It’s not you, it’s me: committee of cryptographic experts tries to crack NIST/NSA relationship

In response to stories in the New York Times, ProPublica, and the Guardian that the National Security Agency (“NSA”) was undermining encryption standards, The Visiting Committee on Advanced Technology (VCAT) released a report that called for increased transparency and internal expertise at the National Institute for Standards and Technologies (“NIST”). The VCAT reviews and makes recommendations regarding general policy for the National Institute of Standards and Technology. The VCAT formed a Committee of Visitors (“COV”) in mid-April to review the relationship between NIST and the NSA.

NIST is responsible for researching and promoting these standards, among others, and is required by law to consult with the NSA in their creation. While one of the NSA’s two primary missions is to defend information systems, security experts and members of civil society have noted the NSA’s more well-known mission, to conduct surveillance, is inconsistent with the development of robust and secure encryption protocols.

The COV was made up of seven leading technologists, including Google’s Vint Cerf, former Federal Trade Commission Chief Technologist Edward Felten, and MIT Professor Ronald Rivest. While the COV report makes sound recommendations to strengthen procedural integrity, it falls short of calling for complete independence between the NIST and NSA. Access has applauded previous efforts aimed at removing the NIST’s mandatory consultation with the NSA and to increase NIST’s independence more generally.

How NIST and NSA came together

Federal laws require the NIST to consult with the NSA on its cybersecurity procedures and standards. This relationship between the NIST and the NSA is further detailed by two Memorandums of Understanding (MOU) between the organizations. The first MOU was released in 1989 followed by a second in 2010.

The 1989 MOU establishes a six-person Technical Working Group (“TWG”), with three members from the NIST and three from the NSA, to review and ensure that cryptographic standards are consistent with “the national security of the United States.” However, in order to ensure national security, the NSA may deem it necessary in some circumstances to weaken public standards so the agency reserves potential attack vectors against its targets.

The 2010 MOU added six agreements to extend the purpose of the TWG and increase the NSA’s role in the standards setting process. The fourth agreement requires NIST to draw on the cybersecurity expertise of the NSA “to the greatest extent possible” while the final agreement specifies that NIST must consult with the NSA “on all matters related to cryptographic algorithms and cryptographic techniques for non-national security applications.” Allowing the National Security Agency even stronger input on the development of non-national security standards is a recipe for mission creep; not a means of security.

Two months ago, Access lauded the House Science and Technology Committee’s adoption of an amendment to the FIRST Act that removes the requirement for the NIST consult with the NSA on encryption standards (The Amendment has since passed the House in the NIST Re-authorization Act of 2014).


NIST and NSA’s rocky relationship

As Access has previously cautioned, the NSA has an extensive history of undermining cryptographic standards resulting in greater risk to individual security. COV member Steve Lipner, Senior Director of Security Engineering Strategy in Microsoft’s Trustworthy Computing Group, writes in his submission to the VCAT Report that the first suspicions of NSA backdoors date back to the late 1970’s. At that time, NIST consulted with the NSA and released DES, an encryption method based off IBM’s Lucifer algorithm, which contained unexplained changes resulting in weaker protection. Further suspicions of NSA malfeasance were finally confirmed following the Snowden disclosures in June of 2013.

The documents released by Snowden revealed that the NSA has undermined at least one widely-used encryption algorithm. The algorithm’s default parameters had been suggested by the NSA and NIST included them within its security standards. “There is no doubt that the inclusion…was a serious mistake,” chided Bart Preneel, President of the International Association of Cryptologic Research. NIST later identified that “misplaced trust in the NSA” was a chief reason for the algorithm’s incorporation into the national cryptographic standards. It is unclear to what extent NSA has intervened to undermine other encryption standards or methods.

Relationship “council-ing”, expert review, and transparency

Access has called on NIST to strengthen standards by providing for greater transparency and oversight. In a letter to the agency, Access and partners articulated how these principles can create stronger security for all users, along with increased expert input and testing before standards are released for use by the public. All members of the COV agreed that significant steps toward these goals should be taken. However, the responses varied on the method and degree of interdependence between the two agencies.

In order for the NIST to break free from the NSA’s grip, the organization needs to have an independent council with cryptographic expertise. This requires an increase to the NIST’s current budget to support hiring extra staff. Lipner advises that the NIST should still consult with the NSA, putting “security first,” while maintaining competent staff who are able to adequately review the NSA’s recommendations. However, taken alone, this dangerously assumes that the NIST’s internal council will always spot every exploit the NSA attempts to embed.

To supplement internal scrutiny, Access has proposed greater input from academics and experts in the field, a recommendation echoed by some members of the COV. “It would be helpful for the NIST to establish a Scientific Advisory Board,” Preneel suggests, “This advisory board should consist of experts from the stakeholders.” Access’ letter further urges the NIST to better cooperate with external experts by “providing a security proof for standards when the standard is put out for public comment.” By increasing and facilitating academic input, the NIST can draw from a more diverse field of cryptographic expertise to safeguard standards against exploitation.

To make external input effective, members of the COV push for greater transparency around the NIST’s consultations with the NSA and standards review. “NIST security standards and guidelines should not incorporate concealed or secret features or attributes,” Lipner writes. By publishing the security proofs for cryptographic standards, with documentation of stakeholder comments and subsequent revisions, the NIST can hold all contributors accountable. This not only increases national trust in the NIST publications, but allows for public oversight of any attempts by the NSA to sabotage security standards.

It’s time For NIST and NSA to see other people

While members of the COV recommended only a lesser degree of interdependence between the NSA and NIST, recent legislative efforts have edged toward total independence. In June, Representative Grayson introduced an amendment to the Department of Defense Appropriations bill which prohibits the use of funds for NSA and NIST consultation. This would make the two organizations effectively independent.

Access supports many of the recommendations in the VCAT report; namely, the additional funding for the NIST to hire cryptography experts and additional transparency for public review. The NSA’s dual mission to both secure and exploit cybersecurity is a threat to all users’ safety.