The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 13 Issue 61

Wednesday 1 July 1992

Contents

o Houston Chronicle Crypto Article
Joe Abernathy
o The NSA Papers
Joe Abernathy
o Info on RISKS (comp.risks)

The NSA Papers

Joe Abernathy <Joe.Abernathy@houston.chron.com>
Wed, 24 Jun 92 18:10:02 CDT
  The following is the written response to my request for an interview with
the NSA. To the best of my knowledge, and according to their claims, it
is the government's first complete answer to the many questions and allegations
that have been made in regards to the matter of cryptography.
   I would like to invite reaction from any qualified readers who care to
address any of the issues raised herein. Please mail to edtjda@chron.com (713)
220-6845.

   NATIONAL SECURITY AGENCY
   CENTRAL SECURITY SERVICE
   Serial: Q43-11-92 9

10 June 1992
Mr. Joe Abernathy
Houston Chronicle
P.O. Box 4260
Houston, TX 77210

 Dear Mr. Abernathy:

   Thank you for your inquiry of 3 June 1992 on the subject of cryptography.
Attached please find answers to the questions that you provided our Agency. If
any further assistance is needed, please feel free to contact me or Mr. Jerry
Volker of my staff on (xxx) xxx-xxxx.

   Sincerely,

   MICHAEL S.CONN
   Chief, Information Policy

ENCL:

   1. Has the NSA ever imposed or attempted to impose a weakness on any
cryptographic code to see if it can thus be broken?

   One of NSA's missions is to provide the means for protecting U.S. government
and military communications and information systems related to national
security.  In fulfilling this mission we design cryptologic codes based on an
exhaustive evaluation process to ensure to the maximum extent possible that
information systems security products that we endorse are free from any
weaknesses. Were we to intentionally impose weaknesses on cryptologic codes for
use by the U.S. government, we would not be fulfilling our mission to provide
the means to protect sensitive U.S. government and military communications and
our professional integrity would be at risk.

   2. Has the NSA ever imposed or attempted to impose a weakness on the DES or
DSS?

   Regarding the Data Encryption Standard (DES), we believe that the public
record from the Senate Committee for Intelligence's investigation in 1978 into
NSA's role in the development of the DES is responsive to your question. That
committee report indicated that NSA did not tamper with the design of the
algorithm in any way and that the security afforded by the DES was more than
adequate for at least a 5-10 year time span for the unclassified data for which
it was intended. In short, NSA did not impose or attempt to impose any weakness
on the DES.

   Regarding the draft Digital Signature Standard (DSS), NSA never imposed any
weakness or attempted to impose any weakness on the DSS.

    3. Is the NSA aware of any weaknesses in the DES or the DSS? The RSA?

   We are unaware of any weaknesses in the DES or the DSS when properly
implemented and used for the purposes for which they both are designed.  We do
not comment on nongovernment systems.

   Regarding the alleged trapdoor in the DSS. We find the term trapdoor
somewhat misleading since it implies that the messages sent by the DSS are
encrypted and with access via a trapdoor one could somehow decrypt (read) the
message without the sender's knowledge.  The DSS does not encrypt any data. The
real issue is whether the DSS is susceptible to someone forging a signature and
therefore discrediting the entire system. We state categorically that the
chances of anyone - including NSA - forging a signature with the DSS when it is
properly used and implemented is infinitesimally small.

   Furthermore, the alleged trapdoor vulnerability is true for ANY public
key-based authentication system, including RSA. To imply somehow that this only
affects the DSS (a popular argument in the press) is totally misleading. The
issue is one of implementation and how one goes about selecting prime numbers.
We call your attention to a recent EUROCRYPT conference which had a panel
discussion on the issue of trapdoors in the DSS. Included on the panel was one
of the Bellcore researchers who initially raised the trapdoor allegation, and
our understanding is that the panel -- including the person from Bellcore --
concluded that the alleged trapdoor was not an issue for the DSS. Furthermore,
the general consensus appeared to be that the trapdoor issue was trivial and
had been overblown in the press.  However, to try to respond to the trapdoor
allegation, at NIST's request, we have designed a prime generation process
which will ensure that one can avoid selection of the relatively few weak
primes which could lead to weakness in using the DSS.  Additionally, NIST
intends to allow for larger modulus sizes up to 1024 which effectively negates
the need to even use the prime generation process to avoid weak primes. An
additional very important point that is often overlooked is that with the DSS
the primes are PUBLIC and therefore can be subject to public examination. Not
all public key systems provide for this same type of examination.

   The integrity of any information security system requires attention to
proper implementation. With the myriad of vulnerabilities possible given the
differences among users, NSA has traditionally insisted on centralized trusted
centers as a way to minimize risk to the system.  While we have designed
technical modifications to the DSS to meet NIST's requests for a more
decentralized approach, we still would emphasize that portion of the Federal
Register notice for the DSS which states: While it is the intent of this
standard to specify general security requirements for generating digital
signatures, conformance to this standard does not assure that a particular
implementation is secure. The responsible authority in each agency or
department shall assure that an overall implementation provides an acceptable
level of security. NIST will be working with government users to ensure
appropriate implementations.

   Finally, we have read all the arguments purporting insecurities with the
DSS, and we remain unconvinced of their validity. The DSS has been subjected to
intense evaluation within NSA which led to its being endorsed by our Director
of Information Systems Security for use in signing unclassified data processed
in certain intelligence systems and even for signing classified data in
selected systems. We believe that this approval speaks to the lack of any
credible attack on the integrity provided by the DSS given proper use and
implementation. Based on the technical and security requirements of the U.S.
government for digital signatures, we believe the DSS is the best choice. In
fact, the DSS is being used in a pilot project for the Defense Message System
to assure the authenticity of electronic messages of vital command and control
information.  This initial demonstration includes participation from the Joint
Chiefs of Staff, the military services, and Defense Agencies and is being done
in cooperation with NIST.

      4. Has the NSA ever taken advantage of any weaknesses in the DES or the
DSS?

   We are unaware of any weaknesses in the DSS or in the DES when properly
implemented and used for the purposes for which they both are designed.

 5. Did the NSA play a role in designing the DSS? Why, in the NSA's analysis,
was it seen as desirable to create the DSS when the apparently more robust RSA
already stood as a de facto standard?

   Under the Computer Security Act of 1987, NIST is to draw upon computer
systems technical security guidelines of NSA where appropriate and to
coordinate closely with other agencies, including NSA, to assure:

   a. maximum use of all existing and planned programs, materials, and reports
relating to computer systems security and privacy, in order to avoid
unnecessary and costly duplication of effort; and

   b. that standards developed by NIST are consistent and compatible with
standards and procedures developed for the protection of classified systems.

   Consistent with that law and based on a subsequent Memorandum of
Understanding (MOU) between NSA and NIST, NSA's role is to be responsive to
NIST's requests for assistance in developing, evaluating, or researching
cryptographic algorithms and techniques. (See note at end). In 19??, NIST
requested that NSA evaluate candidate algorithms proposed by NIST for a digital
signature standard and that NSA provide new algorithms when existing algorithms
did not meet U.S. government requirements. In the two-year process of
developing a digital signature for U.S. government use, NIST and NSA examined
various publicly-known algorithms and their variants, including RSA. A number
of techniques were deemed to provide appropriate protection for Federal
systems. The one selected by NIST as the draft Digital Signature Standard was
determined to be the most suitable for reasons that were set forth in the
Federal Register announcement. One such reason was to avoid issuance of a DSS
that would result in users outside the government having to pay royalties. Even
though the DSS is targeted for government use, eliminating potential barriers
for commercial applications is useful to achieve economies of scale.
Additionally, there are features of the DSS which make it more attractive for
Federal systems that need to have a digital signature capability for large
numbers of users. Chief among them are the number of trusted operation points
and system management overhead that are minimized with the NIST proposed
technique.

 6. What national interests are served by limiting the power of cryptographic
schemes used by the public?

   We call your attention to the House Judiciary committee hearing of 29 April
1992. The Director of the FBI expressed his concerns that law enforcement
interests in meeting responsibilities given to them by Congress could be
affected unless they had access to communications, as was given to them by
statute in 1968 (court monitored, court sponsored, court reviewed and subject
to Congressional oversight).

   The National Security Agency has no role in limiting the power of
cryptographic schemes used by the public within the U.S. We have always been in
favor of the use of information security technologies by U.S. businesses to
protect their proprietary information, and when we had an information security
role with private industry (prior to the Computer Security Act of 1987), we
actively advocated use of such technologies.

    7. What national interests are served by limiting the export of
cryptographic technology?

   Cryptographic technology is deemed vital to national security interests.
This includes economic, military, and foreign policy interests.

   We do not agree with the implications from the House Judiciary Committee
hearing of 7 May 1992 and recent news articles that allege that U.S. export
laws prevent U.S. firms' manufacture and use of top encryption equipment. We
are unaware of any case where a U.S. firm has been prevented from manufacturing
and using encryption equipment within this country or for use by the U.S. firm
or its subsidiaries in locations outside the U.S. because of U.S. export
restrictions.  In fact, NSA has always supported the use of encryption by U.S.
businesses operating domestically and overseas to protect sensitive
information.

   For export to foreign countries, NSA as a component of the Department of
Defense (along with the Department of State and the Department of Commerce)
reviews export licenses for information security technologies controlled by the
Export Administration Regulations or the international Traffic in Arms
Regulations. Similar export control systems are in effect in all the
Coordinating Committee for Multilateral Export Controls (CoCom) countries as
well as many non-CoCom countries as these technologies are universally
considered as sensitive. Such technologies are not banned from export and are
reviewed on a case-by-case basis. As part of the export review process,
licenses may be required for these systems and are reviewed to determine the
effect such export could have on national security interests - including
economic, military, and political security interests. Export licenses are
approved or denied based upon the type of equipment involved, the proposed
end-use and the end-user.

   Our analysis indicates that the U.S. leads the world in the manufacture and
export of information security technologies. Of those cryptologic products
referred to NSA by the Department of State for export licenses, we consistently
approve over 90%. Export licenses for information security products under the
jurisdiction of the Department of Commerce are processed and approved without
referral to NSA or DoD. This includes products using such techniques as the DSS
and RSA which provide authentication and access control to computers or
networks. In fact, in the past NSA has played a major role in successfully
advocating the relaxation of export controls on RSA and related technologies
for authentication purposes. Such techniques are extremely valuable against the
hacker problem and unauthorized use of resources.

      8. What national interests are at risk, if any, if secure cryptography is
widely available?

   Secure cryptography widely available outside the United States clearly has
an impact on national security interests including economic, military, and
political.

   Secure cryptography within the United States may impact law enforcement
interests.

    9. What does the NSA see as its legitimate interests in the area of
cryptography?  Public cryptography?

   Clearly one of our interests is to protect U.S. government and military
communications and information systems related to national security. As part of
that mission, we stay abreast of activities in public cryptography.

   10. How did NSA enter into negotiations with the Software Publishers
Association regarding the export of products utilizing cryptographic
techniques? How was this group chosen, and to what purpose? What statute or
elected representative authorized the NSA to engage in the discussions?

   The Software Publishers Association (SPA) went to the National Security
Advisor to the President to seek help from the Administration to bring
predictability, clarity, and speed to the process for exporting mass market
software with encryption. The National Security Advisor directed NSA to work
with the mass market software representatives on their request.

 ii. What is the status of these negotiations?

   These negotiations are ongoing.

 12. What is the status of export controls on products using cryptographic
techniques? How would you respond to those who point to the fact that the
export of RSA from the U.S. is controlled, but that its import into the U.S. is
not?

   To the best of our knowledge, most countries who manufacture cryptographic
products regulate the export of such products from their countries by
procedures similar to those existing within the U.S. Some even control the
import into their countries. The U.S. complies with the guidelines established
by CoCom for these products.

   Regarding the export of RSA from the U.S., we are unaware of any
restrictions that have been placed on the export of RSA for authentication
purposes.

13. What issues would you like to discuss that I have not addressed?

   None.

 14. What question or questions would you like to pose of your critics?

   None.

 NOTE: To clarify misunderstandings regarding this Memorandum of Understanding
(MOU); this MOU does not provide NSA any veto power over NIST proposals.  As
was discussed publicly in 1989, the MOU provides that if there is an issue that
can not be resolved between the two agencies, then such an issue may be
referred to the President for resolution. Enclosed please find a copy of
subject MOU which has been made freely available in the past by both NSA and
NIST to all requestors. At the House Judiciary Committee hearings on 7 May
1992, the Director of NIST responded that he had never referred an issue to the
White House since his assumption of Directorship in 1990.

   MEMORANDUM OF UNDERSTANDING

   BETWEEN

   THE DIRECTOR OF THE NATIONAL INSTITUTE OF STANDARDS
AND TECHNOLOGY

   AND

   THE DIRECTOR OF THE NATIONAL SECURITY AGENCY

   CONCERNING

   THE IMPLEMENTATION OF PUBLIC LAW 100-235 Recognizing that:

   A. Under Section 2 of the Computer Security Act of 1987 (Public Law
100-235), (the Act), the National Institute of Standards and Technology (NIST)
has the responsibility within the Federal Government for:

   1. Developing technical, management, physical, and administrative standards
and guidelines for the cost-effective security ad privacy of sensitive
information in Federal computer systems as defined in the Act; and,

   2. Drawing on the computer system technical security guidelines of the
National Security Agency (NSA) in tis regard where appropriate.

   B. Under Section 3 of the Act, the NIST is to coordinate closely with other
agencies and offices, including the NSA, to assure:

   1. Maximum use of all existing and planned programs, materials, studies, and
reports relating to computer systems security and privacy, in order to avoid
unnecessary and costly duplication of effort; and, - 2. To the maximum extent
feasible, that standards developed by the NIST under the Act are consistent and
compatible with standards and procedures developed for the protection of
classified information in Federal computer systems.

   C. Under the Act, the Secretary of Commerce has the responsibility, which he
has delegated to the Director of NIST, for appointing the members of the
Computer System Security and Privacy Advisory Board, at least one of whom shall
be from the NSA. Therefore, in furtherance of the purposes of this MOU, the
Director of the NIST and the Director of the NSA hereby agree as follows:

   The NIST will:

   1. Appoint to the Computer Security and Privacy Advisory Board at least one
representative nominated by the Director of the NSA.

   2. Draw upon computer system technical security guidelines developed -by the
NSA to the extent that the NIST determines that such guidelines are consistent
with the requirements tor protecting sensitive information in Federal computer
systems.

   3. Recognize the NSA-certified rating of evaluated trusted systems under the
Trusted Computer Security Evaluation Criteria Program without requiring
additional evaluation.

   4. Develop telecommunications security standards for protecting sensitive
unclassified computer data, drawing upon the expertise and products of the
National Security Agency, to the ratest extent possible, in meeting these
responsibilities in a timely and cost effective manner

   5. Avoid duplication where possible in entering into mutually agreeable
arrangements with NSA for NSA support.

   6. Request the NSA's assistance on all matters related to cryptographic
algorithms and cryptographic techniques including but not limited to research,
development valuation, or endorsement.


   II. The NSA will:

   1. Provide the NIST with technical guidelines in trusted technology,
telecommunications security, and personal -identification that may be used in
cost-effective systems for protecting sensitive computer data.

   2. Conduct or initiate research and development programs in trusted
technology, telecommunications security, cryptographic techniques and personal
identification methods.

   3. Be responsive to the NIST's requests for assistance in respect to all
matters related to cryptographic algorithms and cryptographic techniques
including but not limited to research, development, evaluation, or endorsement.

   4. Establish the standards and endorse products for application to secure
systems covered in 10 USC Section 2315 (the Warner Amendment).

   5 Upon request by Federal agencies, their contractors and other
government-sponsored entities, conduct assessments of the hostile intelligence
threat to Federal information systems, and provide technical assistance and
recommend endorsed products for application to secure systems against that
threat.

   III. The NIST and the NSA shall:

   1. Jointly review agency plans for the security and privacy of computer
systems submitted to NIST and NSA pursuant to section 6(b) of the Act.

   2. Exchange technical standards and guidelines as necessary to achieve the
purposes of the Act.

   3. Work together to achieve the purposes of this memorandum with the
greatest efficiency possible, avoiding unnecessary duplication of effort.

   4. Maintain an ongoing, open dialogue to ensure that each organization
remains abreast of emerging technologies and issues effecting automated
information system security in computer-based systems.

   5. Establish a Technical Working Group to review and analyze issues of
mutual interest pertinent to protection of systems that process sensitive or
other unclassified-information.  The Group shall be composed of six Federal
employees, three each selected by NIST and NSA and to be augmented as necessary
by representatives of other agencies. Issues may be referred to the group by
either the NSA Deputy Director for Information Security or the NIST Deputy
Director or may be generated -and addressed by the group upon approval by the
NSA DDI or NIST Deputy Director.  Within days of the referral of an issue to
the Group by either the NSA Deputy Director for Information Security or the
NIST Deputy Director, the Group will respond with a progress report and plan
for further analysis, if any.

   6. Exchange work plans on an annual basis on all research and development
projects pertinent to protection of systems that process sensitive or other
unclassified information, including trusted technology, technology for
protecting the integrity and availability of data, telecommunications security
and personal identification methods. Project updates will be exchanged
quarterly, and project reviews will be provided by either party upon request of
the other party.

   7. Ensure the Technical Working Group reviews prior to public disclosure all
matters regarding technical-systems security techniques to be developed for use
in protecting sensitive information in Federal computer systems to ensure they
are consistent with the national security of the United States. If NIST and NSA
are unable to resolve such an issue within 60 days, either agency may elect to
raise the issue to the Secretary of Defense and the Secretary of Commerce.  It
is recognized that such an issue may be referred to the President through the
NSC for resolution. No action shall be taken on such an issue until it is
resolved.

   8. Specify additional operational agreements in annexes to this MOU as they.
are agreed to by NSA and NIST.

   IV. Either party may elect to terminate this MOU upon six months written
notice. This MOU is effective upon approval of both signatories.

   RAYMOND G. KAMMER                       W. O. STUDEMAN
   Acting Director,                        Vice Admiral U.S. Navy,
   National Institute of                   Director, National Security Agency
   Standards and Technology

[If any garbles remain, they are due either to the scanning process or to PGN
trying to fix the originally very buggy scanned version.  PGN]

Please report problems with the web pages to the maintainer

Top