NIST Revises Crypto Standards GuideRevamp of Standards Development Process Closer to Completion
Nearly a year after issuing a first draft, the National Institute of Standards and Technology has released a substantially revised proposal for changing the way it develops cryptographic standards. The effort was launched after the NSA was accused of tampering with a NIST cryptographic algorithm.
NIST made extensive modifications to the proposed guide, and on Jan. 23 issued a second draft of Interagency Report 7977: NIST Cryptographic Standards and Guidelines. Some of the modifications in the second draft were made as a result of comments on the first draft submitted by 21 stakeholders. NIST published the first draft last February (see NIST Unveils Crypto Standards Proposal).
"We appreciate all of the input we received from the cryptographic community, which is so vital to our work," says Donna Dodson, chief cybersecurity adviser in NIST's Information Technology Laboratory. "Based on that feedback, we've made substantive changes to the document with the goal of establishing steps to ensure our standards will have the trust and participation of the broader community."
Redefining Relationship with NSA
NIST says the second draft details how the agency will ensure balance, transparency, openness and integrity in developing cryptographic standards and guidelines. The new draft expands on NIST's interactions with the NSA, explaining how the agencies work together and what steps are in place to ensure NSA's contributions to the standards development process are transparent. The institute says new processes will ensure that NIST attributes to the NSA all algorithms, standards or guidelines contributed by NSA staff and acknowledges all comments received from the NSA.
The new guidelines to create cryptographic standards is being developed in the wake of suspected NSA meddling with a specific cryptographic algorithm, a deterministic random bit generator known as Dual_EC_DRBG, which appeared in NIST Special Publication 800-90 (now SP 800-90A). That special publication, which was withdrawn by NIST and is being revised, specifies mechanisms for the generation of random bits using deterministic methods, algorithms which, given a particular input, will always produce the same output. A tampered Dual_EC_DRBG could have provided the NSA with a backdoor to circumvent encryption and access data in systems that used it. NIST has said that the revised special publication, when issued, will not include Dual_EC-DRBG.
The New York Times and ProPublica published an article in September 2013 that reported the NSA had cracked or circumvented much of the encryption that shields global commerce and banking systems, trade secrets and medical records and Internet communications (see Report: NSA Circumvented Encryption).
Separating IA from Intel Gathering
The second draft represents an improvement, especially in the areas of providing more transparency that would allow cryptographers to vet cryptographic standards that might flag potential spy-agency meddling, says Amie Stepanovich, senior policy counsel at Access, an advocacy group that promotes an open Internet.
Federal law requires NIST to work with the NSA, but Stepanovich says such collaboration should only be conducted with NSA's information assurance directorate and not with its intelligence gathering operations. The revised draft does not make that distinction, something Stepanovich contends it should. "NIST should take all efforts available to make sure that it is only the information assurance part of the NSA that can contribute to these standards, and at no time can any signals intelligence mission from the NSA or [other spy agency] undermine that information assurance," she says.
Like Access, the digital advocacy group Center for Democracy and Technology called for strengthening the integrity part of the proposed guide by requiring NIST to avoid improper influence in creating its cryptographic standards. "Improper influence is a threat to NIST's interests and the public interest in developing secure, efficient and interoperable cryptographic standards, and that vigilance in the standard-setting process from all participants - NIST staff included - is key to ensuring that all principles are upheld," says CBT Chief Technologist Joe Hall.
George Willingmyre, president of the international standards and trade policy consultancy GTW Associates, says he's pleased to see the latest draft cites the need for NIST to collaborate with international standards organizations. But he contends that the draft should have been more specific, such as referencing various World Trade Organizations agreements that address international cryptography standards. "It would have been reassuring to know that NIST considered possibly relevant international criteria," Willingmyre says.
Further Comment Sought
NIST is requesting that comments on the second draft being submitted to email@example.com by March 27.
The final version of the guide to develop cryptographic standards isn't expected to be published until late spring at the earliest. "After the comment period closes at the end of March, they'll need time to review and adjudicate the comments," says NIST spokeswoman Jennifer Huergo. "The timeline will be affected by how many comments they receive and if significant changes to the draft are needed to address them. It is a high priority so I'm sure they'll work as quickly as they can."
Another NIST spokesman, Chad Boutin, earlier acknowledged that it's unusual for NIST to go more than half a year after publishing a first draft of a report without either issuing a second draft or producing a final report on its guidance (see NIST Tardy on Cryptography Standards Report).