NEWSBYTE The US National Security Agency (NSA) has had two of its new encryption algorithms for the Internet of Things (IoT) rejected by an international standards body, because of suspicions that they contained a backdoor that would allow US spies to break into them.
The International Organisation for Standardisation (ISO) rejected the algorithms, dubbed ‘Simon’ and ‘Speck’, with The Register reporting allegations of threatening behaviour by US security officials.
While the ISO’s meetings are held behind closed doors, WikiTribune reported that the rejection was based on the fact that US officials refused to provide the standard level of technical details.
German, Japanese, and Israeli academic and industry experts had suggested that Simon and Speck were not being pushed by the NSA because of their superiority, but rather because the NSA knew how to break them. Although the NSA then agreed to adopt only the strongest versions of the techniques, those attending the ISO meeting were reportedly not convinced.
Dr. Tomer Ashur from KU Leuven University, representing the Belgian delegation, led the opposition, and Israeli delegate Orr Dunkleman told Reuters he did not trust the US designers following meetings in September.
“There are quite a lot of people in the NSA who think their job is to subvert standards,” said Dunkelman. “My job is to secure standards”.
Ashur, meanwhile, tweeted a series of revelations about the meetings, claiming that the NSA’s “outrageously adversarial” behaviour during the process was a key factor in the proposed standards’ rejection.
He alleged that the NSA responded with “half-truths and full lies” to delegates’ concerns. Ashur suggested that if the US delegates had been “more trustworthy, or at least more cooperative, different alliances would have probably been formed”.
Instead, the US tried to “bully their way into the standards, which almost worked but eventually backfired”, he said.
Internet of Business says
Although there were no direct accusations that the NSA had inserted a backdoor into the IoT standards, the suspicion was clearly there. Experts are wary because of the NSA’s history of sabotaging cryptographic standards to undermine privacy online, most famously revealed by former NSA contractor Edward Snowden.
Among his revelations was that the NSA had sabotaged the NIST standards. In 2013, the New York Times reported: “Classified NSA memos appear to confirm that the fatal weakness, discovered by two Microsoft cryptographers in 2007, was engineered by the agency. The NSA wrote the standard and aggressively pushed it on the international group, privately calling the effort “a challenge in finesse”.
Over a decade later, it appears that little has changed.