Back doors, complexity and the death of RSA?

Thanks to Financial Cryptography for a reference to Adi Shamirs work on ways of cracking RSA by a bug attack – using a deliberate or accidental bug in the PC processing chip itself.

If this is true, “ANY key in ANY RSA-based security program running on ANY one of the millions of PCs that contain this microprocessor can be trivially broken with a single chosen message. A similar attack can be applied to …..almost all the presently deployed public key schemes will become vulnerable to such an attack. ” (I should add theres been some scepticism about these claims.)

FC says that chips are “mostly all created in American design studios, and we know that the chip manufacturers work closely with US intelligence agencies for special instructions, special spaces inside the chip, and no doubt other things.” I looked up some of the history – eg the Clipper chip, intended to provide commerical security, but with a backdoor built in, and allegations that Microsoft built an NSA back door into Windows.

Also makes me think of the recent controversy involving Dan Egerstads hack of Tor. The Sydney Morning Herald speculates that: “While theres no direct evidence, its possible Egerstads actions shut down an active intelligence-gathering exercise. Wired.com journalist Kim Zetter blogged the claims of an Indian Express reporter that he was able to access the email account for the Indian ambassador in China and download a transcript of a meeting between the Chinese foreign minister and an Indian official. In addition to hackers using Tor to hide their origins, its plausible that intelligence services had set up rogue exit nodes to sniff data from the Tor network.”

“Egerstad is circumspect about the possible subversion of Tor by intelligence agencies. “If you actually look in to where these Tor nodes are hosted and how big they are, some of these nodes cost thousands of dollars each month just to host because theyre using lots of bandwidth, theyre heavy-duty servers and so on,” Egerstad says. “Who would pay for this and be anonymous?”” (I suspect that most of them are police services looking for child porn site users, but Im sure they pass interesting results on to their friends in government.)

For his pains, Egerstad was arrested, though there was no suggestion he had tried to profit from exposing this problem in Tor. Ironically, Tor was originally “developed by the US Navy to allow personnel to conceal their locations from websites and online services they would access while overseas.” Im sure they didnt develop it as a Trojan Horse, but they certainly understand how it works.

Heres a James Bond scenario for you. A powerful Western government identifies a state linked to its Universal Adversary. This state uses simulation software to manage its economy and train its military. The Western government accesses that software, firstly just to see what assumptions are being made and what questions are being asked. But then it realises that it can re-write the software to give the wrong results. So the UAs tanks come out onto the battlefield, or the UA cuts its interest rates, and the results are a disaster. Life just doesnt go the way it was simulated.

Wouldnt happen? Well, thnk of the cyber-attack on Estonia, conducted by Russians. Note that the Iranians were the only government to take an interest in Egerstads research, apart from the Swedes, who arrested him. Note also US suspicions of China.

“The PLA is investing in electronic countermeasures, defenses against electronic attack (e.g., electronic and infrared decoys, angle reflectors, and false target generators), and computer network operations (CNO). China’s CNO concepts include computer network attack, computer network defense, and computer network exploitation. The PLA sees CNO as critical to achieving “electromagnetic dominance” early in a conflict. Although there is no evidence of a formal Chinese CNO doctrine, PLA theorists have coined the term “Integrated Network Electronic Warfare” to prescribe the use of electronic warfare, CNO, and kinetic strikes to disrupt battlefi eld network information systems. The PLA has established information warfare units to develop viruses to attack enemy computer systems and networks, and tactics and measures to protect friendly computer systems and networks. In 2005, the PLA began to incorporate offensive CNO into its exercises, primarily in fi rst strikes against enemy networks.”

Maybe it might work the other way round: the Universal Adversary might be hacking US simulations?

Im not saying that simulations are to be avoided. But anyone who has ever developed even a small intelligent website knows how the programme rapidly becomes so complex that you cant remember it all, or say off-hand how each part relates to the others. We live in an age of staggering complexity and the systems we rely on become more complex with each passing day. Egerstad and Shamir have both suggested that some of the things we take for granted arent as safe as we thought.

Leave a Reply

Your email address will not be published. Required fields are marked *