CIISE Distinguished Seminar: How to Install a Backdoor in an International Cryptographic Standard: The "Finessing" of NIST's Dual_EC_DRBG
Dr. Aleksander Essex,
Date: September 27 (4:00 pm)
Staggering details were revealed this month about a wide-reaching program, code-named "Bullrun," by the United States National Security Agency (NSA) to circumvent encryption on the Internet. Of the many prongs of this program, one of the more troubling allegations suggests the NSA "finessed" the National Institute of Standards and Technology (NIST) into standardizing a cryptographic primitive with a secret backdoor. If true, the backdoor could provide the NSA a big advantage in its efforts to snoop online communications through a deliberate weakening of something called the Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG).
In this talk we will explain why random bits are crucial to online privacy, and what you could potentially do to people whose "random" bits you can guess. After a (gentle) background on elliptic curve cryptography we will give an overview of how Dual_EC_DRBG works, and walk you through an attack based on the presence of a backdoor. We will describe how the NSA is conjectured to have inserted the backdoor, and how the standard can be fixed. Finally we will end with a general discussion on the implications of the Bullrun program, focusing on the interplay between the privacy of the individual and the security of the state.
Aleksander Essex is an assistant professor of software engineering at Western University focusing on topics in cyber security and applied cryptography. During his postdoc at the Children’s Hospital of Eastern Ontario Research Institute he designed secure protocols for a variety of applications in privacy preserving medical informatics. His graduate work focused on trustworthy electronic voting and was part of an international research group that ran the first cryptographically-verifiable public election in the United States. He holds a Ph.D. in Computer Science from the University of Waterloo. Contact him at email@example.com and @alekessex