

Conduct a risk analysis on what information the NSA, the Chinese, or others would be interested in.
Once you've figured out what data would be juicy for targeting, double down to protect it.

"Whatever that is, protect it using modern, strong encryption, where you control the endpoints and you control the keys. If you do that, you can be reasonably assured your information will be safe," Unisys' Frymier says.

In the end, crypto-cracking and pilfered keys are merely weapons in cyberspying and cyberwarfare, experts say.

"The NSA wants access to data ... they want access to passwords and credentials to access the system so it can be used for offensive purposes if the need arises, or for data collection," Ylonen says. "They want access to modern software and applications so they are later guaranteed access to other systems."

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message. Kelly Jackson Higgins is Executive Editor at She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
9/20/2013 | 11:39:00 AM
re: Keep Calm, Keep Encrypting -- With A Few Caveats
Great article, Kelly. The fact that RSA has all been brought to its knees is pretty scarring, but indeed, the only thing we as security professionals can do is to keep encrypting. We discussed on this topic on our blog lately GÇô hereGÇÖs the link to the article: http://blog.securityinnovation...
User Rank: Ninja
9/12/2013 | 12:16:54 PM
re: Keep Calm, Keep Encrypting -- With A Few Caveats
there can be no meaningful discussion of encryption until the end-point computers (both ends) are certified clean. software inventory and audit control will be required as well as o/s software which provides control over modifications.

apps will need to be restricted. what is the use of encryption if a script running in your browser can read your /correspondence directory ? apparmor or equivalent should be used on any app that has access to the net .
User Rank: Strategist
9/11/2013 | 3:42:57 PM
re: Keep Calm, Keep Encrypting -- With A Few Caveats
Great point, mrtt. Thanks for sharing your thoughts on this.
User Rank: Apprentice
9/11/2013 | 2:38:47 PM
re: Keep Calm, Keep Encrypting -- With A Few Caveats
"Don't stop using encryption..."

For many, it might be more appropriate to suggest "Start using encryption...". There are more people out there who don't use it than do use it - at least for everyday electronic communications. Just do a search for "private, secure, encrypted" and see how many options are available. Some are free and simple to use. There is something for all levels of technical expertise.
Register for Dark Reading Newsletters
White Papers
Current Issue
Flash Poll
Title Partner’s Role in Perimeter Security
Title Partner’s Role in Perimeter Security
Considering how prevalent third-party attacks are, we need to ask hard questions about how partners and suppliers are safeguarding systems and data.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-07-05
EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate.

Published: 2015-07-05
EMC Secure Remote Services Virtual Edition (ESRS VE) 3.x before 3.06 does not properly generate random values for session cookies, which makes it easier for remote attackers to hijack sessions by predicting a value.

Published: 2015-07-05
Mozilla Network Security Services (NSS) before 3.19, as used in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, Thunderbird before 38.1, and other products, does not properly determine state transitions for the TLS state machine, which allows man-in-the-middle attacke...

Published: 2015-07-05
Use-after-free vulnerability in the CanonicalizeXPCOMParticipant function in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 allows remote attackers to execute arbitrary code via vectors involving attachment of an XMLHttpRequest object to a shared worker.

Published: 2015-07-05
Multiple unspecified vulnerabilities in the browser engine in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code v...

Dark Reading Radio
Archived Dark Reading Radio
Marc Spitler, co-author of the Verizon DBIR will share some of the lesser-known but most intriguing tidbits from the massive report