Experts to Assess NIST Cryptography ProgramPanel to Review NSA's Role in Creating NIST Standards
A group of noted cryptographers, academics and business leaders will provide an independent assessment of the way the National Institute of Standards and Technology develops cryptographic standards and guidelines.
NIST in February issued a draft report proposing changes in the way it develops cryptographic standards, following allegations that the National Security Agency meddled with NIST guidance dealing with generation of random bits (see NIST Unveils Crypto Standards Proposal ).
The Visiting Committee on Advanced Technology, NIST's primary advisory committee known as VCAT, on May 14 named seven prominent individuals to a Committee of Visitors to examine Interagency Report 7977, NIST Cryptographic Standards and Guidelines Development Process, which proposes revisions of how NIST develops cryptographic standards.
"NIST has played a very valuable role in the international cryptographic community, but NIST has also made a serious error of judgment, in particular when standardizing the Dual_EC_DRBG," panel member and cryptographer Bart Preneel of Belgium's Katholieke Universiteit Leuven says, referring to the random bit generator.
Besides Preneel, the panel members include Internet pioneer Vint Cerf, chief evangelist at Google; two other computer science professors, Edward Felten of Princeton University and Ron Rivest of the Massachusetts Institute of Technology; Steve Lipner, Microsoft's director of security engineering strategy; Ellen Richey, Visa chief enterprise risk officer; and Fran Schrotter, chief operating officer of the American National Standards Institute.
NIST spokeswoman Jennifer Huergo says the VCAT chose members of the panel, though NIST helped identify experts from critical stakeholder communities, including researchers in cryptography, standards development organizations, enterprises that rely on cryptography to protect their information and industry.
Preneel says he agreed to join the committee because he believes that the role of this committee is important. "I have gotten the impression that our recommendations will be taken seriously," Preneel says.
Another panel member, Princeton's Felten, has written blogs about the alleged NSA interference with NIST standards, concluding one entry titled On Security Backdoors by writing, "As long as the NSA has a license to undermine security standards, we'll have to be suspicious of any standard in which they participate."
NIST and the NSA have a long relationship working with one another in part because of the e-spying agency's expertise in cryptography. Also, the Federal Information Security Management Act, the law that governs federal government IT security, requires NIST to collaborate with the NSA on cybersecurity guidance. Federal civilian agencies must adopt NIST guidance.
Following publication of the draft of IR 7977, NIST sought public comment on its guide to developing cryptography, and 21 individuals or groups responded. The panel will review those recommendations, too.
A few of the recommendations suggest NIST be more transparent about past and future dealings with the NSA. "NIST has not publicly revealed to what extent or in what ways the NSA influenced these standards, or if evidence exists that other standards have been similarly undermined," writes Amie Stepanovich, senior policy counsel at the digital-rights advocacy group Access Washington. "In order to rebuild confidence in NIST, it is necessary that the agency takes proactive steps toward implementing a more transparent, accountable process for standards development.
Kent Landfield, Intel Security director of standards and technology policy, picks up on the transparency theme. "While this draft IR is a good start, it seems to be light on specifics, details and examples," he writes. "We believe this is an opportunity for NIST to demonstrate to the cryptographic community it is working hard to be extremely transparent in all aspects of cryptographic standards development. Enhancing this document with more details, using successes of the past as examples, would go a long way to assure the community NIST is serious about their concerns and is working hard to prove it."
Several stakeholders encourage NIST to take into account global interests in developing cryptography standards because NIST guidance is adopted worldwide. "Since these standards are the building blocks of assurance online and in digital environments, NIST cannot afford to prioritize U.S. interests or discount international perspectives," writes Joseph Lorenzo Hall, chief technologist for the Center for Democracy and Technology, an Internet advocacy group. "NIST should explicitly commit to recognizing international interest in its standards work."
Microsoft Principal Software Development Engineer Niels Ferguson suggests it might be too late for NIST to continue to be seen as a global leader in cryptography standards. Instead, he recommends that NIST should drive an effort to create an international consensus system for setting cryptographic standards, including agencies of various international governments, large IT providers and academia. "Credibility is everything, and recent revelations have sown enough doubt around the world that NIST-driven standards will no longer be acceptable, at least for a significant part of the worldwide market."
NIST Director Patrick Gallagher, in a statement, says the panel review should help NIST ensure it creates the most transparent and effective process for developing cryptography. "Our mission is to protect the nation's IT infrastructure and information by promoting strong cryptography," Gallagher says.
Seeking More Feedback
The Committee of Visitors could seek feedback from other experts and review other NIST standards and guidelines besides reviewing the current process described in the interagency report and the public comments. The subcommittee will update its progress at VCAT's next meeting on June 11. After the panel makes its suggestions, VCAT will issue its recommendations to NIST.
"Taking into consideration the recommendations of the VCAT, public input and NIST's internal review, the NIST director will make the final decision on implementing changes to the process," NIST's Huergo says .
As early as 2007, cryptography experts including Bruce Schneier, writing in Wired, suggested the random-number standards might contain a backdoor to allow the NSA to spy on organizations employing the random bit generators.
In an interview last November, as NIST began its own inquiry into the way it develops cryptography standards after reports surfaced of possible NSA interference, the deputy chief of the institute's Computer Security Division said the allegations about NSA tampering didn't stop the two federal agencies from continuing their cooperation on developing security standards (see NIST Review Won't Disrupt Work with NSA).
"We're being a little more cautious, but we certainly have not stopped any of our engagements," Matt Scholl said. "We certainly have not stopped asking them some of the hard questions that we looked at them to help us with, as well with everybody else. In the areas where we are working to produce standards guidelines, best practices, we're still collaborating."