All welcome through the back door

Nieuws | de redactie
9 september 2013 | Urged by the NSA and GCHQ, technology firms create ‘back doors’, thereby leaving their software vulnerable for snooping by spy agencies and… for anyone else. “All you need is enough computing power.”

Following the latest revelation of  the Snowden documents, government spy agencies NSA end GSHQ push technology firms to introduce ‘back doors’ to bypass security measures like encryption and passwords.

On The NewScientist says expert Markus Kuhn (university of Cambridge): “I’m pretty sure they are reporting well-known possibilities of cheating around cryptography.”

“For example, most encryption algorithms require a random number generator to produce secure keys. One of the oldest tricks in the book is to modify the random number generator so it outputs only a tiny subset of all the random numbers it normally should,” says Kuhn.

Bribe a system administrator

It could also be swiping keys directly from online service providers, says Kuhn. The TLS encryption protocol, which puts the “s” in secure https connections, relies on servers storing a secret key to decrypt incoming messages or transactions. The NSA could bribe a system administrator or otherwise infiltrate the organisation to gain access to these keys, allowing it to decrypt any intercepted traffic to the relevant server.

NSAIt could also be swiping keys directly from online service providers, says Kuhn. The TLS encryption protocol, which puts the “s” in secure https connections, relies on servers storing a secret key to decrypt incoming messages or transactions. The NSA could bribe a system administrator or otherwise infiltrate the organisation to gain access to these keys, allowing it to decrypt any intercepted traffic to the relevant server.

“If they have weakened the structure of the internet in the ways that the revelations say, then they have failed in the mission to protect national critical infrastructure,” says Nigel Smart of the University of Bristol, UK.


Schrijf je in voor onze nieuwsbrief
«

ScienceGuide is bij wet verplicht je toestemming te vragen voor het gebruik van cookies.

Lees hier over ons cookiebeleid en klik op OK om akkoord te gaan

OK