TCP/IP Might Have Been Secure From the Start If Not For the NSA

chicksdaddy writes: "The pervasiveness of the NSA's spying operation has turned it into a kind of bugaboo — the monster lurking behind every locked networking closet and the invisible hand behind every flawed crypto implementation. Those inclined to don the tinfoil cap won't be reassured by Vint Cerf's offhand observation in a Google Hangout on Wednesday that, back in the mid 1970s, the world's favorite intelligence agency may have also stood in the way of stronger network layer security being a part of the original specification for TCP/IP. (Video with time code.) Researchers at the time were working on just such a lightweight cryptosystem. On Stanford's campus, Cerf noted that Whit Diffie and Martin Hellman had researched and published a paper that described the functioning of a public key cryptography system. But they didn't yet have the algorithms to make it practical. (Ron Rivest, Adi Shamir and Leonard Adleman published the RSA algorithm in 1977). As it turns out, however, Cerf did have access to some really bleeding edge cryptographic technology back then that might have been used to implement strong, protocol-level security into the earliest specifications of TCP/IP. Why weren't they used? The crypto tools were part of a classified NSA project he was working on at Stanford in the mid 1970s to build a secure, classified Internet. 'At the time I couldn't share that with my friends,' Cerf said."

It should be renamed the NIA

National Insecurity Agency

In a way its a good thing it didn't happen

[Viol8]

It would be utterly obsolete by now and would just be a legacy function that would have to be supported for legacy apps and would be a security swiss cheese. TCP is better off just being a pure transport later protocol with modern crypto layered on top.

Re:In a way its a good thing it didn't happen

Not to forget that 70's computers were very very slow and cryptography would have been to much a bottleneck to be widely used. Today some people still claim SSL makes their website slow.

Misleading headline

[Alan+Shutko]

It's true, that had the NSA chosen to share that info, we could have had better security. On the other hand, the NSA were the ones that developed it, so if not for the NSA, it would not have existed to use.

IPX

If TCP/IP had included crypto, we'd all be using IPX now days...

The reason TCP/IP proliferated was because it was light-weight and easy to implement. Crypto would have killed that.

Encryption would have been too slow

[mveloso]

If TCP/IP had encryption way back when, it never would have worked because it's too slow. Shit, stuff was so slow that people turned off checksumming. Imagine having to do something exciting, like actual encryption. It'd be worse than running a 300 baud modem.

Misleading article.

[jcochran]

Rather misleading article and slant there. It implies that the NSA deliberately took action to make TCP/IP insecure. However, in reality, the NSA merely didn't contribute their classified work towards the specification of TCP/IP. And frankly, that's a good idea. The overhead of encryption at that time would have been too much. Additionally, cryptography only gets better with time, so whatever algorithm that would have been selected would have long since been obsolete. And due to backwards compatibility, would still have to be implemented. After all, things like routers and such are a tad more difficult to update than programs.

Re:Misleading article.

[Hrdina]

Exactly, and I think this is what the AC was trying to say in one of the earlier responses.

The headline seems as if it is trying to tie this story to all the recent reports of the agency actively weakening crypto algorithms.

It would have been insane to allow classified algorithms to be published along with TCP/IP (unless of course they were willing to declassify).

I didn't watch the video, but read TFA. There, Cerf is quoted to say:
1. “If I had in my hands the kinds of cryptographic technology we have today, I would absolutely have used it,”
2. “During the mid 1970s while I was still at Stanford and working on this, I also worked with the NSA on a secure version of the Internet, but one that used classified cryptographic technology. At the time I couldn’t share that with my friends,” Cerf said. “So I was leading this kind of schizoid existence for a while.”

Maybe he said it in the video, but in TFA he does not say "I wanted to use the classified technology in TCP/IP but the agency denied my request."

Re:Flamebait

[hawguy]

the world's favorite intelligence agency may have also stood in the way of stronger network layer security

But that is misleading. The NSA did not "stand in the way". The just declined to help. That is not the same thing.

The research existed, Cerf had access to it, but they didn't allow it to be used.

If your house is burning down and the fire chief prevents you from using the fire hydrant in front of your house even though you have the right equipment to hook up to it, wouldn't you say he's standing in the way? He's not just declining to help, he's actively preventing you from using tools and knowledge that you have because he's afraid that other people will see you do it and then they'll know how to fight their own fires.

Re:Flamebait

[Anubis+IV]

The headline is horribly horribly misleading. I hope people at least RTFS.

Exactly. This isn't a "would have been" that failed because of NSA involvement. This is a "would not have been" that failed all on its own. The NSA had some confidential tools at its disposal that may have been able to salvage the idea, but them not sharing their tools is hardly a reason for us to be shaking our fists and saying "it would have worked if not for them". It's like blaming a toll road for your late arrival after choosing to take public streets instead of the toll road. It makes no sense.