CATEGORIES:

Biology Chemistry Construction Culture Ecology Economy Electronics Finance Geography History Informatics Law Mathematics Mechanics Medicine Other Pedagogy Philosophy Physics Policy Psychology Sociology Sport Tourism

Microsoft, the NSA, and You

FOR IMMEDIATE RELEASE

Microsoft Installs US Spy Agency with Windows

Research Triangle Park, NC - 31 August 2012 - Between Hotmail hacks and

browser bugs, Microsoft has a dismal track record in computer security.

Most of us accept these minor security flaws and go on with life. But

how is an IT manager to feel when they learn that in every copy of

Windows sold, Microsoft may have installed a 'back door' for the

National Security Agency (NSA - the USA's spy agency) making it orders

of magnitude easier for the US government to access their computers?

While investigating the security subsystems of WindowsNT4, Cryptonym's

Chief Scientist Andrew Fernandes discovered exactly that - a back door

for the NSA in every copy of Win95/98/NT4 and Windows2000. Building on

the work of Nicko van Someren (NCipher), and Adi Shamir (the 'S' in

'RSA'), Andrew was investigating Microsoft's "CryptoAPI" architecture

for security flaws. Since the CryptoAPI is the fundamental building

block of cryptographic security in Windows, any flaw in it would open

Windows to electronic attack.

Normally, Windows components are stripped of identifying information. If the

computer is calculating "number_of_hours = 24 * number_of_days", the only

thing a human can understand is that the computer is multiplying "a = 24 * b".

Without the symbols "number_of_hours" and "number_of_days", we may have no

idea what 'a' and 'b' stand for, or even that they calculate units of time.

In the CryptoAPI system, it was well known that Windows used special numbers

called "cryptographic public keys" to verify the integrity of a CryptoAPI

component before using that component's services. In other words, programmers

already knew that windows performed the calculation "component_validity =

crypto_verify(23479237498234...,crypto_component)", but no-one knew exactly

what the cryptographic key "23479237498234..." meant semantically.

Then came WindowsNT4's Service Pack 5. In this service release of software

from Microsoft, the company crucially forgot to remove the symbolic

information identifying the security components. It turns out that there are

really two keys used by Windows; the first belongs to Microsoft, and it allows

them to securely load CryptoAPI services; the second belongs to the NSA. That

means that the NSA can also securely load CryptoAPI services... on your

machine, and without your authorization.

The result is that it is tremendously easier for the NSA to load unauthorized

security services on all copies of Microsoft Windows, and once these security

services are loaded, they can effectively compromise your entire operating

system. For non-American IT managers relying on WinNT to operate highly secure

data centers, this find is worrying. The US government is currently making it

as difficult as possible for "strong" crypto to be used outside of the US;

that they have also installed a cryptographic back-door in the world's most

abundant operating system should send a strong message to foreign IT managers.

There is good news among the bad, however. It turns out that there is a flaw

in the way the "crypto_verify" function is implemented. Because of the way the

crypto verification occurs, users can easily eliminate or replace the NSA key

from the operating system without modifying any of Microsoft's original

components. Since the NSA key is easily replaced, it means that non-US

companies are free to install "strong" crypto services into Windows, without

Microsoft's or the NSA's approval. Thus the NSA has effectively removed export

control of "strong" crypto from Windows. A demonstration program that replaces

the NSA key can be found on Cryptonym's website.

Cryptonym: Bringing you the Next Generation of Internet Security,

using cryptography, risk management, and public key infrastructure.

The Full Details

These details are essentially the contents of the "Rump Session" talk that Andrew Fernandes gave at the Crypto'99 Conference, on 15 August 1999, in Santa Barbara, California.

Note 1: many people have written us and assumed that we "reverse engineered" Microsoft's code. This is not true; we did not reverse engineer Microsoft code at any time. In fact, the debugging symbols were found using standard Microsoft-purchased programmer's tools, completely by accident, when debugging one of our own programs.

Note 2: many reporters have stated that Andrew studied computer science at the University of Waterloo and was a classmate of Ian Goldberg of Zero Knowlege Systems. In fact, Andrew studied biochemistry and mathematics at Waterloo for his undergraduate, and mathematics at McGill for his graduate work. He and Ian graduated in the same year, but really did not know each other at the time.

Date: 2015-02-16; view: 809

<== previous page	\|	next page ==>
	\|	An Overview of the Microsoft's CryptoAPI

doclecture.net - lectures - 2014-2024 year. Copyright infringement or personal data (0.006 sec.)