A source at an International Organization for Standardization (ISO) meeting of expert delegations in Wuhan, China, told WikiTribune that the U.S. delegation, including NSA officials, refused to provide the standard level of technical information to proceed.
The vote is the latest setback for the NSA’s plan, which was pruned in September after ISO delegates expressed distrust and concerns that the U.S. agency could be promoting encryption technology it knew how to break, rather than the most secure.
The ISO sets agreed standards for a wide range of products, services, and measurements in almost every industry including technology, manufacturing, food, agriculture, and health. The body has been looking into adopting recommended encryption technology to improve security in devices that make up the “internet of things.” These include household items such as smart speakers, fridges, lighting and heating systems, and wearable technology.
The NSA has been pushing for these encryption tools to get a seal of approval from the ISO so they will become approved by the National Institute for Standards and Technology (NIST), and become standard for all U.S. government departments and related companies, said the source.
Agreeing to adopt ‘Simon’ and ‘Speck’ as standard block cipher algorithms would have made these part of the recommended encryption technology for a huge range of products.
The NSA had originally been promoting a broader range of encryption technologies, but during a three-year dispute behind closed doors, delegates from other countries expressed concern over the NSA’s motives. Several cited information leaked by Edward Snowden, which showed the agency had previously planned to manipulate standards and promote technology it could penetrate, as a source of distrust, according to documents seen by Reuters.
Two delegates told WikiTribune that the opposition to adding these algorithms was led by Dr. Tomer Ashur from KU Leuven University, representing the Belgian delegation and it was supported by a large group of countries.
Israeli delegate Orr Dunkelman told Reuters he did not trust the U.S. designers following the September meetings.
“There are quite a lot of people in NSA who think their job is to subvert standards,” said Dunkelman. “My job is to secure standards.”
The NSA said Simon and Speck were developed to protect U.S. government equipment without requiring a lot of processing power, and firmly believes they are secure.
The NSA has a history (Atlas Obscura) of trying to create “backdoors” in software so it can access data. Documents leaked by Snowden also showed the NSA has made extensive efforts to break encryption tools, and insert vulnerabilities into encryption systems. The Dual EC, a standardized algorithm championed by the NSA, was withdrawn in 2014 due to wide public criticism.
According to WikiTribune’s source, experts in the delegations have clashed over recent weeks and the NSA has not provided the technical detail on the algorithms that is usual for these processes. The U.S. delegation’s refusal to provide a “convincing design rationale is a main concern for many countries,” the source said.
What are Simon and Speck?
Created by the NSA in 2013, Simon and Speck are families of lightweight block ciphers, meaning they’re cryptographic algorithms tailored for low-resource devices, such as limited memory and power. Though both algorithms are versatile in hardware and software, Simon is optimal in hardware while Speck is optimal in software.
According to the NSA, the aim of Simon and Speck is to secure applications in constrained, or specialized, environments, largely to prepare for the era of the internet of things. The basic idea is to design algorithms that are flexible and simple enough to be performed just about anywhere.
What is unusual about Simon and Speck is that the NSA had a four-year delay in publishing the ciphers with a security analysis and a description of the design decisions, which are considered mandatory best practices.
Courtesy Jack Barton.
Jack Barton is a staff journalist at WikiTribune where he writes about international law, human rights and finance, whilst covering daily news.
This article was first published on Wikipedia.