From msuinfo!uchinews!mimsy!dtix!darwin.sura.net!europa.asd.contel.com!uunet!decwrl!world!eff!nuntius Thu Jun 25 09:35:26 1992
Path: msuinfo!uchinews!mimsy!dtix!darwin.sura.net!europa.asd.contel.com!uunet!decwrl!world!eff!nuntius
From: Banisar@washofc.cpsr.org (David Banisar)
Newsgroups: sci.crypt
Subject: NSA Letter
Message-ID: <1992Jun25.040233.20686@eff.org>
Date: 25 Jun 92 04:02:33 GMT
Sender: usenet@eff.org (NNTP News Poster)
Organization: Computer Professionals for Social Responsibility
Lines: 570
Nntp-Posting-Host: coolidge.eff.org
X-Useragent: Nuntius v1.1b2

Date: Wed, 24 Jun 92 18:10:02 CDT
From: Joe.Abernathy@houston.chron.com (Joe Abernathy)
To: risks@csl.sri.com
Subject: The NSA Papers

The following is the written response to my request for an interview
with the NSA. To the best of my knowledge, and according to their claims,
it is the government's first complete answer to the many questions and
allegations that have been made in regards to the matter of cryptography.
I would like to invite reaction from any qualified readers who care to
address any of the issues raised herein. Please mail to edtjda@chron.com
(713) 220-6845.



NATIONAL SECURITY AGENCY
CENTRAL SECURITY SERVICE
Serial: Q43-11-92 9


10 June 1992
Mr. Joe Abernathy
Houston Chronicle
P.O. Box 4260
Houston, TX 77210


Dear Mr. Abernathy:


Thank you for your inquiry of 3 June 1992 on the

subject of cryptography. Attached please find answers

to the questions that you provided our Agency. If

any further assistance is needed, please feel free

to contact me or Mr. Jerry Volker of my staff on (xxx)

xxx-xxxx.


Sincerely,


MICHAEL S.CONN

Chief
Information Policy

ENCL:


1. Has the NSA ever imposed or attempted to impose
a weakness on any cryptographic code to see if it
can thus be broken?

One of NSA's missions is to provide the means for
protecting U.S. Government and military communications
and information systems related to national security.
In fulfilling this mission we design cryptologic codes
based on an exhaustive evaluation process to ensure
to the maximum extent possible that information systems
security products that we endorse are free from any
weaknesses. Were we to intentionally impose weaknesses
on cryptologic codes for use by the U.S. Government,
we would not be fulfilling our mission to provide
the means to protect sensitive U.S. Government and
military communications and our professional integrity
would be at risk.

2. Has the NSA ever imposed or attempted
to impose a weakness on the DES or DSS?

Regarding the Data Encryption Standard (DES), we
believe that the public record from the Senate Committee
for Intelligence's investigation in 1978 into NSA's
role in the development of the DES is responsive to
your question. That committee report indicated that
NSA did not tamper with the design of the algorithm
in any way and that the security afforded by the
DES was more than adequate for at least a 5-10 year
time span for the unclassified data for which it was
intended. In short, NSA did not impose or attempt
to impose any weakness on the DES.

Regarding the draft Digital Signature Standard
(DSS), NSA never imposed any weakness or attempted
to impose any weakness on the DSS.

3. Is the NSA aware of any weaknesses in the
DES or the DSS? The RSA?

We are unaware of any weaknesses in the DES or
the DSS when properly implemented and used for the
purposes for which they both are designed. We do not
comment on nongovernment systems.

Regarding the alleged trapdoor in the DSS. We
find the term trapdoor somewhat misleading since
it implies that the messages sent by the DSS are encrypted
and with access via a trapdoor one could somehow decrypt
(read) the message without the sender's knowledge.
The DSS does not encrypt any data. The real issue
is whether the DSS is susceptible to someone forging
a signature and therefore discrediting the entire
system. We state categorically that the chances of
anyone - including NSA - forging a signature with
the DSS when it is properly used and implemented is
infinitesimally small.

Furthermore, the alleged trapdoor vulnerability
is true for ANY public key-based authentication system,
including RSA. To imply somehow that this only affects
the DSS (a popular argument in the press) is totally
misleading. The issue is one of implementation and
how one goes about selecting prime numbers. We call
your attention to a recent EUROCRYPT conference which
had a panel discussion on the issue of trapdoors in
the DSS. Included on the panel was one of the Bellcore
researchers who initially raised the trapdoor allegation,
and our understanding is that the panel - including
the person from Bellcore - concluded that the alleged
trapdoor was not an issue for the DSS. Furthermore,
the general consensus appeared to be that the trapdoor
issue was trivial and had been overblown in the press.
However, to try to respond to the trapdoor allegation,
at NIST's request, we have designed a prime generation
process which will ensure that one can avoid selection
of the relatively few weak primes which could lead
to weakness in using the DSS. Additionally, NIST intends
to allow for larger modulus sizes up to 1024 which
effectively negates the need to even use the prime
generation process to avoid weak primes. An additional
very important point that is often overlooked is that
with the DSS the primes are PUBLIC and therefore can
be subject to public examination. Not all public key
systems provide for this same type of examination.

The integrity of any information security system
requires attention to proper implementation. With
the myriad of vulnerabilities possible given the differences
among users, NSA has traditionally insisted on centralized
trusted centers as a way to minimize risk to the system.
While we have designed technical modifications to
the DSS to meet NIST's requests for a more decentralized
approach, we still would emphasize that portion of
the Federal Register notice for the DSS which states:
While it is the intent of this standard to specify
general security requirements for generating digital
signatures, conformance to this standard does not assure
that a particular implementation is secure. The responsible
authority in each agency or department shall assure
that an overall implementation provides an acceptable
level of security. NIST will be working with government
users to ensure appropriate implementations.

Finally, we have read all the arguments purporting
insecurities with the DSS, and we remain unconvinced
of their validity. The DSS has been subjected to intense
evaluation within NSA which led to its being endorsed
by our Director of Information Systems Security for
use in signing unclassified data processed in certain
intelligence systems and even for signing classified
data in selected systems. We believe that this approval
speaks to the lack of any credible attack on the
integrity provided by the DSS given proper use and
implementation. Based on the technical and security
requirements of the U.S. government for digital signatures,
we believe the DSS is the best choice. In fact, the
DSS is being used in a pilot project for the Defense
Message System to assure the authenticity of electronic
messages of vital command and control information.
This initial demonstration includes participation from
the Joint Chiefs of Staff, the military services,
and Defense Agencies and is being done in cooperation
with NIST.

4. Has the NSA ever taken advantage of
any weaknesses in the DES or the DSS?

We are unaware of any weaknesses in the DSS or
in the DES when properly implemented and used for the
purposes for which they both are designed.

5. Did the NSA play a role in designing the DSS? Why, in the
NSA's analysis, was it seen as desirable to create
the DSS when the apparently more robust RSA already
stood as a de facto standard?

Under the Computer Security Act of 1987, NIST is
to draw upon computer systems technical security guidelines
of NSA where appropriate and to coordinate closely
with other agencies, including NSA, to assure:

a. maximum use of all existing and planned programs,
materials, and reports relating to computer systems
security and privacy, in order to avoid unnecessary
and costly duplication of effort; and

b. that standards developed by NIST are consistent
and compatible with standards and procedures developed
for the protection of classified systems.

Consistent with that law and based on a subsequent
Memorandum of Understanding (MOU) between NSA and NIST,
NSA's role is to be responsive to NIST's requests
for assistance in developing, evaluating, or researching
cryptographic algorithms and techniques. (See note
at end). In 19??, NIST requested that NSA evaluate
candidate algorithms proposed by NIST for a digital
signature standard and that NSA provide new algorithms
when existing algorithms did not meet U.S. government
requirements. In the two-year process of developing
a digital signature for U.S. government use, NIST
and NSA examined various publicly-known algorithms
and their variants, including RSA. A number of techniques
were deemed to provide appropriate protection for
Federal systems. The one selected by NIST as the draft
Digital Signature Standard was determined to be the
most suitable for reasons that were set forth in the
Federal Register announcement. One such reason was
to avoid issuance of a DSS that would result in users
outside the government having to pay royalties. Even
though the DSS is targeted for government use, eliminating
potential barriers for commercial applications is
useful to achieve economies of scale. Additionally,
there are features of the DSS which make it more attractive
for federal systems that need to have a digital signature
capability for large numbers of users. Chief among
them are the number of trusted operation points and
system management overhead that are minimized with
the NIST proposed technique.

6. What national interests are served by limiting the
power of cyptographic schemes used by the public?

We call your attention to the House Judiciary committee
hearing of 29 April 1992. The Director of the FBI
expressed his concerns that law enforcement interests
in meeting responsibilities given to them by Congress
could be affected unless they had access to communications,
as was given to them by statute in 1968 (court monitored,
court sponsored, court reviewed and subject to Congressional
oversight).

The National Security Agency has no role in limiting
the power of cryptographic schemes used by the public
within the U.S. We have always been in favor of the
use of information security technologies by U.S. Businesses
to protect their proprietary information, and when
we had an information security role with private industry
(prior to the Computer Security Act of 1987), we actively
advocated use of such technologies.

7. What national interests are served by limiting the
export of cryptographic technology?

Cryptographic technology is deemed vital to national
security interests. This includes economic, military,
and foreign policy interests.

We do not agree with the implications from the
House Judiciary Committee hearing of 7 May 1992 and
recent news articles that allege that U.S. export
laws prevent U.S. firms' manufacture and use of top
encryption equipment. We are unaware of any case where
a U.S. firm has been prevented from manufacturing
and using encryption equipment within this country
or for use by the U.S. firm or its subsidiaries in
locations outside the U.S. Because of U.S. export restrictions.
In fact, NSA has always supported the use of encryption
by U.S. businesses operating domestically and overseas
to protect sensitive information.

For export to foreign countries, NSA as a component
of the Department of Defense (along with the Department
of State and the Department of Commerce) reviews export
licenses for information security technologies controlled
by the Export Administration Regulations or the international
Traffic in Arms Regulations. Similar export control
systems are in effect in all the Coordinating Committee
for Multilateral Export Controls (CoCom) countries
as well as many non-CoCom countries as these technologies
are universally considered as sensitive. Such technologies
are not banned from export and are reviewed on a case-by-case
basis. As part of the export review process, licenses
may be required for these systems and are reviewed
to determine the effect such export could have on
national security interests - including economic,
military, and political security interests. Export
licenses are approved or denied based upon the type
of equipment involved, the proposed end-se and the
end-user.

Our analysis indicates that the U.S. leads the
world in the manufacture and export of information
security technologies. Of those cryptologic products
referred to NSA by the Department of State for export
licenses, we consistently approve over 90%. Export
licenses for information security products under the
jurisdiction of the Department of Commerce are processed
and approved without referral to NSA or DoD. This includes
products using such techniques as the DSS and RSA
which provide authentication and access control to
computers or networks. In fact, in the past NSA has
played a major role in successfully advocating the
relaxation of export controls on RSA and related technologies
for authentication purposes. Such techniques are extremely
valuable against the hacker problem and unauthorized
use of resources.

8. What national interests are at
risk, if any, if secure cryptography is widely available?

Secure cryptography widely available outside the
United States clearly has an impact on national security
interests including economic, military, and political.

Secure cryptography within the United States may
impact law enforcement interests.

9. What does the NSA see as its legitimate interests in
the area of cryptography? Public cryptography?

Early one of our interests is to protect U.S.
government and military communications and information systems
related to national security. As part of that mission,
we stay abreast of activities in public cryptography.

10. How did NSA enter into negotiations with the Software
Publishers Association regarding the export of products
utilizing cryptographic techniques? How was this group
chosen, and to what purpose? What statute or elected
representative authorized the NSA to engage in the
discussions?

The Software Publishers Association (SPA) went
to the National Security Advisor to the President
to seek help from the Administration to bring predictability,
clarity, and speed to the process for exporting mass
market software with encryption. The National Security
Advisor directed NSA to work with the mass market software
representatives on their request.

ii. What is the status of these negotiations?

These negotiations are ongoing.

12. What is the
status of export controls on products using cryptographic
techniques? How would you respond to those who point
to the fact that the export of RSA from the U.S. is
controlled, but that its import into the U.S. is not?

To the best of our knowledge, most countries who
manufacture cryptographic products regulate the export
of such products from their countries by procedures
similar to those existing within the U.S. Some even
control the import into their countries. The U.S.
complies with the guidelines established by CoCom
for these products.

Regarding the export of RSA from the U.S., we are
unaware of any restrictions that have been placed
on the export of RSA for authentication purposes.

13. What issues would you like to discuss that I have
not addressed?

None.

14. What question or questions would you
like to pose of your critics?

None.

NOTE: To clarify misunderstandings regarding
this Memorandum of Understanding (MOU); this MOU does
not provide NSA any veto power over NIST proposals.
As was discussed publicly in 1989, the MOU provides
that if there is an issue that can not be resolved
between the two agencies, then such an issue may be
referred to the President for resolution. Enclosed
please find a copy of subject MOU which has been made
freely available in the past by both NSA and NIST
to all requestors. At the House Judiciary Committee
hearings on 7 May 1992, the Director of NIST responded
that he had never referred an issue to the White House
since his assumption of Directorship in 1990.

MEMORANDUM OF UNDERSTANDING

BETWEEN

THE DIRECTOR OF THE NATIONAL INSTITUTE OF STANDARDS
AND TECHNOLOGY

AND

THE DIRECTOR OF THE NATIONAL SECURITY AGENCY

CONCERNING

THE IMPLEMENTATION OF PUBLIC LAW 100-235 Recognizing
that:

A. Under Section 2 of the Computer Security Act
of 1987 (Public Law 100-235), (the Act), the National
Institute of Standards and Technology (NIST) has the
responsibility within the Federal Government for:.

1. Developing technical, management, physical,
and administrative standards and guidelines for the
cost-effective security ad privacy of sensitive information
in Federal computer systems as def ined in the Act;
and,

2. Drawing on the computer system technical security
guidelines of the National Security Agency (NSA) in
tis regard where appropriate.

B. Under Section 3 of the Act, the NIST is to coordinate
closely with other agencies and offices, including
the NSA, to assure:

1. Maximum use of all existing and planned programs,
materials, studies, and reports relating to computer
systems security and privacy, in order to avoid unnecessary
and costly duplication of effort; and, - 2. To the
maximum extent feasible, that standards developed
by the NIST under the Act are consistent and compatible
with standards and procedures developed for the protection
of classified information in Federal computer systems.

C. Under the Act, the Secretary of Commerce has
the responsibility, which he has delegated to the
Director of NIST, for appointing the members of the
Computer System Security and Privacy Advisory Board,
at least one of whom shall be from the NSA. Therefore,
in furtherance of the purposes of this MOU, the Director
of the NIST and the Director of the NSA hereby agree
as follows:

The NIST will:

1. Appoint to the Computer Security and Privacy
Advisory Board at least one representative nominated by
the Director of the NSA.

2. Draw upon computer system technical security
guidelines developed -by the NSA to the extent that the NIST
determines that such guidelines are consistent with the requirements
for protecting sensitive information in -Federal computer
systems.

3. Recognize the NSA-certified rating of evaluated
trusted systems under the Trusted Computer Security Evaluation
Criteria Program without requiring additional evaluate.

4. Develop telecommunications security standards
for protecting sensitive unclassified computer data, drawing
upon the expertise and products of the National Security
Agency, to the greatest extent possible, in meeting
these responsibilities in a timely and cost effective manner

5. Avoid duplication where possible in entering
into mutually agreeable arrangements with the NSA for
the NSA support.

6. Request the NSA's assistance on all matters
related to cryptographic algorithms and cryptographic techniques
including but not limited to research, development valuation,
or endorsement. . - I

II. The NSA will:

1. Provide the NIST with technical guidelines in
trusted technology, telecommunications security, and personal
-identification that may be used in cost-effective
systems for protecting sensitive computer data.

2. Conduct or initiate research and development
programs in trusted technology, telecommunications security,
cryptographic techniques and personal identification methods.

3. Be responsive to the NIST's requests for assistance
in respect to all matters related to cryptographic
algorithms and cryptographic techniques including but not limited
to research, development, evaluation, or endorsement.

4. Establish the standards and endorse products
for application to secure systems covered in 10 USC
Section 2315 (the Warner Amendment).

5 Upon request by Federal agencies their contractors
and other government-sponsored entities, conduct assessments
of the hostile intelligence threat to federal information
systems, and provide technical assistance and recommend endorsed
products for application to secure systems against that threat.

iii. The NIST and the NSA shall:

1. Jointly review agency plans for the security and
-privacy of computer systems submitted to NIST and NSA pursuant
to section 6(b) of the Act.'

2. Exchange technical standards and guidelines
as necessary to achieve the purposes of the Act.

3. Work together to achieve the purposes of this
memorandum with the greatest efficiency possible, avoiding
unnecessary duplication of effort.

4. Maintain an ongoing, open dialogue to ensure
that each organization remains abreast of emerging technologies
and issues effecting automated information system security
in computer-based systems.

5. Establish a Technical Working Group to review
and analyze issues of mutual interest pertinent to protection
of systems that process sensitive or other unclassified-information.
The Group shall be composed of six federal employees, three
each selected by NIST and NSA and to be augmented as necessary by
representatives of other agencies. Issues may be referred to the
group by either the NSA Deputy Director for Information Security
or the NIST Deputy Director or may be generated -and addressed
by the group upon approval by the NSA DDI or NIST Deputy Director.
Within days of the referral of an issue to the Group by
either the NSA Deputy Director for Information Security or the
NIST Deputy .Director, the Group will respond with
a progress report and pan for further analysis, if any.

6. Exchange work plans on an annual basis on all
research and development projects pertinent to protection
of systems that process sensitive or other unclassified information,
including trusted technology, for protecting the
integrity and availability of data, telecommunications security
and personal identification methods. Project updates will be
exchanged quarterly, and project reviews will be provided
by either party upon request of he other party.

7. Ensure the Technical Working Group reviews prior
to public disclosure all matters regarding technical_systems
security techniques to be developed for use in protecting
sensitive information in federal computer systems to ensure
they are consistent with the national security of-the
United States. If NIST and NSA are unable to resolve
such an issue within 60 days, either _ agency may elect
to raise the issue to the Secretary of Defense and
the Secretary of Commerce. It is recognized that such
an issue may be referred to the President through
the NSC for resolution. No action shall be taken on
such an issue until it is resolved.

8. Specify additional operational agreements in
annexes to this MOU as they. are agreed to by NSA
and NIST.

IV. Either party may elect to terminate this MOU
upon six months written notice. This MOU is effective
upon approval of both signatories.

RAYMOND G. KAMMER
W. 0. STUDEMAN

Acting Director Vice Admiral, U.S. Navy National
Institute of Director Standards and Technology
National Security Agency