National Security AgencyJohn Gilmore, the creator of the human rights organization Electronic Frontier Foundation and founder of the projects, such as Cygwin, GNU Radio, Gnash, GNU tar, GNU UUCP and IPSEC- stack FreeS / WAN, has published a compilation of his observations about the possible impact of U.S. National Security Agency ( NSA ) on the development of specifications and implementations of IPSEC. His observations are based on the interviews with some of the committee members who participated in the development of standards IPSEC IETF.

As the leader of the project of free IPSEC- stack, John excludes the direct impact of the NSA on the development of FreeS / WAN, but does not exclude the impact in terms of decisions-making on integration the project developments in the Linux core. In particular, John mentions a categorical unwillingness of network subsystem maintainer to include in the core the layer packet processing for IPSEC developed in FreeS / WAN, instead of it the maintainer created its own implementation, which was incomplete and did not refer to the working mind. It is not clear whether such conduct was inspired by the NSA or due to some other reasons.

Gilmore believes that the NSA opposes the introduction of strong cryptography for mobile phones, as well as lobbying the processes for inclusion in the international standards the less strong cryptographic algorithms on the plea of strong violation of U.S. law that restricts the export of high technology.

So far, there is no standard and implementation of the protocol to encrypt point-to-point devices, which works on the mobile phones. encryption algorithms that is used in mobile networks, do not stand up to scrutiny as XOR operation on a fixed line is used for the “encryption” of the voice packets, and a weak easily breaking cipher is used for the transmission of control data.

NSA staff held key positions in the committee that developed the international standards of IPSEC. At the same time, there were cases when one of the developers of standards, which not formally worked for the NSA, but had a long term connection with the U.S. secret services, from time to time comes out with the proposals that somehow weaken the security or privacy of standards. Such proposals have been well substantiated for people who were not experts in the field of cryptography. For example, it was proposed to use one initialization vector for the session, and do not create it for each package, or proposed to implement a mode that turns off the encryption.

As a result, we have the standard IPSEC that is incredibly complicated and confusing. Experienced cryptographers have refused to carry out the analysis of the security without simplification. These suggestions were not taken into account and specifications have not been simplified. Standard has an option that used notoriously unreliable methods of encryption. It was also difficult to implement IPSEC in real systems due to changes in the maximum segment size that could not be transmitted via IPSEC- tunnel between the end points, if these points did not know anything about the IPSEC.

Fresh batch of classified documents from Edward Snowden makes it clear how the U.S. National Security Agency can bypass the crypto Internet communications.

Several published documents:

classified documentsclassified documentsclassified documents

Well-known cryptography expert Bruce Schneier has published its recommendations how to avoid NSA surveillance – NSA surveillance: A guide to staying secure

Advertisements