This article is more than 1 year old

ISO blocks NSA's latest IoT encryption systems amid murky tales of backdoors and bullying

Experts complain of shoddy tech specs and personal attacks

Two new encryption algorithms developed by the NSA have been rejected by an international standards body amid accusations of threatening behavior.

The "Simon" and "Speck" cryptographic tools were designed for secure data to and from the next generation of internet-of-things gizmos and sensors, and were intended to become a global standard.

But the pair of techniques were formally rejected earlier this week by the International Organization of Standards (ISO) amid concerns that they contained a backdoor that would allow US spies to break the encryption. The process was also marred by complaints from encryption experts of threatening behavior from American snoops.

The ISO's meetings are confidential and held behind closed doors, but a number of encryption experts have broken their silence now that the NSA's three-year effort to push has effectively been ended.


How much did NSA pay to put a backdoor in RSA crypto? Try $10m – report


"I worked very hard for this in the last year and a half. Now I can finally tell my story," tweeted one of the experts, Dr Tomer Ashur, who was representing the Belgian delegation.

He then pointed to the NSA's "outrageously adversarial" behavior during the process as a main reason why the two standards were rejected.

When some of the design choices made by the NSA were questioned by experts, Ashur states, the g-men's response was to personally attack the questioners, which included himself, Orr Dunkelman and Daniel Bernstein, who represented the Israeli and German delegations respectively.

Ashur further alleged that the NSA had plied the relevant ISO committee with "half-truths and full lies" in response to concerns, and said that if the American delegation had been "more trustworthy, or at least more cooperative, different alliances would have probably been formed."

Instead, he says, "they chose to try to bully their way into the standards which almost worked but eventually backfired."

Backdoor boys

While no one has directly accused the NSA of inserting backdoors into the new standards, that was the clear suspicion, particularly when it refused to give what experts say was a normal level of technical detail.

Ashur's push back was supported by other delegations from Germany, Japan and Israel. The Israeli delegate – whose expertise was also attacked - Orr Dunkelman, told Reuters last year that he didn't trust the US designers. "There are quite a lot of people in NSA who think their job is to subvert standards," he noted. "My job is to secure standards."

Following an earlier meeting, Germany's delegate Christian Wenzel-Benner, sent an email to cryptography experts noting that he was "very concerned" about the two proposed standards, and referenced the NSA's previous record of purposefully inserting backdoors into new standards.

Documents released by Edward Snowden back in 2013 revealed that the NSA championed what appeared to be a backdoored random number generator, the Dual EC DRBG algorithm, and allegedly paid computer security company RSA to include it in its software.

"How can we expect companies and citizens to use security algorithms from ISO standards if those algorithms come from a source that has compromised security-related ISO standards just a few years ago?" Wenzel-Benner wrote.

Ashur does not say that he found a backdoor in the NSA's proposed standards, but in response to another cryptographer's summary that "the NSA wanted to put into use codes that it developed and in which (apparently) there is a backdoor that will allow the intelligence organization to decipher what is encrypted in them," Ashur responded: "I am Dr Tomer Ashur and I endorse this message."

The Simon and Speck standards were created by the NSA in 2013 – before Snowden's revelations – and are block ciphers specifically designed to work with devices that have limited power and memory. That is perfect for IoT sensors which are typically very small and run off battery power. Simon is optimized for hardware, and Speck for software.

Strike three

Their approval as ISO standards failed three times however. At a meeting in 2016, the NSA failed to get the two-thirds approval by one vote.

That resulted in the NSA finally providing a lengthy technical explanation that experts had been requesting for three years that covered a security analysis and an explanation of their design choices.

The NSA also agreed to drop the "lightweight" version of both standards – which were pitched as less intensive encryption techniques but which experts felt were easily compromised. But it continued pushing its other, stronger versions.

But by then the trust had been undermined and the same block of countries again voted against the standards at a meeting in the US late last year.

That's when things seemingly turned nasty and the NSA started attacking the reputations of those experts who were advising against approving the standards. The full details of the final vote that took place this week are still unknown. But the end result is clear: Simon and Speck have been cancelled by the ISO, which means that they will most likely never be rolled out elsewhere.

Amazingly, Edward Snowden has yet to comment on the rejection. ®

More about


Send us news

Other stories you might like