Center for Strategic Assessment and forecasts

Autonomous non-profit organization

Home / Defence and security / / Articles
On the suppression of terrorism and cryptography from Microsoft
Material posted: -Publication date: 21-09-2001

In the early 90-ies the representatives of the European Union and the FBI came to the conclusion that in connection with intensive development of telecommunication means lower is the effectiveness of traditional methods of information control. What about tioricet accepted concepts of national security of some States.

As an introduction to the problem

According to the results of the international conference TREVI (Terrorism, Radicalism, Extremism and Violence), held in 1991, it was recommended to harmonize national legislation in accordance with the situation and to oblige telecommunications providers to cooperate with the police and security agencies. In addition, it was noted that the development of standards for hardware that allow for a monitoring of the spread of information.

In 1993 the Council of Ministers of justice and home Affairs of the European Union adopted a resolution entitled "Interception of information disseminated by the communication lines".

According to this document, network operators and service providers are required to allocate one or more permanent channels for distributed interception on communication lines of information and its transfer to the competent authorities (the so – called "fiscal channel"). It will also be possible in real time to specify the location of a particular entity (e.g., mobile subscribers).

Further, in December 1995, the Committee of permanent representatives of member States of the European Union, decided to send a letter to international organizations that develop telecommunications standards, including International organization for standardization and the International telecommunication Union. In the letter, in particular, it was noted that telecommunications equipment and services must meet the requirements defined by the European Union, and the development of future standards needs to be taken with regard to the need of interception of information that threaten national security.

Existing standards for GSM systems and especially on systems of the third generation of mobile communication is almost completely satisfy the availability requirements for interception of any information.

Together with the development of information technologies and the emergence of the information society in cyberprotest happen hidden conflicts of interests of many States. While at this stage is a reflection of opportunities and activities dominated by the defensive, but who can guarantee that tomorrow will not break out information war?

 

About Microsoft CryptoAPI specifications and cryptography

In February 1996, Microsoft experts first introduced the General public information about new project cryptographic application programming interface (Crypto API). Staying true to form, Microsoft has again limited to describing only those features of this interface, leaving a lot of Undocumented functions for informal research.

The standard API includes 23 kryptografiska functions (e.g., function key generation, encryption, decryption) which can be used by applications to perform functions cryptographic closing of information. The idea is to hide the details of cryptographic operations by closing the information from the application and also give the possibility to use different encryption algorithms simply by loading different libraries. This was especially important for the most popular operating system in the world that allowed to use U.S. crypto-algorithm, and export Windows encryption algorithms that do not fall under export restrictions. СryptoAPI is part of the WIN32 interface.

CryptoAPI provides privacy through simplified kryptografiska function (simplifiedcryptographicfunctions), and through the main kryptografiska function (basecryptographicfunctions). These functions provide a way for applications to encrypt or digitally sign data in a flexible way, while protecting for sensitive data a secret key of the user.

Cryptographic algorithms are implemented in modules called "cryptographic service provider" (Crypto Service Provider, CSP), these modules contain a cryptographic function that lies below the API and perform the most critical from the point of view of information security functions for cryptographic protection. To create available CSP application development tool that allows You to create a custom CSP.

Starting with version 2.0, the Crypto API provides a set of functions for working with digital certificates and lists of revoked certificates (certificate revocation lists).

Authentication using digital certificates supported in CryptoAPI functions via the encoding/decoding certificates (certificateencode/decodefunctions) and using the certificate store (certificatestorefunctions). A certificate is a dataset that uniquely describes a specific object and typically includes the public key(key) of the object. The certificate is issued by an Authorized centre (Certifying Authority, CA) after the procedure of confirmation of authenticity of the object.

The CryptoAPI programming model (Fig. 1) can be compared with the model of the graphical interface of Windows. In this case, the modules cryptographic service providers (CSPs) are similar graphical device drivers and cryptographic hardware similar to hardware of computer graphics.

All anything, but Microsoft wouldn't be Microsoft if it would have ended the release of a new application programming interface. The most important thing is that the user will not be able to just embed Windows developed by CSP: for this module to work, it must be verified digitally signed by Microsoft. So.

The operating system will not load and the old CSP. Any system used in the CSPs must be signed by the Microsoft key. It is believed that the Windows kernel contains a 1024 bit RSA public key used for signature verification when a user tries to load a CSP. If there is a failure in signature verification, the CSP will not boot. Microsoft officials claimed that the firm will sign any CSP from any developer, once they confirm that they implemented the algorithm meets the export restrictions. So that you can get your own signed by the CSP module, if you are allowed to export cryptographic algorithms or if the CSP will not be used outside of the U.S. and Canada. Thus, the end user can not use its own CSP, even for internal use, not having signed its first Microsoft version (in fact, the authoring tool allows CSP to do this, but you need a special kernel version).

 

The scandal CryptoAPI

However, within three years after the announcement of the outbreak of a major scandal associated with the cryptographic interface of Windows. In early September 1999 Andrew Fernandez, chief specialist of the company Cryptonym, dealing with the protection of information spread across the Internet a message indicating that the national security Agency of the USA can have access to the core security popular operating systems Windows.

In his message he stated that "...adding the NSA's key, they made it easier for the NSA work on installing protection on your computer without your permission or approval ...".

Naturally Microsoft denied that the NSA has any relation to the found key.

One of the staff of the division of program development protection of Windows NT Scott Culp in one of the refutations, the data over the Internet said that this key is a Microsoft key, and it is not divided with any organization, including the NSA. This key was added in the signature to show that CSP complies with the encryption standards the NSA.

Whatever it was, but the key exists in all versions of Windows operating systems, including Windows 95, 98, 2000, and NT.

The problem arose around the two keys that send with all copies of Windows. The keys provide the outside access that you want to install security components without the user's permission.

The first key is used by Microsoft to sign its own modules of the security service, as discussed above. Until recently, however, the existence and the holder of the second key had remained a mystery.

According to E. Fernandez, in previous versions of Windows, Microsoft had disguised the holder of the second key by removing identifying marks. Using the disassembly Windows NT Service Pack 5 E. Fernandes discovered that Microsoft this time accidentally left the identity information intact. He discovered that the second secret key is labeled "_NSAKEY".

Himself E. Fernandez and many other experts in the field of information security note that the national security Agency USA is the most powerful intelligence Agency in the world, and this is no coincidence.

By using this flaw in the system, Windows protection unit signal intelligence the NSA gain access to computer systems of other States.

Most interesting is that while the NSA did not respond to a request to comment on the situation.

However, in the subsequent brief press release, the NSA has tried to distance itself from this incident by saying that "... questions about specific products should be addressed to the company-developer".

 

The all-seeing eye of the NSA

In the press already appeared information about the global intelligence network Echelon, created by the national security Agency of the USA during the "cold war". The system serves employees of the National Security Agency together with the staff of the Government office of the security communications New Zealand, the Government communications centre, UK, Canadian Department of communication security and communication troops of the Ministry of defence of Australia. The system is based on the orbital grouping of spacecraft radio-electronic intelligence.

System "Echelon" is a network of hidden points of interception of electronic information scattered all over the world. Equipment of these items, with the active use of the satellite segment of the system, capable of intercepting e-mail messages, telephone conversations (including cellular telephones), faxes, as well as the traffic passing through the global fiber-optic communication networks and in the microwave range.

All the intercepted information is transmitted to the collection centre located throughout the UK Menwith hill, and then passed from Europe to USA in Fort Meade (Maryland). Here is the supercomputing center of the system for processing incoming information. Here techniques make it possible with the help of modern speech recognition technology, optical character recognition and data processing, to extract stream information for a given set of criteria.

According to some experts, the system "Echelon" and other centers of telecommunications interception, funded by the European Union and the United States, can effectively resist the formation of tensions that cannot be overcome in other ways. In other words, it's almost a perfect tool of control over the situation in any region on the Earth's surface.

 

Reflections

The last years of the twentieth century was marked by several major scandals in the field of electronic espionage. First is a system of traffic monitoring and interception of electronic correspondence type "Carnivore", then the system of global espionage "Echelon", now NSAKEY in Windows. But five years ago no one thought about the possibility of total removal of information from computers connected to the network. However, life is life. And what about in Russia?

The first major step towards ensuring the national security of Russia in the information sphere was the signing by the President of the Russian Federation on 9 September 2000 information security doctrine of the Russian Federation.

Today it's been over a year since the signing of this document. What has changed in this direction? We have to admit that change, as such, no. Moreover, at present, for example, actively promoted the necessity of joining of Russia to the international Agreement on certification of remedies of information in the General criteria (in the U.S., the project is supervised by the NSA) that may significantly undermine Russia's information security by opening access to the Russian market by foreign hardware and software products in the field of information security. Discussed the draft of the new national standard for the encryption algorithm (again based on international standards). Actively there has been talk od the use of digital certificates, forgetting that one of the key moments in the creation of the Publik Key Infrastructure (PKI) in the USA is the "key Recovery" Key Recovery, which is also overseen by the NSA. In February 2001 received a certificate of compliance FAPSI first Russian product based on the MS Crypto API ...

So for what was accepted Doctrine?


RELATED MATERIALS: Defence and security