If you work in the computer security area, it is like drinking from the fire hose, what with the daily revelations about snooping and spying by the NSA. So much to talk, write and discuss. Comedians (and their writers) get excited when interesting politicians become newsmakers, as it makes their jobs much easier and more fun: Dan Quayle of potatoe fame; finger wagging Bubba "I did not have … woman"; nucular dubya itsy-bitsy spider when the towers were coming down; Cheney, perennially a heartbeat away from being an ex-VP, who mistook a lawyer for a quail and shot him; the luv-guv Spitzer; love-child Arnie; Anthony Weiner; John Edwards; Sarah Palin’s claim to foreign policy experience based on "I can see Russia from my house" and on and on … But there is nothing funny about the security revelations.
India, with a billion+ population, has its own version of Snoopgate but it is on a much more modest scale, that a State government tapped a female architect’s phone — yes a single person! But you got to start somewhere. As a Chinese proverb goes, "A journey of a million snoops starts with a single snoop!". But I digress …
Unfortunately, some targeted spying is required as there are bad guys out there. We can be sure that several potential attacks or threats were thwarted or nipped in the bud due to the information gathered — perhaps using unconventional methods — and scores of lives saved. There have been no attacks since Sep 11. Though, I wish that USA provided actionable intelligence to India so that the attack on Mumbai in 2008 (26/11) could have been prevented. But large scale en masse spying makes the US not much different from some authoritarian regimes, and the US will not have the moral high ground to lecture the world from its bully pulpit. It is interesting to note that Putin has not criticized the US — I assume because Russia has its own extremist problem and Putin wants to reserve the right to use any and all methods and not be hobbled by criticizing the US. As I write this, planes full of passengers with bad breath will be landing in Sochi as they would have banned the use of toothpaste!
After hearing about some of the gizmos the NSA has at its disposal, like a USB connector with radio transmitter; malware that bridges air-gapped computers; persistent backdoors in widely used routers from Cisco and Juniper; software implant in GSM SIM cards that exfiltrates info via SMS; a VGA cable that when irradiated with a 2 GHZ radio wave reflects a modulated signal that contains what is on the screen; and on and on, it is easy to be cynical and resign ourselves to a permanent loss of privacy.
This collect-everything approach including storing encrypted communication (SSL/https) means that the collector may not be able to access some of the collected data without the RSA private key. In some cases, the collector may be able to force the owner of the private key to reveal it. But if the private key is not available then the data cannot be decrypted. As brute-force decryption is not practical, perhaps a weakness or vulnerability can be exploited? These crypto algorithms depend critically on a very good source of random (or pseudo-random) numbers. Even if there is a bias it can be exploited. This is where RSA’s (a division of EMC) choice of Dual_EC_DRBG algorithm as the default random number generator baffled many security researchers — even if there was no backdoor, it was the slowest of the 4 algorithms and also wasn’t based on the well understood hashing like the others. The Dual refers to the 2 points used in elliptic curve cryptography, and there is no proof that they were chosen randomly. Then came the shocking news that RSA may have received 10 million dollars from the NSA to make it the default algorithm. Most of the time default algorithm is used as the user may not explicitly specify one. That the very company the people trusted for secure communications (infact the name RSA is derived from the first names of the crypto pioneers Rivest, Shamir, Adleman who gave us the RSA public-key crypto algorithm that is the basis of secure communications) may have knowingly provided weakened crypto has upset many and rightly so. RSA denies this. 8 or 9 speakers scheduled for the annual RSA conference later this month have canceled in protest. Perhaps EMC wants to encourage people to attend as they have scheduled Stephen Colbert to give the closing keynote.
Now, when you collect encrypted communications that you cannot decrypt, you can still store it. After some time if you get access to the private key — say the key owner has got a new RSA key and has discarded the old key — you can now decrypt the data that was stored. This won’t help if the info is time-critical but can be useful otherwise. The reason that this is possible is that the encryption keys can be derived from the private key. To prevent this, the encryption keys must not be derived from the private key. And this is what some ciphers do: they use an algorithm called Diffie-Hellman-ephemeral (DHE) to derive the encryption key. So, even if the RSA private key is compromised, the encryption keys cannot be computed or retrieved. This property is called "Perfect Forward Secrecy" or PFS. Many cloud service providers have turned on PFS and many recent browsers support PFS ciphers. Twitter enabled PFS recently. If you use Firefox you can install an extension from Calomel that will show a color-coded icon next to the URL and if you click on it will provide details including if PFS is enabled or not.
Security experts are recommending that you should put a Post-it over the camera in your laptop as compromised software can capture from your webcam and transmit even if there is no indication (UI or light).
Newer Intel chips have hardware random number generators. But freebsd developers say that they cannot trust Intel’s chip based crypto as the sole source of random numbers and so in Rel 10, they are going to make output of RDRAND (Intel chip) and Padlock (via chip) go thru Yarrow instead of directly feeding /dev/random.
Given the property that when you combine 2 entropy sources the resultant entropy cannot be lower, you won’t create a vulnerability by mixing in potentially unverified/untrusted sources of entropy.
What is the fallout from all this?
Spying on the personal communications of close allies like Germany — snooping on Chancellor Merkel’s phone calls — breeds mistrust and does lasting damage.
Was that worth $4 billion? Brazil’s President Dilma Rouseff was charmed enough by the charmer-in-chief, Joe Biden, that she had made up her mind to give Boeing a $4 billion+ fighter jet contract. She thought that the F/A-18 Super Hornet was best of the 3 jets. However, she got quite angry when she found out that Washington had spied on her personal communications. Facing flak from her own party for cozying up to Washington, she asked for an apology from Obama, and getting none, canceled her White House visit — where everyone expected that she will announce the Boeing deal — and hastily announced the winner: Sweden’s Saab Gripen fighter jet.
People all over the world use cloud infrastructure from American companies like Google, Microsoft, Facebook, Yahoo, Amazon, IBM, Dropbox etc etc. Politicians, law makers, security advisers, industrialists in those countries would naturally be concerned about the undue concentration and reliance on US based companies given that they maybe influenced by NSA and other agencies. Credibility and prestige of companies like Google, not to mention billions of dollars are at stake and this has sent alarm bells ringing. Many of these companies have published an open letter to the President and Members of Congress about reforming Government Surveillance.
Consider this irony: Everyone of any importance — including Congressmen , senators — inside the beltway used to carry a Blackberry. There was in fact an addiction to Blackberry and a saying "You cannot take my Blackberry unless you pry it from my cold dead hands!". Then the Blackberry faded away to be replaced by the iPhone: you haven’t arrived if you don’t have an iPhone. But there is an important exception: the most important and powerful man at the center of the Beltway, the President and Commander-in-chief doesn’t have an iPhone. He has a Blackberry, yes a Blackberry! Of course it is a beefed up Blackberry. Obama may use a Lincoln Town Car but it won’t be the same as the one available at your Ford dealer. You might argue that perhaps Obama prefers a Blackberry. But the answer is that Obama is not allowed to have an iPhone! In that respect Obama has something in common with my kids! I don’t know why Blackberry marketing and sales are not taking advantage of this. They could have patterned it after the visa ad "But they don’t take American Express", or Intel’s "Intel inside" campaign. How about "A picture of the White House and a caption: Blackberry inside" or how about "He is the leader of the free world, he can do whatever he wants and usually does, he can put a drone over your head if he doesn’t like you, but he cannot have an iPhone. He uses a Blackberry and so should you!".
A smart Congresswoman or Senator should have thought "If the iPhone is not secure enough for the President of USA but a Blackberry is, maybe I will just stick with my Blackberry?". Of course Apple vehemently denies that they granted access to NSA, why wouldn’t they? Yahoo’s CEO Marissa says that not giving access would have amounted to treason, a hyperbole wouldn’t you say? The definition of treason is "the crime of betraying one’s country, especially by attempting to kill or overthrow the sovereign or government."
But don’t sweat it. If you are a target (legitimate or otherwise) of someone with the resources available to a State, then all bets are off. Just don’t pick your nose in front of the laptop thinking that the webcam is off and there is a Post-it over it — Post-it is made by 3M, an American company 🙂