12 January 2012

FBI OpenBSD Backdoors and RSA Cipher Vulnerability

Previous: http://cryptome.org/0003/fbi-backdoors.htm

From: Gregory Perry <Gregory.Perry[at]govirtual.tv>
Subject: Follow up to OpenBSD Crypto Framework Backdoors Thread
Date: Thu, 12 Jan 2012 01:57:39 +0000

Here is a follow up to the FBI / OpenBSD / OCF encryption backdoors thread as promised.  We had a three alarm fire at our house over the Christmas holidays and I am just now getting plugged back in.

1) At ~1997 or thereabouts, the FBI approached a fellow by the name of Lew Jenkins, the Chairman and CEO of Premenos Technology Corp., about their development of an Electronic Data Interchange (EDI) software suite used for corp-to-corp EDI transactions called "Templar".

2) At that point in time encryption technology (especially public key encryption algorithms) were still considered munitions by the United States government, and presumably the FBI was interested in Premenos research related to key escrow and session recovery of RSA-encrypted communication sessions.

3) A portion of Mr. Jenkins' research was conducted with a Ecuadorian national that provided Premenos with at least one mathematical vulnerability in the RSA encryption algorithm related to changing the base numbering system of the resulting RSA modulus after a block of plaintext had been encrypted.  Mr. Jenkins and Premenos also maintained extensive contacts with the Crown of England, including prominent English Lords involved with Internet communications technology.

4) One of the investors in Premenos was a fellow by the name of Ross Pirasteh, who was either the Prime Minister of Finance for the Shah of Iran or actually the Shah of Iran himself.  As the story goes, Ross and his family were snuck out of Iran rolled up in Persian rugs just prior to or during the 1979 revolution headed by Ayatollah Ruhollah Khomeini; once Ross and his family emigrated to the United States, the FBI gave him and his family new identities for obvious reasons.  I initially met Ross in the early 90s from a GPS-based automobile tracking project (nonmilitary-grade GPS), and in 1995 I gave him some information about Templar and he became an investor in Premenos shortly thereafter.

5) In 1999 I co-founded a computer security engineering firm with Ken Ammon and Jerry Harold, Network Security Technologies Inc. (NETSEC).  Ken was the CEO, Jerry was the COO, I was the CTO.  Ken and Jerry were high rank and file ex-NSA InfoSec employees and had extensive contacts in the DoD and federal government; we offered managed network security, penetration testing, vulnerability analysis, and reverse engineering services to the federal government and private sector.

6) NETSEC's first investor was Ross Pirasteh, he provided a bridge loan to get the company started.  The first friends family fools round of Preferred A investment was via a Boca Raton angel syndicate that I believe Ross had introduced to Ken and his wife, but I was not privy to those details.

7) Our first intended product was an ATM-based high speed embedded network security appliance that was to be placed on customer networks for remote network protocol analysis, surveillance, and intrusion detection and prevention.  Each hardware appliance would be monitored from a cryptographically accelerated encrypted VPN tunnel from the NETSEC NOC, and I designed the initial NOC prototype and network management system.  For the embedded hardware appliance development and contract manufacturing process, I hired Doug Bostrom and Wayne Mitzen, two very talented EE-types that had worked for Ross at a previous venture in Boston related to wireless telemetry (for example, U.S. Patent 6,208,266).

8) During that development effort I approached Theo de Raadt of the OpenBSD project about funding and implementing real-time preemptive POSIX-complaint threads capability to the OpenBSD operating system, instead of using a VxWorks RTOS due to Wind River's exorbitant licensing costs (OpenBSD and the BSD license were free and unencumbered of patents).  NETSEC provided the OpenBSD Project with hardware and funding to implement the beginning stages of the OpenBSD Cryptographic Framework, based on a HiFN line of cryptographic accelerators that were eventually worked into the OpenBSD kernel and OCF (our first choice was BroadCom, but Ken had connections at HiFN so that was the initial chipset used with the OCF).  x86-based hardware in the late 90s simply could not handle the computational effort required for high speed FIPS 140-1 and FIPS 140-2 compliant DES and 3DES encryption, so a dedicated crypto processor was needed to support ATM+ wire speeds.

9) Shortly thereafter, NETSEC started a project with the GSA called the GSA Technical Support Center .  The GSA Technical Support Center was a joint FBI and DoD collaboration to provide reverse engineering and cryptanalytic services to federal government and military components.  The project lead was FBI executive Ron Bitner (or at least that's the name he gave me), and the GSA representative tasked with funding the project was Dave Jarrell.  When I started working on the project I voiced concerns to Ken about the demarcation point between the FBI and DoD (or lack thereof), which at the time was a fairly egregious violation of the Posse Comitatus Act.  Ken's answer was that Multi Level Security (MLS) systems such as Trusted Solaris would be used to share information of varying classification levels between the FBI and DoD to preserve the age old separation between the military and civil government, but I saw the proverbial writing on the wall and didn't want to participate in the project any longer.

10) Later in the year I resigned my position at NETSEC during a company-wide meeting, and went on to start an embedded wireless bandwidth management company.  I had a two year non-compete with NETSEC so I couldn't work in security any longer at that time.

Obviously there is a lot more to this story than a one page synopsis, but I think what is important to make mention of is the close nexus between supposedly unfriendly governments such as Iran and the US.  In 1995 the FBI was adamantly against any relaxation of encryption export regulations, yet they did an abrupt about-face on the issue in 1999 (for example,

http://www.nytimes.com/1999/10/11/business/technology-easing-on-software-exports-has-limits.html
?scp=1&sq=Gregory%20Perry%20encryption&st=cse). 

I personally believe that the FBI, or at least certain officials within the administration at that time, willingly advocated the relaxation of encryption export regulations only due to their discovery of critical vulnerabilities and weaknesses in the RSA encryption algorithm not exhibited by the predominant public key encryption method used at the time which was Diffie-Hellman.  Of equal interest was RSA Security's decision to not pursue an extension of the RSA patent after its 20-year expiration, which they could have easily obtained on national security grounds.  They simply waived their rights and let RSA become an open and public domain standard despite their significant revenues in licensing of the RSA encryption algorithm in the USA based on U.S. Patent 4,405,829.

If any of this conjecture is the case, then it could reasonably be said that the FBI intentionally - and very seriously - weakened the United States critical infrastructure and our military capabilities by advocating the use of a fundamentally weak encryption algorithm as a tradeoff between US National Security and their need to observe domestic communications in the United States.  This of course has serious implications for any technology predicated upon the RSA encryption algorithm and its progeny, such as military grade GPS which uses RSA for weapons targeting, military smart card technology such as the Common Access Card, commercial smart card technologies used in RFID and contactless payment solutions, etc.  Most of these standards are now literally set in stone insofar as embedded systems are concerned, and the vast majority of OpenBSD / OCF installations are embedded-based without an upgrade path due to the small footprint of OpenBSD and the BSD licensing scheme used by the OpenBSD project.  Literally millions (and potentially hundreds of millions) of OpenBSD installations are out there in the embedded space such as routers, firewalls, VPN devices etc, and this goes without mentioning the many other operating systems that have incorporated the OpenBSD OCF and PF firewalling stack without any audit of the source code based on the security and reputation inherent to the OpenBSD Project.

Let me know if you have any other questions, and Happy 2012 to you and Cryptome.

Gregory Perry