Sunday, December 28, 2014

That Spiegel NSA story is activist nonsense

Yet again activists demonstrate they are less honest than the NSA. Today, Der Spiegel has released more documents about the NSA. They largely confirm that the NSA is actually doing, in real-world situations, what we'ved suspected they can do. The text of the article describing these documents, however, wildly distorts what the documents show. A specific example is a discussion of something call "TUNDRA".

It is difficult to figure out why TUNDRA is even mentioned in the story. It's cited to support some conclusion, but I'm not sure what that conclusion is. It appears the authors wanted to discuss the "conflict of interest" problem the NSA has, but had nothing new to support this, so just inserted something at random. They are exploiting the fact the average reader can't understand what's going on. In this post, I'm going to describe the context around this.

TUNDRA was a undergraduate student project, as the original document makes clear, not some super-secret government program into cryptography. The purpose of the program is to fund students and find recruits, not to create major new advances in cryptography.

It's given a code-name "TUNDRA" and the paragraph in the document is labeled "TOP SECRET". The public has the misconception that this means something important is going on. The opposite is true: the NSA puts codenames on nearly everything. Among the reasons is that by putting codenames even on trivial things, it prevents adversaries from knowing which codenames are important. The NSA routinely overclassifies things. That's why so many FOIA requests come with the "TOP SECRET" item crossed out -- you classify everything as highly as you can first, then relax the restriction later. Thus, unimportant student projects get classified codenames.

The Spiegel article correctly says that the "agency is actively looking for ways to break the very standard it recommends", and it's obvious from context that that the Spiegel is implying this is a bad thing. But it's a good thing, as part of the effort in improving encryption. You secure things by trying to break them. That's why this student project was funded by the IAD side of the NSA -- the side dedicated to improving cryptography. Most of us in the cybersecurity industry are trying to break things -- we only trust things that we've tried to break but couldn't.

The Spiegel document talks about AES, but it's not AES being attacked. Instead, it's all block ciphers in "electronic codebook" modes that are being attacked. The NSA, like all cryptographers, recommends that you don't use the basic "electronic codebook" mode, because it reveals information about the encrypted data, as the well known "ECB penguin" shows. As you can see in the image, when you encrypt a bitmap image of a penguin, you can still see it's a penguin despite the encryption. Finding appropriate modes other than "electronic codebook" is an important area of research. [***]

The NSA already has ways of attacking ECB mode, as the penguin image demonstrates. I point this out because if the NSA already has a "handful of ways" of doing something, adding one more really isn't a major new development. Thus, even if you don't understand cryptography, it should be obvious that the inclusion of TUNDRA in this story is pretty stupid.

Journalism is supposed to be different from activism. Journalists are supposed to be accurate and fair, to communicate rather than convince. The activist has the oppose goal, to convince the reader, even if that means exploiting misinformation. We see that in this Der Spiegel article, where the TUNDRA item is distorted into order to convince the reader that the NSA is doing something evil.



Update: [***] There has been some discussion on Twitter about the ECB penguin above. That's because where the document says "electronic codebook", it may not necessarily be referring to ECB mode (even though ECB stands for "electronic codebook"). That's because "codebook" is also just another name for "block cipher", the more common/modern name for encryption algorithms like AES.

Regardless, the principle still holds: it's not AES that TUNDRA attacks, but the underlying "codebook" property, whatever that refers to, whether it's "block ciphers" or "block ciphers in ECB mode". Also regardless, since it's an undergraduate project designed for recruitment, it's probably something basic (like the ECB penguin) rather than a major advancement in cryptography.



3 comments:

Anonymous said...
This comment has been removed by a blog administrator.
Anonymous said...

I'm by no means an expert on cyber-security although I follow the topic reasonably closely, so I might not have as deep an understanding as necessary, but it feels a bit like you're missing the forest for the trees. TUNDRA was a paragraph, at best, while the rest of it mentioned things that have been corroborated by other sources (including Snowden directly).

The main point of the article seems to be to have been that the NSA these days is actively working to subvert security as a matter of course (which is pretty much taken for granted) while at the same time its scientists and engineers are still contributing to existing and emerging IETF cryptography standards, which would be arguably considered a conflict of interest in any other STEM discipline ...

I'm not trying to be belligerent (my Internet voice is sometimes snotty, but I'm trying to avoid that, so hopefully that tone isn't conveyed with my comments) -- but I'm puzzled by your response, as it seems like NSA involvement in any public cryptography research or protocol design at the present time is akin to leaving the fox in charge of the hen house.

Unknown said...

# From IRC:
[coderman] i like seeing bob displaying the part of his idiocy in public
[coderman] usually he hides the idiot behind sufficient and many layers of compentence.
[coderman] but sometime, sometimes [ the rest is not fit to print ]

this means CODE BOOK is class of cipher, like block of all type, incl. AES. not just some newb shit.

but by all means, go ahead and dismiss the most technical article on compromising SSH, SSL, TLS, VPN, Tor, OTR, and other cryptographic protocols to suit your own clearly objective bias! *grin*