12 January 2012
FBI OpenBSD Backdoors and RSA Cipher Vulnerability
Previous:
http://cryptome.org/0003/fbi-backdoors.htm
From: Gregory Perry <Gregory.Perry[at]govirtual.tv>
Subject: Follow up to OpenBSD Crypto Framework Backdoors Thread
Date: Thu, 12 Jan 2012 01:57:39 +0000
Here is a follow up to the FBI / OpenBSD / OCF encryption backdoors thread
as promised. We had a three alarm fire at our house over the Christmas
holidays and I am just now getting plugged back in.
1) At ~1997 or thereabouts, the FBI approached a fellow by the name of Lew
Jenkins, the Chairman and CEO of Premenos Technology Corp., about their
development of an Electronic Data Interchange (EDI) software suite used for
corp-to-corp EDI transactions called "Templar".
2) At that point in time encryption technology (especially public key encryption
algorithms) were still considered munitions by the United States government,
and presumably the FBI was interested in Premenos research related to key
escrow and session recovery of RSA-encrypted communication sessions.
3) A portion of Mr. Jenkins' research was conducted with a Ecuadorian national
that provided Premenos with at least one mathematical vulnerability in the
RSA encryption algorithm related to changing the base numbering system of
the resulting RSA modulus after a block of plaintext had been encrypted.
Mr. Jenkins and Premenos also maintained extensive contacts with the Crown
of England, including prominent English Lords involved with Internet
communications technology.
4) One of the investors in Premenos was a fellow by the name of Ross Pirasteh,
who was either the Prime Minister of Finance for the Shah of Iran or actually
the Shah of Iran himself. As the story goes, Ross and his family were
snuck out of Iran rolled up in Persian rugs just prior to or during the 1979
revolution headed by Ayatollah Ruhollah Khomeini; once Ross and his family
emigrated to the United States, the FBI gave him and his family new identities
for obvious reasons. I initially met Ross in the early 90s from a GPS-based
automobile tracking project (nonmilitary-grade GPS), and in 1995 I gave him
some information about Templar and he became an investor in Premenos shortly
thereafter.
5) In 1999 I co-founded a computer security engineering firm with Ken Ammon
and Jerry Harold, Network Security Technologies Inc. (NETSEC). Ken
was the CEO, Jerry was the COO, I was the CTO. Ken and Jerry were high
rank and file ex-NSA InfoSec employees and had extensive contacts in the
DoD and federal government; we offered managed network security, penetration
testing, vulnerability analysis, and reverse engineering services to the
federal government and private sector.
6) NETSEC's first investor was Ross Pirasteh, he provided a bridge loan to
get the company started. The first friends family fools round of Preferred
A investment was via a Boca Raton angel syndicate that I believe Ross had
introduced to Ken and his wife, but I was not privy to those details.
7) Our first intended product was an ATM-based high speed embedded network
security appliance that was to be placed on customer networks for remote
network protocol analysis, surveillance, and intrusion detection and
prevention. Each hardware appliance would be monitored from a
cryptographically accelerated encrypted VPN tunnel from the NETSEC NOC, and
I designed the initial NOC prototype and network management system.
For the embedded hardware appliance development and contract manufacturing
process, I hired Doug Bostrom and Wayne Mitzen, two very talented EE-types
that had worked for Ross at a previous venture in Boston related to wireless
telemetry (for example, U.S. Patent
6,208,266).
8) During that development effort I approached Theo de Raadt of the OpenBSD
project about funding and implementing real-time preemptive POSIX-complaint
threads capability to the OpenBSD operating system, instead of using a VxWorks
RTOS due to Wind River's exorbitant licensing costs (OpenBSD and the BSD
license were free and unencumbered of patents). NETSEC provided the
OpenBSD Project with hardware and funding to implement the beginning stages
of the OpenBSD Cryptographic Framework, based on a HiFN line of cryptographic
accelerators that were eventually worked into the OpenBSD kernel and OCF
(our first choice was BroadCom, but Ken had connections at HiFN so that was
the initial chipset used with the OCF). x86-based hardware in the late
90s simply could not handle the computational effort required for high speed
FIPS 140-1 and FIPS 140-2 compliant DES and 3DES encryption, so a dedicated
crypto processor was needed to support ATM+ wire speeds.
9) Shortly thereafter, NETSEC started a project with the GSA called the GSA
Technical Support Center . The GSA Technical Support Center was a joint
FBI and DoD collaboration to provide reverse engineering and cryptanalytic
services to federal government and military components. The project
lead was FBI executive Ron Bitner (or at least that's the name he gave me),
and the GSA representative tasked with funding the project was Dave
Jarrell. When I started working on the project I voiced concerns to
Ken about the demarcation point between the FBI and DoD (or lack thereof),
which at the time was a fairly egregious violation of the Posse Comitatus
Act. Ken's answer was that Multi Level Security (MLS) systems such
as Trusted Solaris would be used to share information of varying classification
levels between the FBI and DoD to preserve the age old separation between
the military and civil government, but I saw the proverbial writing on the
wall and didn't want to participate in the project any longer.
10) Later in the year I resigned my position at NETSEC during a company-wide
meeting, and went on to start an embedded wireless bandwidth management
company. I had a two year non-compete with NETSEC so I couldn't work
in security any longer at that time.
Obviously there is a lot more to this story than a one page synopsis, but
I think what is important to make mention of is the close nexus between
supposedly unfriendly governments such as Iran and the US. In 1995
the FBI was adamantly against any relaxation of encryption export regulations,
yet they did an abrupt about-face on the issue in 1999 (for example,
http://www.nytimes.com/1999/10/11/business/technology-easing-on-software-exports-has-limits.html
?scp=1&sq=Gregory%20Perry%20encryption&st=cse).
I personally believe that the FBI, or at least certain officials within the
administration at that time, willingly advocated the relaxation of encryption
export regulations only due to their discovery of critical vulnerabilities
and weaknesses in the RSA encryption algorithm not exhibited by the predominant
public key encryption method used at the time which was Diffie-Hellman.
Of equal interest was RSA Security's decision to not pursue an extension
of the RSA patent after its 20-year expiration, which they could have easily
obtained on national security grounds. They simply waived their rights
and let RSA become an open and public domain standard despite their significant
revenues in licensing of the RSA encryption algorithm in the USA based on
U.S. Patent
4,405,829.
If any of this conjecture is the case, then it could reasonably be said that
the FBI intentionally - and very seriously - weakened the United States critical
infrastructure and our military capabilities by advocating the use of a
fundamentally weak encryption algorithm as a tradeoff between US National
Security and their need to observe domestic communications in the United
States. This of course has serious implications for any technology
predicated upon the RSA encryption algorithm and its progeny, such as military
grade GPS which uses RSA for weapons targeting, military smart card technology
such as the Common Access Card, commercial smart card technologies used in
RFID and contactless payment solutions, etc. Most of these standards
are now literally set in stone insofar as embedded systems are concerned,
and the vast majority of OpenBSD / OCF installations are embedded-based without
an upgrade path due to the small footprint of OpenBSD and the BSD licensing
scheme used by the OpenBSD project. Literally millions (and potentially
hundreds of millions) of OpenBSD installations are out there in the embedded
space such as routers, firewalls, VPN devices etc, and this goes without
mentioning the many other operating systems that have incorporated the OpenBSD
OCF and PF firewalling stack without any audit of the source code based on
the security and reputation inherent to the OpenBSD Project.
Let me know if you have any other questions, and Happy 2012 to you and Cryptome.
Gregory Perry
|