Bluher A.W.,National Security Agency
Finite Fields and their Applications | Year: 2013
Budaghyan and Carlet (2008)  constructed a family of almost perfect nonlinear (APN) hexanomials over a field with r2 elements, and with terms of degrees r+1, s+1, rs+1, rs+r, rs+s, and r+s, where r=2m and s=2n with GCD(m,n)=1. The construction requires a certain technical condition, which was verified empirically in a finite number of examples. Bracken, Tan, and Tan (2011)  proved that the condition holds when m≡2 or 4(mod6). In this article, we prove that the construction of Budaghyan and Carlet produces APN polynomials for all relatively prime values of m and n. More generally, if GCD(m,n)=k≥1, Budaghyan and Carlet showed that the nonzero derivatives of the hexanomials are 2k-to-one maps from Fr2 to Fr2, provided the same technical condition holds. We prove that their construction produces polynomials with this property for all m and n. Source
Israel J.,National Security Agency
Computer | Year: 2012
A review of the problems that haunted the FBI's Virtual Case File and Sentinel case management programs and an examination of the technical reasons for these failures provide the basis for recommendations to help avoid their repetition. © 2012 IEEE. Source
News Article | January 28, 2016
The leader of the National Security Agency’s hackers says that putting industrial control systems online has made America less secure.The trend to connect devices such as air conditioners and door locks to the Internet is making life easier for the National Security Agency’s hackers—but also keeping their boss awake at night.
News Article | January 15, 2016
The New York State Senate has began to re-analyze a bill which aims to eliminate strong smartphone encryption for all devices sold or leased in the Empire State. If the encryption bill gets the green light, smartphones sold within New York could have more exposure to hacking than those in the rest of the United States. The bill wants OEMs and OS providers to embed backdoor in their smartphones, so that the items could be easily unlocked by law enforcement officers and other state authorities if necessary. "Encryption threatens to lead us all to a very, very dark place. The place that this is leading us is one that I would suggest we shouldn't go without careful thought and public debate," James Comey, FBI Director declared back in 2014. The bill states that it aims to tax electronics manufacturers $2,500 per rogue device. As it is expected, members of the New York State Assembly are citing public interest as the bill's raison d'être. They point out that terrorist threats and criminal activities could be easily contained, should the legal initiative pass. Members of the Assembly note that criminals will take every chance to hide evidence from police officers and smartphone encryption gives them ample opportunity to do so. In the opinion of some legislators, password-protected devices "encourage criminals." Currently, the New York State Assembly is still debating the bill in committee, and the next procedural step is to have it on the floor calendar. Following this step, the senate and state assembly members will vote on the double-edged bill. The assembly bill was drafted earlier last year and should be passed in 2016. The changes could take effect starting Jan. 1, 2017 or 2018. No official information exists on the level of political or public support for the new legislation. Three years ago, whistleblower Edward Snowden unveiled the staggering level of surveillance that the National Security Agency (NSA) exposed its citizens and non-citizens to. Since then, a big segment of the American population started backing mobile encryption. Both Google and Apple upped the security and encryption levels on Android and iOS, catering to the privacy of their customers. Apple CEO Tim Cook lashed out against encryption on several occasions, firmly opposing back doors. If the New York bill passes and mobile device manufacturers still refuse to remove the encryption from their handsets, their profits in the state could plunge. However, New Yorkers could simply shop for their favorite Android or iOS in Philadelphia or Ohio, meaning that the OEMs such as Apple could stick to their principles and keep their sales numbers undented.
News Article | February 2, 2016
A Congressional committee has begun to investigate the potential impact of a Juniper Networks firewall security flaw discovered in December on government systems—even as some researchers suggest the hole may be the unintended consequence of a National Security Agency backdoor into the systems. The House Oversight Committee has asked 24 federal agencies to explain whether they used any systems running Juniper's ScreenOS, the operating system with the vulnerabilities, and whether they've installed Juniper's patch or taken other steps to protect their systems. "The federal government has yet to determine which agencies are using the affected software or if any agencies have used the patch to close the backdoor," wrote Rep. Will Hurd, R-Tex., in an op-ed published in the Wall Street Journal and on the committee's website last week. "Without a complete inventory of compromised systems, lawmakers are unable to determine what adversaries stole or could have stolen." Hurd is the chairman of the IT Subcommittee on Oversight and Government Reform and a member of the House Homeland Security Committee. Juniper announced in December it had discovered "unauthorized code" introducing vulnerabilities into its Netscreen firewalls, potentially foreign hackers trying to secretly decrypt VPN traffic through the firewalls. The company said last month that its investigation into the origin of the code is still underway, and a spokesperson declined to comment further Tuesday. Since the security flaw was discovered, researchers have suggested it could be the work of the NSA or another spy agency, or the unintended consequence of a backdoor placed by the NSA. The firewalls encrypt VPN traffic using randomized keys generated by an algorithm called Dual_EC_DRBG, which was developed by the National Institute of Standards and Technology with the help of the NSA. Reports in 2013, based on materials leaked by Edward Snowden, suggested the agency had inserted a backdoor into the algorithm, letting it predict random numbers generated by the routine and thus decode messages the keys are used to encrypt. Juniper has said that it uses different values of a particular mathematical parameter, known as Q, than that recommended in the NSA-influenced standard, making it immune to that particular attack, according to a December blog post by Matthew Green, an assistant professor of Computer Science at Johns Hopkins University. Researchers have found that eavesdroppers with control over the value of Q can potentially break codes based on keys generated by the algorithm, Green wrote. And part of the effect of Juniper's patch was apparently to revert the value of Q to one used in previous versions of the firewall software, implying that the unauthorized code may have changed the parameter's value to a vulnerable one, Green wrote. But even the newly restored, previous value of Q could be of concern to Juniper's customers, he said at the time, since it was unclear how it had been chosen. Since then, Juniper has pledged to replace the Dual_EC algorithm altogether with one used in other software that it's determined is not vulnerable. The uncertainty around the origin of the vulnerability seems to highlight the risks of the kind of security backdoors some politicians and law enforcement officials have said are necessary to enable government surveillance of encrypted communication. Security researchers and privacy advocates have long argued that it's effectively impossible to build a backdoor letting government officials eavesdrop without jeopardizing the privacy of everyday users and businesses. So far, the Obama administration has declined to take steps to require makers of encryption software to install such backdoors, and companies from consumer device makers like Apple to commercial networking suppliers like Cisco have adamantly declined to insert them voluntarily. And the Juniper flaw, regardless of the details, shows that such backdoors are "extremely dangerous," Hurd wrote. "There is no way to create a backdoor that is not vulnerable to this kind of breach," he wrote. "Encryption is essential to our national security and economy; we should be focused on strengthening it not weakening it."