Slashdot Mirror
TCP/IP Might Have Been Secure From the Start If Not For the NSA
chicksdaddy writes: "The pervasiveness of the NSA's spying operation has turned it into a kind of bugaboo — the monster lurking behind every locked networking closet and the invisible hand behind every flawed crypto implementation. Those inclined to don the tinfoil cap won't be reassured by Vint Cerf's offhand observation in a Google Hangout on Wednesday that, back in the mid 1970s, the world's favorite intelligence agency may have also stood in the way of stronger network layer security being a part of the original specification for TCP/IP. (Video with time code.) Researchers at the time were working on just such a lightweight cryptosystem. On Stanford's campus, Cerf noted that Whit Diffie and Martin Hellman had researched and published a paper that described the functioning of a public key cryptography system. But they didn't yet have the algorithms to make it practical. (Ron Rivest, Adi Shamir and Leonard Adleman published the RSA algorithm in 1977). As it turns out, however, Cerf did have access to some really bleeding edge cryptographic technology back then that might have been used to implement strong, protocol-level security into the earliest specifications of TCP/IP. Why weren't they used? The crypto tools were part of a classified NSA project he was working on at Stanford in the mid 1970s to build a secure, classified Internet. 'At the time I couldn't share that with my friends,' Cerf said."
You can't currently encrypt the routing encapsulation.
National Insecurity Agency
The headline is horribly horribly misleading. I hope people at least RTFS.
Oh, by the way, "bleeding edge cryptographic technology" is something you never ever want to use.
It would be utterly obsolete by now and would just be a legacy function that would have to be supported for legacy apps and would be a security swiss cheese. TCP is better off just being a pure transport later protocol with modern crypto layered on top.
It's true, that had the NSA chosen to share that info, we could have had better security. On the other hand, the NSA were the ones that developed it, so if not for the NSA, it would not have existed to use.
If TCP/IP had included crypto, we'd all be using IPX now days...
The reason TCP/IP proliferated was because it was light-weight and easy to implement. Crypto would have killed that.
If TCP/IP had encryption way back when, it never would have worked because it's too slow. Shit, stuff was so slow that people turned off checksumming. Imagine having to do something exciting, like actual encryption. It'd be worse than running a 300 baud modem.
We used to use telnet, ftp and uucp, those weren't secure or encrypted.
The internet used to be open and free, owned by no one.
It's a stretch to think they wanted to do encryption from the start.
What the heck does that mean? Do you even understand how the OSI model works?
IIRC Encryption is layer 6/7, not layer 4. Theres a reason it was layered the way it was.
And this effect's anyone how, are they planning on rolling it out in the next release!?!?! NO... Because you've got too many corrupt little players in this game; Oh look it's Google McCuntyMcFuckFace and the Googly android with CVE's that are all over 9 months old, whats that you dont have a User ID or a GUID.. yes, we know how that feels to be completely backdoored by people claiming they want to protect your privacy when they really want to take it all away. Microsoft doesnt feel threatened by the encroaching approach of all that Free open ideology, not in the least, they're too busy playing with there "Dutch Sandwhich!" and discrediting all that FOSS as Hacktivism. Apple, well anyone who models there Logo on a half eaten apple has too be a bunch of sinful bastards dont they! Pfft, the problem is there are too many vendors, too many suppliers, all greedy all want something and the end result is what we have now...
Rather misleading article and slant there. It implies that the NSA deliberately took action to make TCP/IP insecure. However, in reality, the NSA merely didn't contribute their classified work towards the specification of TCP/IP. And frankly, that's a good idea. The overhead of encryption at that time would have been too much. Additionally, cryptography only gets better with time, so whatever algorithm that would have been selected would have long since been obsolete. And due to backwards compatibility, would still have to be implemented. After all, things like routers and such are a tad more difficult to update than programs.
Encryption can be applied at various layers. You can have link-layer encryption (level 2), network-layer encryption such as IPSec (level 3), transport-layer encryption such as SSL (level 4) and application-layer encryption such as SSH (layer 7)
I have been lately doing some reading about the networking abstraction layers and I do not see why TCP and IP could not have been created as single layer. Comments?
The big stack of the OSI model sometimes makes me cringe also in general and I wonder if we are just wasting bandwidth with the various encapsulated headers.
they're actually talking about layer 3 (network layer) encryption... which is entirely possible if you want to slow down the entire routing of the entire network... yes current encryption is in the presentation/application layer, (6/7) the idea is that it could have been implemented at a much lower layer in the stack, had Cirf been allowed to take his work that he did for the NSA to his work on TCP/IP.
although to be fair I doubt it would have been implemented, or been optional. as the networking speeds of the time and the computing power required for encryption on such a base level, would be hard to implement, and slow.
GP sounds tough and rebellious while ultimately making no sense whatsoever. Like a frighteningly large number of people in the NSA "debate".
Okay, that does it!
I know you dudes-in-black are hiding flying cars powered by Mr. Fusion, and the pickled Roswell aliens.
Hand 'em over! Hoffa too!
(But take Lady Gaga back, please)
Table-ized A.I.
" Do you even understand how the OSI model works?"
Given Layer 6 is almost entirely written by me, yea, I know far more than you do.
Come back when you've got a fucking clue.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
Now get off of my lawn!
"Cerf did have access to some really bleeding edge cryptographic technology back then"
So they had some cryptographic technology that was still new for the time, but had been out a while at that point so it had fewer bugs.
grumble grumble
NSA.
For everything that's wrong... blame them.
It's not that our society is failing, that our voters are mentally obese and thus always pick the wrong option.
Nope, it's the NSA. NSA did this to you. You're the victim, not the perpetrator.
Keep saying it and maybe someday, you'll believe it.
Futurist Traditionalism
[Citation needed]
Not that I don't believe you but there's a lot of assholes on the net nowadays.
"Wait. Something's happening. It's opening up! My God, it's full of apricots!"
There were individuals and organizations back in the seventies and eighties that got in trouble with the US Government for writing and publishing software that used strong encryption. The problem was that the published code was visible from outside the US and ran afoul of ITAR regulation (citation: check the history of PGP). Incorporating strong encryption in TCP/IP would have made its use and adoption subject to US ITAR regulation.
If you want an example of link-layer encryption, WEP/WPA.
Bob Metcalf dubbed him "Darth Cerf".
Some people do the right thing and damn the personal cost.
http://www.ted.com/talks/edwar...
Need Mercedes parts ?
Like PGP?
Pffft.
Anyway, it's not too late:
http://vimeo.com/18279777
(Skip the first 14 minutes of chair-shuffling)
Need Mercedes parts ?
I've got my own implementation that is OSI compatible. But given I answered more than half of the RFCs and had over 30% of those comments implemented, I'm still a father.
Oh, you wanted a name? No, sir. Do that work for yourself.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
Whenever I hear anti-NSA rhetoric, I ask: imagine the same things being said about Alan Turing et al working to decode Germans' messages... Would Mr. Snowden receive the same respect and adoration, if he published the secrets of Bletchley Park in 1943?
How about the horrible "privacy invasion" that provided for intercepting of Zimmerman's telegram.
Not excusing everything NSA is doing these days, but putting things in perspective...
In Soviet Washington the swamp drains you.
This is a classic solved problem in computer science: chose an algorithm that you can support in the generation of machines you plan to deploy, even if it's slow in the lab.
MIT specified an amazing fast processor for Project Athena, an entire 1 MIPS. Unheard of! Of course, it was perfectly normal when Athena rolled out. [Origin: the guys there explaining we could use the DEC 2100s we already had at York if we wanted to deploy Athena]
--dave
davecb@spamcop.net
First of all, the thing you would use to protect connections is most naturally Diffie-Hellman, not RSA. Both were way two expensive to use in the 70s.
Second, if you want to see what a protocol looks like which combines TCP ideas and Crypto, take a look at MinimaLT at the Ethos project (www.ethos-os.org). They claim, faster than TCP/IP, more secure than TLS, and dead simple.
If NSA would have been involved in making TCP/IP would people have used it?
There is a lot of hate being spewed at the NSA these days. Totally ridiculous title that needs to be changed by a Slashdot moderator.
Wow, it's always a tough competition, but this may win "Ridiculous Slashdot Headline Of The Week".
Logic 101, folks. Let's recap that headline:
"TCP/IP Might Have Been Secure From the Start If Not For the NSA"
Now, what's the story here? One of TCP/IP's designers had access to some then-bleeding-edge crypto *that was part of an NSA project*, but couldn't include it in TCP/IP because it was secret.
Now, can we support the idea that "if not for the NSA" that crypto could have gone into TCP/IP? No, because "if not for the NSA" that crypto *wouldn't have fucking existed at all*. The NSA wrote it. So the choices are "code written, but not available for use" or "code not written at all". Practical difference for the purposes of TCP/IP: zip.
Google claims the moral high ground of protecting privacy while at the same time maximizing profits by exploiting your web activity.
Companies like Facebook mine all of your posts for the purpose of targeting advertising to get you, or your friends, to buy products and services - that you honestly do not need
Companies are getting hacked left and right and your personal information and credit cards are getting stolen.
All of this is going on and yet Slashdot posters continue to assail government agencies? Amazing.
NO connection is point-to-point.
TCP is implemented on TOP of a simple packet...For a TCP connection from A to B has to to "point-to-point" to EACH INTERMEDIATE ROUTER. One packet at a time. Not all packets have to follow the same route. Not all packets arrive in order... Sometimes packets are dropped... Hence the layered protocol for TCP on top, along with the ack packets to cause retransmission of missing packets... And the result is that no connection from A to B is point-to-point.
It was artifically expensive due to all encryption technology declared to be munitions. Thus no one was allowed to research it.
RSA was known (pre-release) around 1975 (I was shown the paper by my professor).
As for speed - not bad. The original RSA was defined for 32 bit and 64 bit keys - just like DES (well, DES was limited to 56 bit keys being aimed at either 7 8 bit bytes or 8 7 bit ascii characters) . Neither was all that slow. RSA is always slower than symmetric key encryption, which is why all implementations actually only use RSA encryption to exchange random symmetric keys. Once the random keys are exchanged, those are used instead of RSA.
What delayed the general use of encryption was two things:
1. the definition of encryption as munitions
2. the patent on RSA delayed its use until the patent ran out.
Everyone cries about how insecure the X window protocol is... It wasn't. Originally the X code used encryption - but due to the encryption as munitions problem, MIT couldn't release the code for general use. They couldn't even leave the API hooks in it as that was ALSO declared to be part of the munitions. So all of it was removed.
It's not a popular opinion, but Vint Cerf has always managed to quietly align with the big corporations and their interests despite how opposite they happen to be to the public's interest.
It would be one thing to encrypt all traffic end-to-end with a Diffie-Hellman exchange per TCP connection. But it would be quite another thing to prevent active attacks from three-letter agencies. You'd need a way to establish and ensure trust as well. If they can't decrypt the connection itself, they can use an active attack to intercept it and decrypt it. Even if the target is using SSL with PFS, they could always national-security-letter a signed certificate out of a CA in their jurisdiction. It doesn't really matter what security is employed; there will always be a way to defeat it. All we can do is make it harder.
Popular meme - don't do your own cryptography. Why not? Well, because *you don't understand*. Maybe true, for the naive. But if you've been in the business long enough, and your mind is not made of clay, you learn a thing or two. There are really *two* reasons you shouldn't do cryptography yourself. One - you probably don't know what you're doing, and will do something that is insecure. Two - you might do something the NSA (or equiv) can't crack, or you would create a lot of extra work for them, so please don't do that.
Everyone within government knew what to expect. Since the dawn of time, communications of all sorts have been intercepted by governments spying on each other. They understood that any unshielded and unencrypted communication would be intercepted, and since the dawn of time a focus was on either encryption and/or heavily shielding all communication lines to prevent remote monitoring.
The military knew when they let the internet into peoples homes that it was designed to be insecure, having no encryption and no shielding of the communication lines, which since the dawn of time has let the government in to our communications. In fact, I imagine, the internet was not given to the public but for any other need than for the government to have a connection into everyone's homes, and for the data transmitted and communicated to be intercepted and monitored by the government.
Today we know the NSA has turned their awesome air wave monitoring ability against us, and now they even have direct lines of communication into every home, and into every pocket of every citizen who owns a computer, game console, cellphone, set top box, or other device.
They also have the mind read/altering radar which allows direct access to EEG memory probe and listen to our thoughts directly. NSA Remote Neural Monitoring, fully patented in 1974 by a major radar defense contractor .. Details at http://www.obamasweapon.com/ (look up 4/3/2014 article on EEG heterodyning, listing 3 covering patents for their radar/satellite monitoring system).
What no one realized is that the government was always monitoring their own country for absolute citizen control, before even caring about foreign countries. The NSA's first operations were tapping citizen communications back in the 1950s during Project MINARET, which began as Project Shamrock before the NSA was even created. The monitoring continued even after Frank Church blew the doors off the intelligence community abuses in the 1970s and nothing was ever dealt with, leading up to todays surveillance state.
The people who invented TCP/IP weren't even thinking about security. The network they imagined was one that went between a few buildings on the same campus. Nobody dreamed of the need for security at that point, any more than Alexander Graham Bell was thinking about voice security when he invented the telephone.
The Internet was NEVER owned by no one.
It isn't a magic kingdom. It's hosted on servers and backbones that were *always* owned by someone(s). So the 'free as a bird' perspective is just blatant fantasy.
The earliest Internet tech was developed for DARPA/USGOV. It also appeared around the same time in academic uses. Neither of these was 'free' nor 'uncontrolled'.
It may have been not heavily policed in the early days, because nothing much of general public interest (or interest to the movers and shakers) was happening on the limited public Internet, but it sure as heck was all owned by someone.
I don't find it a stretch at all that engineers didn't consider encrypting for privacy and security at the start. It may not have been practical (either given public domain cryptosystems or hardware) but it may have been conceptually considered.
-- Mal: "Well they tell you: never hit a man with a closed fist. But it is, on occasion, hilarious."
You could encrypt content. That's something and the content could have been secure.
You are correct that encrypting routing encapsulation would be a whole other ball of wax, so who transactions were between may not have been protected.
Content would at least have been more private than it is today (until NSA used a big lever on hardware and software producers anyway).
-- Mal: "Well they tell you: never hit a man with a closed fist. But it is, on occasion, hilarious."
Someone uses it and the bugs get identified and resolved.
Every solid release came from buggy prototypes.
-- Mal: "Well they tell you: never hit a man with a closed fist. But it is, on occasion, hilarious."
TCP is transport layer. IP is not. (at least by the OSI model and I think the TCP model though I'm a bit rustier on that one - Network layer is IP)
There is no reason to imagine TCP/IP could not have included Session or higher level encryption protocols without really affecting the TCP or IP parts of the protocol stack. The design could well have been exactly as you suggest.
-- Mal: "Well they tell you: never hit a man with a closed fist. But it is, on occasion, hilarious."
If TCP/IP had included crypto, we'd all be using IPX now days...
The reason TCP/IP proliferated was because it was light-weight and easy to implement. Crypto would have killed that.
There would have been more resistance to adopting it, too.
As it was, there was substantial resistance among people and institutions sited outside the US, because the Internet was a DARPA project, i.e. U.S. Military. Other countries, organizations within them, and even some people in the US, were concerned about things like what the US might be building in - like interception and backdoors for espionage and sabotage - or just because "Military! Bad!". Including encryption from the then officially nonexistent, deepest secret, communications spy agency would have boosted that resistance substantially.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
I do not see why TCP and IP could not have been created as single layer.
That was one of the major divergences from other networking schemes of the time that gave TCP/IP an advantage.
IP is a lower layer than TCP. It's about getting the packet from router to router, and is as deep into the packet that core routers have to look to do their jobs. Core routers are supposed to be "as dumb as rocks", putting as little effort as practical into forwarding each packet, in order to get as many of these "hot potatoes" moved on as quickly as possible and keep the cost of the routers down (and to drop any given packet if there's any problem forwarding it).
TCP is one of several choices for the next layer up. It runs only at the endpoints of a link. It does several things, which are all about building a reliable, persistent, end-to-end connection out of the UNreliable, "best effort", IP transport mechanism. Among these things are:
- Breaking a stream up into packet-sized chunks.
- Creating reliability by hanging error detection on packets and saving a copy of the data until the far end acknowledges successful reception, retransmitting if necessary to replace lost or corrupted packets.
- Scheduling the launching of the packets so that the available bandwidth at bottlenecks is fairly divided among many TCP sessions, while as much of it is used as practical.
- Adding an out-of-band "urgent data", channel to the connection (for things like sending interrupts and control information).
Some other networking schemes of the time did this on a hop-by-hop basis, requiring much more work by the routers. TCP put it at the endpoints only.
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
NO connection is point-to-point.
Most Internet communications are carried in packets with unique source address and unique destination address. Conceptually, it doesn't matter whether those packets are encoded with Point-to-Point Protocol on a serial cable, or whether they go through a bunch of routers first. A more pedantic term is unicast. So, the actual counterexample would be multicast, and despite best efforts, there's very little of that on the Internet.
The real exception to point-to-point communications is WAN acceleration, but I'm guessing that its effects are minor across the Internet.
Have a nice time.
There seems to be more NSA shills here now, using faulty logic to defend NSA, such as crypto being too slow then, and that it is right to withheld crypto.
The choice of using crypto on the net would have been nice to have back then, for stuff like protecting people, nations, businesses, even if the crypto was slow. So the job of NSA is obviously not to protect USA, but weaken it, and others. There were faster crypto back then, which of course also was weaker, but could have been strengthened by such methods as longer keys and hardware.
TCP/IP: 1974
diffie-hellman: 1976
Sure, NSA had public key crypto before that, (1973, GCHQ in the UK), but there wasn't as much collaboration between states as now.
Plus, we would have needed something like x.509 (1988), integration with world-wide certificate authorities or something like that..
All of that at a time when there were only 2 people on 2 computers and they knew each other? Maybe we're pushing it a little bit too far on blaming the NSA...
Anyway, even today secure protocols have their problems, and even if they are secure, none of them addresses the problem of having to trust a certificate authority. (web of trust is not global, so I'm not counting it here)
There have been many reformers over the years. Are you telling me they were all wrong?
You're ignoring the fact that the options presented reflect what is likely to succeed with the herd of voters. We the People are the enemy.
Futurist Traditionalism
We had much less powerful computers back then, and crypto didn't really break out into the open until the 1990s. Even now, if you work on a software product that contains crypto, you have to carefully segregate it from the rest of the code and never change it to prevent the cost of a government re-evaluation; because of laws that treat crypto like international weapons sales. In our case, it's the comical idea that The Israelis might learn something from our American Crypto Code; when much of the crypto is invented in Israeli universities.
The internet succeeded in part because it was under-specified, which made it easier to implement. Also, privacy and defense from attack are completely different things that interfere with each other. Intrusion Prevention relies on being able to parse the clear-text traffic to look for bug exploitation. As soon as everybody encrypts everything, this kind of centralized defending is over.
The only way to defend a server from a malicious client talking over an encrypted pipe - is to write correct server code. Most server code is comically insecure. If it's not written in a scripting language that will evaluate arbitrary injected code, it's written in adhoc C code. Ubiquitous encryption is going to demand that servers only ingest input that follows a well defined spec that the code is proven to follow.
What do you do about countries like the US that still limit the export of strong encryption as a military munition? How about countries which will not permit their citizens access to such encryption? And how do you get the assorted governments of the world to agree upon and implement one standard? The internet isn't some kind of nationless paradise where information gamboles on the green and frolics in the sun. More like the Wild West, with shark-wielding lasers, hookers and blackjack thrown in.
The crypto tools were part of a classified NSA project he was working on at Stanford in the mid 1970s to build a secure, classified Internet. 'At the time I couldn't share that with my friends,' Cerf said."
Another one drops into my asshole category for working for intelligence/military/military contracting. And they probably almost all think they were "serving America".
Really dont like calling people out but youre pretty full of BS. By your own admission you do LED work growing Cannabis, which hardly relegates you to being an OSI expert, and when I google your name (initials: A. M.Q.) + OSI or RFC, nothing at all comes up.
According to your google+, you graduated HS around the same time I did, which means you were in middle school when the OSI model was formalized. It would be mightily impressive if you "wrote Layer 6" before entering high school.
Please, cut the BS.
I was one of the leading team members at System Development Corporation (SDC) in the 1970's on various secure operating system and secure networking projects for various US and UK governmental bodies.
Some of that work was classified, much was not.
In late 1974 David Kaufman and I were working on network security, particularly on the then monolithic TCP (there was at that time no formalized underlying datagram IP layer.) Among other things we were designing and building a multi-level secure nework, with multi-level verifiied secure switches/routers, for a goverment agency.
In our work we split an encrypted datagram layer off from the underside of TCP. Because of nature of packet ordering, packet loss, retransmissions, as well as aspects of various security algorithms this was not as straightforward as one might think.
What we came up with was a precursor to what are today encrypted VLANS, IPSEC, and key distribution infrastructures.
However, we were not able to publish our work widely. In fact now, 40 years later, there is scarcely anything visible on the public web. Even our work that was published via the then National Bureal of Standards (now NIST) is not easily found. (I have been searching for years for a copy of some work I did on debugging hooks for secure operating systems.)
We also worked on things like capability based computers and operating systems with formal verfication of security properties. During that time I designed and wrote what is aguably the first formally verified secure operating system.) That work, also, tends to remain hard to find.
Vint Cerf was a consultant to our group. He helped. But the major thrust and principle design work was done by our team at SDC.
The US Dept of Defense (which includes several agencies) funded much of this work - and really helped move things along - but their institutional resistence to wide publication meant that many of the ideas and implementations we did in the mid 1970's were invisible to most of the world until they were re-invented decades later.
Isnt the real issue that the Industry - and I mean all of the talking heads - kept the holes a secret. In fact the Audit Community has been signing off on documents they refused to review evidence of regarding the TCP/IP vulnerabilities - specifically IP Layer vulnerabilities.
This isnt funny - its not a joke. Professional Big-4 Auditors, the AICPA itself and many other entities simply refused to take formal notice of this key liability from parties who were in fact SMEs but who were the targets of a besmirching and blacklisting attack which went to the very top of the IETF the specific standards community who has been lying to the world about its baby - TCP/IP for about 25 years now or so.
This isnt funny. The IETF has lied to the public. The very standards agency itself responsible for that code and technology lied to the public. Not once but continuously over decades about the flaws in the protocol and routing tools. This is why we need a criminal investigation into manipulation of global standards by certain Governments and Commercial Entities building out that Tech for them, and we need it immediately.
Todd Glassey