So I finally read the documents that were leaked about the NSAs wide scale network traffic collection, databases, and attack systems, and I must say I am very impressed but not surprised. There are many who are upset about the NSAs actions, and there are a few things that I feel the NSA should not be doing (inserting backdoors into commercial software or hardware), but for the most part I feel that the NSA is doing what any government should be doing.
There are several mentions over the internet that the NSA has broken SSL, SSH, IPsec, and PPTP. It should really be of little surprise that PPTP security was broken, it has been known for a long time that PPTP usually has glaring security flaws. IPsec has many different implementations, some of which are subject to certain vulnerabilities. There is little said about SSH in the documents, although it is interesting to see the NSA has no problems using SSH in their own systems, leading me to believe that properly configured SSH systems are still secure.
SSL is more interesting. There is a lot of mention about HTTPS and SSL, and I believe that it’s due to it’s common use across the internet that leads the NSA to focus so much on it. From the documents, it seems that to decrypt data over SSL, the NSA needs the private key of the host certificate. They also state that if the system uses Diffie-Hellman key exchange, a method of what’s call Forward Secrecy where a new key unknown to any eavesdropper is created on the spot and forgotten by both parties after the communication is finished, instead of the RSA key exchange, they still cannot decrypt it easily.
The key part is that this “vulnerability” has been known since the algorithms were put down on paper. The protection of the private key is of utmost importance. The vulnerability for data to be decrypted with the use of the standard key exchange has also been well known, and there has been much discussion of the need for “Forward Secrecy”. Diffie-Hellman is computationally expensive for both parties, and while a desktop computer making three or four Diffie-Hellman exchanges won’t have any trouble, a website responding to hundreds of thousands of requests has a much larger burden.
None of the documents mention any particular methods of retrieving the private key, but there are several methods. The one that requires no active involvement is to factor the modulus stored in the host certificate. This modulus is usually a composite of two large prime numbers (although the difficulty for the computer to verify that they are prime before using them leads some to be composites of more than two). The computing power needed to factor a modulus for 1024 bit keys may be something that the NSAs supercomputers would be capable of in a reasonable amount of time, especially if they have skilled mathematicians and programmers working on new methods and optimizations.
Getting the key through other means may still be easier. The NSA has an entire section devoted to attacking computers and networks which I do believe is wrong, and they certainly have individuals searching and documenting new vulnerabilities the NSA can exploit. Using these to retrieve private key files could be much easier than factoring. Buying the keys, begging for them, social engineering, or infiltration are certainly also possible.
Naturally, the NSA keeps a database of keys, as they are very valuable. With standard key exchanges, they allow both forward and retroactive decryption of all exchanges made using that key. It’s hard to fathom any form of intelligence organization not keeping a database of compromised private keys. The wide scale collection and decryption of internet traffic when keys are available and forward security is not used, is quite impressive,
There is also mention in many places that PGP is still secure from the NSA. This is true, in much the same way as SSL is. The problem is one of key distribution. Two parties communicating using a service secured by SSL are subject to the service’s protection of their private key. They have always on servers, available IP Addresses, and the NSA can usually find their physical locations. Compromise the server’s private key, and you can potentially decrypt all the messages to and from that server. PGP on the other hand is client to client, with the keys being stored by the end users. The availability of these end user devices to attacks of any sort is much lower, and a compromised PGP key only allows decryption of messages to that party. On the other hand, unlike Diffie-Hellman with SSL, PGP has no method of providing forward secrecy, as it’s inherently a one way communication. If a key is compromised, any past or future messages using that key can be decrypted.
The NSA is not the only government out there doing this. China is possibly the worst. They are known for their armies of hackers looking for any insecure system, and they have been known to hijack internet routes in order to capture data. Their capabilities in regards to decryption, key databases, data collection, username/password databases, router config databases, vpn databases, and so many other things is likely on the same or larger scale to the NSA.
There are those who are upset with the NSA over all this, but I find it hard to get mad at them for doing their job. Certainly these leaks will make the NSA’s job harder, likely to result from expanded use of Froward Secrecy, but that’s something that the internet was making baby steps towards already. The NSA’s own document mentioned a few sites, including Google, who were already using forward secrecy. This is not about hiding data from the NSA, because it’s not about hiding data from any individual entity, it is about hiding data from all third party entities.