(Mis)Uses of Technology

by Tim Cushing


Filed Under:
encryption, iot, nsa, trust

Companies:
iso



International Standards Body Rejects Weakened IOT Encryption Methods Pushed By The NSA

from the bleak-days-for-Big-Surveillance dept

The NSA has again been outed for pushing compromised encryption standards. An early Snowden leak showed the agency paid RSA $10 million to promote a weakened encryption standard. RSA offered up a denial that didn't exactly contradict the evidence provided by the leaked documents. A few years later, NIST (National Institute of Standards and Technology) removed the Dual Elliptic Curve algorithm from its recommendations, citing its distrust of the agency pushing for its adoption: the NSA. Dual EC appeared to be deliberately weakened, reducing encryption-breaking efforts to a matter of seconds, rather than hours or days.

The NSA is once again at the center of an encryption controversy. This time the intended target of weakened encryption standards is the Internet of Things. As Kieran McCarthy of The Register reports, the NSA's hard-sell approach backfired, leaving its preferred attack vectors encryption algorithms locked out by an international standards body.

The "Simon" and "Speck" cryptographic tools were designed for secure data to and from the next generation of internet-of-things gizmos and sensors, and were intended to become a global standard.

But the pair of techniques were formally rejected earlier this week by the International Organization of Standards (ISO) amid concerns that they contained a backdoor that would allow US spies to break the encryption. The process was also marred by complaints from encryption experts of threatening behavior from American snoops.

Researchers report being attacked by NSA reps when its preferred algorithms were questioned. Some of the terms used to describe the NSA's reactions to criticism include "outrageously adversarial" and "bullying."

There appears to be no evidence researchers found a backdoor present in the encryption methods as originally delivered. The ISO's rejection was mostly based on the NSA's past untrustworthiness and its attempt to add backdoor-esque code to the IOT encryption software. The NSA's failure to gets its favored methods instituted as industry standards has apparently led to personal attacks on researchers opposing its efforts. That's not exactly going to swing crucial votes its way in upcoming standards decisions.

The NSA has remained silent as other US government agencies complain about criminals "going dark." It may join them if it continues to be shut out by standards bodies and software developers.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • icon
    Anonymous Anonymous Coward (profile), 30 Apr 2018 @ 9:43am

    What the NSA looks for on IoT

    My refrigerator is going dark. It won't be able to tell the NSA when I am out of milk.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 30 Apr 2018 @ 12:56pm

      Re: What the NSA looks for on IoT

      Anyone who keeps food products beyond the recommended expiration dates will be brought to justice - you criminals out there will pay for your insolence! How dare you attempt to save money, all real patriots buy much more than they need and just throw away the waste. We will catch you evil doers and the IOT refrigerators are on the front lines in this battle.

      reply to this | link to this | view in chronology ]

  • identicon
    Darkhog, 30 Apr 2018 @ 9:44am

    Not an expert on U.S. law, but...

    ...is it enough to overthrow that law? If so, it should be done as soon as possible. We need to fight censorship at any cost, even if said censorship has good intentions behind it.

    reply to this | link to this | view in chronology ]

    • identicon
      Darkhog, 30 Apr 2018 @ 9:46am

      Re: Not an expert on U.S. law, but...

      Wrong article

      reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 30 Apr 2018 @ 9:50am

      Re: Not an expert on U.S. law, but...

      You don't need to be an expert to know that the law is no longer followed in America. It is loosely regarded, but often abused the moment it serves a purpose.

      You can be prosecuted over a law that does not exist, a judge WILL allow the government to lie in court (but not you), and a law that is designed to protect you will be ignored without recourse.

      reply to this | link to this | view in chronology ]

  • icon
    That One Guy (profile), 30 Apr 2018 @ 9:47am

    "I don't get it, why don't they trust us?"

    A good reputation is a tricky thing, difficult to build up, trivial to destroy, and after all they got caught doing no-one at the NSA should be surprised that people who can see past the name and who know what they're talking about aren't willing to just take the NSA's claims and proposals at face-value.

    This is very much a problem of their own making; if people don't trust them, it's because they've demonstrated it would be foolish to do so, and if they want to regain that trust it's going to be a long, difficult process, one in which 'insult people who question you' probably isn't going to help.

    reply to this | link to this | view in chronology ]

    • identicon
      I.T. Guy, 30 Apr 2018 @ 10:04am

      Re: "I don't get it, why don't they trust us?"

      "and if they want to regain that trust"

      That's funny although I doubt it was intended as a joke.

      The (insert letter agency here)couldn't care less about public image. Unless the nation showed up at their doors with pitchforks and torches demanding change, they are just going to continue railroading all over the Constitution tightening the noose around Freedom and Privacy.

      Pressure and time.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 30 Apr 2018 @ 10:40am

        Re: Re: "I don't get it, why don't they trust us?"

        "they are just going to continue railroading all over the Constitution"

        If "those pitchforkers and torchers" gave a fuck they would vote in people wanting to either dismantle or bring these agencies into the light.

        the problem is, who has the balls? I keep telling everyone that their desires to create more and more government agency is only going to bite them or their children on the backs of their asses.

        People usually ignore me and call me crazy. The real crazy is everyone else ignoring the problems they create.

        if you think your vote matters, or your rights inside of this current government... well I hear there is a joke about a river in Egypt named after you.

        It's amazing how many people believe we are a democracy when we never were, and still think they have a say when any of them can be dissapeared or arrested for anything and how fast their fellow citizens will forget about them the moment the police shoot their asses off, take their property, or systematically marginalize them with fines, laws, and harassment!

        It is also amazing how many of them will turn to government for salvation after having watched it destroy others. Hmm.... like pigs to the slaughter!

        reply to this | link to this | view in chronology ]

        • icon
          That One Guy (profile), 30 Apr 2018 @ 10:55am

          Re: Re: Re: "I don't get it, why don't they trust us?"

          If "those pitchforkers and torchers" gave a fuck they would vote in people wanting to either dismantle or bring these agencies into the light.

          if you think your vote matters, or your rights inside of this current government... well I hear there is a joke about a river in Egypt named after you.

          So if people cared they would vote, but voting doesn't actually do anything? Which is it, are people fools for voting or are they fools for thinking that voting actually does anything, who are they supposed to vote for/not vote for if none of the candidates match your exacting standards, and finally what is your alternative?

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 30 Apr 2018 @ 11:29am

            Re: Re: Re: Re: "I don't get it, why don't they trust us?"

            Okay, fair enough, you need qualifiers on those statements. I will try to keep it simple.

            "if you think your vote matters, or your rights inside of this current government... well I hear there is a joke about a river in Egypt named after you."

            As long as you vote for a party... your vote was usurped... meaning it does not matter. Imagine how disenfranchised all the anti-trump republicans feel right now. It was not exactly a secret effort to get folks to "support the candidate that the party selects" regardless of your personal opinions. This is the first and default way your vote is made to not matter. I am sure the Democrats that voted for Bernie felt much the same way... generally fucked over.

            If they want their votes to "matter again" they need to dump the parties, but that is often asking far too much. People would rather live with a known evil than to seek an unverifiable cure to that evil.

            If they seek to have their rights respected in government then they also need to vote in people that will actually seek to secure them.

            Neither of these are happening leading to my comment.

            "who are they supposed to vote for/not vote for if none of the candidates match your exacting standards,"

            Ah yea... making the best of what you got mentality... good to know you will not be seeing a solution to your problems then. You should take a note from your self and just take what you get then.

            "and finally what is your alternative?"

            Anything 3rd party... does not matter what, just so that it sends a message, I don't think the Republicans learned the lesson of how they got Trump yet... especially not the Democrats. Getting people on board is the hard part.

            reply to this | link to this | view in chronology ]

            • icon
              That One Guy (profile), 30 Apr 2018 @ 12:01pm

              Re: Re: Re: Re: Re: "I don't get it, why don't they trust us?"

              If they want their votes to "matter again" they need to dump the parties, but that is often asking far too much. People would rather live with a known evil than to seek an unverifiable cure to that evil.

              Probably because parties are basically inevitable as far as I can see. 'I like ABC, and will generally support candidates that also like ABC. I will get together with those that also like ABC to support candidates of like mind. While these candidates might occasionally differ in that they like A and B but not C, more often than not they align with what I like, whereas the other candidates do not, so I will support 'my' candidate over the other one'.

              Unless you can convince people that working together to achieve a common goal is counter-productive(good luck with that), parties are going to happen, and the focus should be more on keeping them aligned with the majority of people that identify with them, and less on the Sisyphean task of trying to get them to ditch them altogether and vote for an unknown.

              Ah yea... making the best of what you got mentality... good to know you will not be seeing a solution to your problems then. You should take a note from your self and just take what you get then.

              Swing and a miss, your response in no way answers my question as to what someone is supposed to do when none of the available candidates match the standards they and/or you set as 'acceptable', so I'll ask again.

              If none of the candidates available are 'good', such that there are no 'good' just varying shades of 'bad', who should the person vote for, or should they vote at all?

              Anything 3rd party... does not matter what, just so that it sends a message

              So don't mindlessly vote for the two main parties, mindlessly vote for a third, no matter who it is, just to stick it to the first two? Oh yeah, that'll show 'em and could in no way backfire horribly.

              If that is your proposed solution to the two-party problem it's not hard to see why people aren't taking your 'suggestions' seriously.

              reply to this | link to this | view in chronology ]

              • identicon
                Anonymous Coward, 30 Apr 2018 @ 12:22pm

                Re: Re: Re: Re: Re: Re: "I don't get it, why don't they trust us?"

                "Probably because parties are basically inevitable as far as I can see."

                I can understand how people might think that, but party creates an exclusionary group and begins a division. That division is as intrinsic to human nature as bias and racism, which we currently understand should be fought against. Why create something that is intended to be exclusionary from he start? It will only fester until it becomes as much of a problem as racism? In fact the party fighting might as well be the new racism.

                "Unless you can convince people that working together to achieve a common goal is counter-productive(good luck with that), parties are going to happen,"

                I agree with you, you can't get people to stop being hateful, they NEED like it is important to their survival to group up and oppress others. If they can't do it by race, they will do it by party, if they can do it by party, they will do it by sports teams, if they can do it by sports teams, it will be by clans... get the point?

                I think people that join groups to build their voice up are looking to create a problem because no matter what, a leader is going to come along and take advantage of the power of that group for wrongdoing and people will be too afraid to say anything against the group because as you have already seen how, the group you are in already hates other groups... would you want to invoke that upon yourself? You would become group-less and defenseless.



                How is it that we can understand the problem inherent with racism but cannot resist creating parallels in party partisanship as a replacement? I think it is clear that humans are mostly more worried about oppressing others for their own gain vs gaining with those others.

                Here is a hint... being a part of a group means you are NOT working together to achieve a common goal, you are in fact just working to achieve the leader's goal.

                "If that is your proposed solution to the two-party problem it's not hard to see why people aren't taking your 'suggestions' seriously."

                Then enjoy the problems you see, they are not going away.

                The definition of insanity is to continue to do the same thing over and over but expecting different results.

                You sir are saying, lets do this again... maybe it will be different next time. Good Luck... you are going to fail!

                reply to this | link to this | view in chronology ]

                • icon
                  That One Guy (profile), 30 Apr 2018 @ 12:44pm

                  Re: Re: Re: Re: Re: Re: Re: "I don't get it, why don't they trust us?"

                  I agree with you, you can't get people to stop being hateful, they NEED like it is important to their survival to group up and oppress others. If they can't do it by race, they will do it by party, if they can do it by party, they will do it by sports teams, if they can do it by sports teams, it will be by clans... get the point?

                  If by 'point' you mean that joining with a group of like-minded people in support of common goals can only be because people just need some other to 'hate' and 'oppress', then yeah, I get it. I don't buy it for a second, but I get it.

                  Here is a hint... being a part of a group means you are NOT working together to achieve a common goal, you are in fact just working to achieve the leader's goal.

                  You must have been a riot to be around during school team/group activities.

                  Here's a hint in return: Just because you're a member of a group doesn't mean you're a mindless drone, or have no impact on the group.

                  You sir are saying, lets do this again... maybe it will be different next time. Good Luck... you are going to fail!

                  Not at all(nice strawman though), I'm saying that your solution is rubbish and you still haven't answered my question as to what someone should do when they don't live in the perfect universe you apparently do, where there is always a perfect candidate or at least a random third person to spitefully pick just to stick it to the two big ones.

                  reply to this | link to this | view in chronology ]

                  • identicon
                    Chip, 30 Apr 2018 @ 12:57pm

                    Jokes on You: I never "Went" to School!

                    Every Nation eats the Paint chips it Sesderves!

                    reply to this | link to this | view in chronology ]

                  • identicon
                    Anonymous Coward, 30 Apr 2018 @ 1:10pm

                    Re: Re: Re: Re: Re: Re: Re: Re: "I don't get it, why don't they trust us?"

                    "Here's a hint in return: Just because you're a member of a group doesn't mean you're a mindless drone, or have no impact on the group."

                    Where did I say you needed to be a mindless drone? It does not matter if you are mindful or mindless... as long as your effort contributes to the group then you are going to be okay. I am just saying that you have given up your individualism.

                    If you are a group, you are not an individual. Do not be surprised when people treat you just exactly as you treat yourself as a homogeneous person whose identity if that of the group... not of their self.

                    Can't have your cake and eat it too, no matter how much you need to delude yourself. Groups have been fighting for eons throughout world history. Maybe you should stop creating them? It only creates trouble, but like I said earlier... trouble is something people want, so they can oppress people with it.

                    reply to this | link to this | view in chronology ]

                  • identicon
                    Anonymous Coward, 30 Apr 2018 @ 1:20pm

                    Re: Re: Re: Re: Re: Re: Re: Re: "I don't get it, why don't they trust us?"

                    What is the real difference between a "political group" and a "cult"?

                    People "think" the cult is crazy, but not he people in the cult.

                    Same to be said of those in political groups. They think everyone else but them are the crazy ones!

                    reply to this | link to this | view in chronology ]

              • icon
                Anonymous Anonymous Coward (profile), 30 Apr 2018 @ 3:07pm

                Re: Re: Re: Re: Re: Re: "I don't get it, why don't they trust us?"

                Parties are not necessarily inevitable. Like minded people may band together, but the concept of political parties stand for something has already been quashed, the parties have reversed themselves, more than once. Lincoln was a republican, then. Today he might be a democrat, or maybe an independent. The label is the problem, it doesn't define a platform. It defines, as you point out, what the leaders want, at the time expressed.

                This is why I have and will continue to express a desire to remove the concept of political parties, as well as platform from the parties/candidates. There should be a pre-election debate where the people define what the platform for the upcoming election will be, via a debate via the Internets, and maybe an actual pre-election election. Months, maybe a year or more in advance. The people propose platform issues, and then decide on, say the top ten, or twenty. Then the candidates get to put their positions with regard to that platform agenda on the table, creating an electoral platform agenda. The populace gets to decide which candidates meet their requirements on the majority of positions on the electoral platform. There should also be some ability to hold elected officials to their campaign rhetoric. Don't stand up to what you said in your campaign...lose power, exponentially until one is, oh how do we say it, un-elected. Maybe votes of confidence in political leaders would be a good idea. It exists in some parliamentary processes, but it might make us as unstable as some other countries are. Not that we are stable now.

                The whole idea of platform created by political parties is what I think a number of the Founders found abhorrent to the idea of political parties. They made a mistake in allowing them. Would things be different now without political parties from the beginning? Most certainly. Would the be better? I am not sure, as the allure of power is powerful, and I think there would be a way to get corrupted even with this control.

                reply to this | link to this | view in chronology ]

                • identicon
                  Thad, 1 May 2018 @ 12:29pm

                  Re: tl;dr

                  The whole idea of platform created by political parties is what I think a number of the Founders found abhorrent to the idea of political parties. They made a mistake in allowing them.

                  While I'm no fan of the party system, banning political parties would be inconsistent with the First Amendment's guarantee of free association. Do you really think we'd be better off without that?

                  reply to this | link to this | view in chronology ]

            • identicon
              Anonymous Coward, 1 May 2018 @ 5:51am

              Re: Re: Re: Re: Re: "I don't get it, why don't they trust us?"

              I will try to keep it simple.

              After reading your previous statement, I would expect nothing else.

              reply to this | link to this | view in chronology ]

  • identicon
    Darkhog, 30 Apr 2018 @ 9:50am

    You wanna know what NSA stands for?

    It's, quite obviously, "Nothing's Secure Anymore"

    Fuck NSA, CIA and god fuck the USA.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 30 Apr 2018 @ 9:51am

      Re: You wanna know what NSA stands for?

      Isn't it nice to see that in our pursuits to protect ourselves we are destroying ourselves instead?

      reply to this | link to this | view in chronology ]

      • identicon
        Darkhog, 30 Apr 2018 @ 9:54am

        Re: Re: You wanna know what NSA stands for?

        Yeah, the U.S. of A is long overdue for a second Civil War IMO. Maybe even breaking up it into individual states (basically like Europe).

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 30 Apr 2018 @ 10:12am

          Re: Re: Re: You wanna know what NSA stands for?

          reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 30 Apr 2018 @ 11:02am

          Re: Re: Re: You wanna know what NSA stands for?

          I don't recommend that people engage in civil insurrection, but I do remember what Thomas Jefferson said so eloquently, "The tree of liberty needs to be refreshed from time to time with the blood of tyrants and patriots."

          reply to this | link to this | view in chronology ]

          • identicon
            Anonymous Coward, 30 Apr 2018 @ 11:15am

            Re: Re: Re: Re: You wanna know what NSA stands for?

            The problem is that most violent revolutions only exchange one set of tyrants for another set, while creating deep divisions within society. Much better, but slower is for decent leaders to to show people how they can make things better.

            reply to this | link to this | view in chronology ]

            • identicon
              Anonymous Coward, 30 Apr 2018 @ 11:33am

              Re: Re: Re: Re: Re: You wanna know what NSA stands for?

              No one like decent leaders... they only want leaders that cater to their agenda's.

              The best leader you will have is the one that tells you to solve your own problems and the proceeds to get the hell out of your way, but everyone hates those guys because they are heartless and all that.

              The worst leaders are the ones that tells you to solve your own problems and proceeds to get all in your way.

              The middle of the ground leaders help produce the worst leaders in the future by promising people things until they get enough power to finally tell them we never cared in the first place. The ride making you think they cared along the way was fun!

              reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 30 Apr 2018 @ 9:50am

    if people don't trust them, it's because they've demonstrated it would be foolish to do so

    The problem is that we do trust them: we know exactly what to expect from them and their algorithms.

    reply to this | link to this | view in chronology ]

    • icon
      That One Guy (profile), 30 Apr 2018 @ 10:07am

      Different definitions of 'trust'

      That's fair, though 'we can trust them to act in what they perceive to be their own best interests, no matter what it does to everyone around them' is usually not what people mean when they say someone is 'trustworthy.'

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 30 Apr 2018 @ 9:58am

    So what remedies has the NSA proposed for the age old problem of people going dark? I mean at one time it was foot work that solved policing issues.

    When people die, they go dark. They can no longer give info and that is some pretty strong defenses that doesn't get broken into. I mean it's been around far longer than encryption.

    reply to this | link to this | view in chronology ]

  • identicon
    bob, 30 Apr 2018 @ 10:09am

    was it all just an act?

    *puts on aluminum foil hat*

    Maybe the currently adopted standards are compromised and speck and simon actually are safe. The NSA knows people won't trust them so they try to be aggressive so no-one will believe that Simon and speck is safe. Then when everyone adopts the new IOT standards the NSA can stay safe using Simon and speck while having easy access to all the other IOT devices that people think are safe.

    No proof of anything but it's possible the NSA is pulling a double fakeout on all of us.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 30 Apr 2018 @ 11:33am

      Re: was it all just an act?

      **Bold** *puts on aluminum foil hat*

      Do you realize that an aluminum foil hat forms a resonant cavity, and the resonant frequency of that cavity falls into a frequency range allocated to the US government?

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 30 Apr 2018 @ 11:36am

        Re: Re: was it all just an act?

        Yes... every awesome that people think something I used as a child to improve television reception could be worn to block out signals from the mothership...

        reply to this | link to this | view in chronology ]

        • identicon
          Anonymous Coward, 30 Apr 2018 @ 1:01pm

          Re: Re: Re: was it all just an act?

          I have come here to chew bubblegum and kick ass... and I'm all out of bubblegum.

          reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 30 Apr 2018 @ 10:59am

    Good job NSA!

    The practices and methods of an agency based around secrecy and "security" became so well known that they can no longer use secrecy to sabotage security... it is irony at its finest.

    What is next NSA? Will you teach your employees how to shoot themselves in the foot?
    Do training in not revealing information when captured by the enemy, but using live cyanide capsules to make it more "real"?
    Juggle chainsaws?

    reply to this | link to this | view in chronology ]

  • icon
    Uriel-238 (profile), 30 Apr 2018 @ 11:48am

    Yeah, they made this bed.

    They get to lie in it. My sympathy knows bounds.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 30 Apr 2018 @ 1:02pm

    Technical discussion

    linux-arm-kernel mailing list thread: [PATCH v2 0/5] crypto: Speck support

    As the WikiTribune article points out:

    The subject of ISO/IEC 29192, published in 2012, is lightweight cryptography. In Part 2 of it, prepared by the ISO/IEC JTC 1/SC 27 WG2 (Cryptography and security mechanisms), there are already specified two lightweight ciphers, Present and Clefia.

    Wikipedia: PRESENT · CLEFIA

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Special Affiliate Offer
Anonymous number for texting and calling from Hushed. $25 lifetime membership, use code TECHDIRT25
Report this ad  |  Hide Techdirt ads
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.