Microsoft Opens 'Transparency Center' For Governments To Review Source Code

MojoKid writes with news that Microsoft has announced the opening of a 'Transparency Center' at their Redmond campus, a place where governments who use Microsoft software can come to review the source code in order to make sure it's not compromised by outside agencies. (The company is planning another Transparency Center for Brussels in Belgium.) In addition, Microsoft announced security improvements to several of its cloud products: As of now, Outlook.com uses TLS (Transport Layer Security) to provide end-to-end encryption for inbound and outbound email — assuming that the provider on the other end also uses TLS. The TLS standard has been in the news fairly recently after discovery of a major security flaw in one popular package (gnuTLS), but Microsoft notes that it worked with multiple international companies to secure its version of the standard. Second, OneDrive now uses Perfect Forward Secrecy (PFS). Microsoft refers to this as a type of encryption, but PFS isn't a standard like AES or 3DES — instead, it's a particular method of ensuring that an attacker who intercepts a particular key cannot use that information to break the entire key sequence. Even if you manage to gain access to one file or folder, in other words, that information can't be used to compromise the entire account.

What's the point?

Governments shouldn't be using closed source garbage to begin with. It just locks them into a specific company and keeps them at their mercy, not to mention that even if the government reviews the source, the public can't do the same. Not a good message to send.

Re:What's the point?

The alternative is for governments to use open source software and manage software development and maintenance themselves (or contract it out). Looking at fumbling attempts at any IT project from just about any government I wouldn't trust their competence enough to extend them more responsibilities.

Re:What's the point?

[AHuxley]

At least then its your own countries option. No colonial box or product to buy, then rent support for and beg for fixes.
A domestic IT project at least offers your best experts to set standards and review the code.
Other nations do not all fail at complex math, code, design or funding.
Other nations may try to keep 5+ other countries out of a networked product as delivered.

Re:What's the point?

[AHuxley]

Re 'Isn't it already their option?"
Not with complex trade deals demanding equal consideration to fully imported systems. The reality that a product line is open to 5+ other nations security services is not really allowed to stop consideration early.

Re:What's the point?

[dotancohen]

Governments shouldn't be using closed source garbage to begin with. It just locks them into a specific company and keeps them at their mercy, not to mention that even if the government reviews the source, the public can't do the same. Not a good message to send.

Actually, the _real_ point here is that Microsoft is now implying, quite strongly, that open-source software is preferable for security, privacy, and other sensitive purposes.

I hope the governments and other entities that this program targets are smart enough to read between the lines.

Re: What's the point?

[cyber-vandal]

Some of the most expensive IT failures in history have come from contracting it out to the amazingly efficient do no wrong private sector.

Re:What's the point?

[viperidaenz]

Microsoft isn't implying that. They trying to convince customers they don't have NSA backdoors.

Re:What's the point?

[Dr_Barnowl]

And who says they build their binaries from those sources? The backdoors are probably kept in a separate branch and merged with the release branch at build time...

Re:What's the point?

[jenningsthecat]

And who says they build their binaries from those sources? The backdoors are probably kept in a separate branch and merged with the release branch at build time...

This, exactly. Now if Microsoft allowed governments to build their own binaries from the source they had just finished reviewing, there might be some reassurance that this isn't just a smoke-and-mirrors act. Then again, the toolchain might be compromised. Somehow I don't think MS will allow governments to have access to the toolchain sources as well. And even if they did, I suspect most governments don't have the resources to conduct such a comprehensive review.

Re:What's the point?

[Mr0bvious]

More to the point - how do they know that's the code they're running?

Unless they can compile their own binaries with their own compilers it could be all smoke and mirrors anyway.

Re:What's the point?

[Dr_Barnowl]

If you ask any IT team lead, the real reason is the usability and it-just-works qualities of the software.

If you ask most IT team leads, the real reason is that they know that users in general treat computers like voodoo - perform a particular ritual a particular way, and you get the desired outcome. This lack of mental flexibility means that when someone learns a particular GUI they are not keen to change to a new one - which is the reason you get exactly the same inertia about switching to a new version of MS Office (vis: all that Ribbon hoo-hah) that you do for switching to another OS (with it's other applications with other GUIs).

This is the "usability" part of that statement. That's the reason that people railed so heaviliy against Windows 8. Why do you think MS invest so heavily in giving copies of their software to schools? Get those GUI rituals in peoples heads.

As for it-just-works... MS software does plenty of infuriating and irritating does-not-just-work things.

* Linux : I can move a file while I have it open in an editor, and saving the file in the editor saves to the new location
* Windows : Won't let you move the file

Microsoft would solely have to lean on selling support and consultation services after that.

I can imagine that terrifies them ; presently, even if you pay for support, you get very little. You get better support for Windows and other MS software from the community. With popular OSS projects, you typically get good support from both the community and the authors, AND you get the ability to look at the source code to understand your problem better or even fix it (or hire a contractor to do this). This is one of the cornerstones of why I use OSS wherever possible in my technology stack - the larger the software company gets, the less my problems matter to them. IBM manages just fine in this model.

Windows works today, out of the box.

This is so untrue on so many levels.

When I install Linux, it usually takes about 20 minutes, with no driver downloads (because I do my homework and buy compatible hardware). Most distro's leave you with a machine that has a bunch of useful applications, out of the box.

With Windows, I've had to hunt for drivers, download drivers, slipstream special drivers into special install disk images (so that the install can proceed far enough for the real drivers to be installed...). This is for machines that were sold with Windows and provided with install images. It literally took me all night to reinstall my wife's laptop (reboot! reboot! reboot!) after her office decided that because the Linux install didn't support their proprietary disk encryption program it wasn't suitable (never mind that it had perfectly good encryption on it anyway). And that's just for the core OS, never mind the vast list of applications that you have to add to make it even marginally useful.

At that moment, the Linux guy will still be applying various fancy patches and trying out different distro and desktop environment combinations to see which works best.

I use Linux for all my real, productive work on a daily basis, use stock packages for the vast majority of things, use the standard Ubuntu image, again, out of the box, without doing anything to it bar installing packages and configuring a few of the options a little.

Unlike Windows, I don't need to tweak my install ; If I move to another machine (say, a hardware replacement cycle), I can literally move the disk from one machine to another and keep on trucking - Windows throws the most epic tantrum imaginable if you try that. If I want to go crazy and upgrade to a new version of the OS, I back up my home folder, install the new OS, install the packages I had before with a single command, restore my home folder and move over most of my files and config folders... and I'm off again. Again, if you try that on Windows, you're screwed, because mo

Re:What's the point?

[donaldm]

Providing the source code for Microsoft software to governments, sounds like a PR exercise. You would need the appropriate government representatives to be able to understand the source code for starters as well as being able to test it and to certify that a specific build and updates are actually from that source code. Personally I can't see that actually happening especially if said representatives have to sign a None Disclosure Contract.

Still I am quite sure Microsoft PR will state that this is our source code and "Trust Us" this compiles to make the binaries you are using and I am quite sure many government representatives will will be quite satisfied with this since they are effectively "locked in" to using Microsoft products anyway and it (to them) is a better alternative to using that "Communist" Linux thingy :)

Somebody has to do it

[UrsaMajor987]

Ken Thompson on trusting trust. http://cm.bell-labs.com/who/ke...

Re:Somebody has to do it

[Anubis+IV]

The TL;DR version for folks who haven't seen it before or don't want to read it (which you really should do): just because the source is trustworthy doesn't mean the binaries are. The process to accomplish this sort of attack is fairly straightforward:
1) Modify, say, the compiler's source code so that it adds backdoors to some/all of the code it compiles.
2) Compile it, then replace the clean binary for the compiler with this new, tainted binary.
3) Revert the changes to the compiler's source code, erasing any evidence of wrongdoing.

By itself, that doesn't create a backdoor, but anything compiled using the tainted binary could potentially have a backdoor secretly added, even though the source code for both that code and the compiler would appear to be perfectly clean. The problem could be very hard to discover or pin down as well, only manifesting when a particular file is getting compiled, or even a particular line of code.

I think most of us are already familiar with this sort of attack, but it's worth repeating, since it's exactly the sort of thing that Microsoft's "Transparency Centers" don't address, and exactly the sort of thing we'd be expecting a government to be doing.

Re:Somebody has to do it

[mellon]

You don't even have to do the Ken Thompson trick. They're showing you source, sure, but is it the actual source from which your binary distro was compiled? Get real. Even if they have good intentions, chances are they don't have a reproducible build process.

Code vs Binaries: Big Difference

Who cares if you can look at the code? What matters is what you're running.

Looking at the code gives you nothing if you can't compile it to the exact same binary that you are running.

And even if they let you do that... you still need to trust the compiler, and the compiler that compiled that compiler, etc.

Who thinks up these names?

[dbIII]

Perfect Forward Secrecy? Why not call it Excessive Hubris Before Fuckup? Eventually something is going to be more "perfect" even if the thing is quite good.

Re:Who thinks up these names?

"Perfect Forward Secrecy" is a standard term in cryptography. It seems to have been introduced by Diffie, van Oorschot, and Weiner in their paper Authentication and Autheticated Key Exchanges.

The description of Perfect Forward Secrecy in the summary seems pretty confused. A cryptographic protocol has perfect forward secrecy if the only long-term key pair is used solely for authentication; that is to protect against man in the middle attacks and the like. Since you can't perform a man in the middle attack once the message has been transmitted, this means that compromise of the private key only jeopardizes future communications. In contrast, if a service uses RSA or ElGamal in the usual manner, then once the private key is compromised (e.g. via a Heartbleed like vulnerability), then all messages ever transmitted can be decrypted using this private key.

...and..

[JustNiz]

>> a place where governments who use Microsoft software can come to review the source code

Where's the proof that the source code you see is exactly the same as that which gets compiled to make the Windows you buy?

Also does anyone else find it as highly suspicious as me that this center is only open to governments?

Re:...and..

[AHuxley]

re Where's the proof that the source code you see is exactly the same as that which gets compiled to make the Windows you buy?
Your experts compile/test the code as they wish over time at the site. The end result is then known.
A magic number is then produced as to the tested product on site. The application/suit as shipped then matches that same end test numbers.
ie the applications do not have ~extra code added.

Re:...and..

[scsirob]

That will only work if government officials observe the creation of the gold RTM code and then every patch there after. Inspecting the source code today and not finding anything is no guarantee that this will be the case tomorrow. You don't get 'your compiled version' as the production code. And even if you do, the next round of patches you are done for.

Using a checksum/hash for the produced files is no use either. Even with unmodified sources, if you compile the same code twice, the produced executable will have different metadata (creation date, file headers, build number) so the hash will be differrent.

How to prove the source code maps to the binary?

[Vellmont]

So.. Microsoft let governments of the world look at the source code at your special center, and then double-dog-swears that there's nothing fishy going on between then, and compiling the source code, like say a patch applied somewhere in the build process? Riiiight.

If you WERE to put a backdoor in, that's probably how it'd be done. Would you really want a backdoor explicitly in the code for a developer to find? Of course not, you'd put in something only a few people know about. The secret to secret keeping is limiting the amount of people who know.

The other way to hide the backdoor is to make it a hard to find bug. Plausible deniability is quite high.

I have to believe this is good news though. It means a lot of foreign governments are suspicious of closed source software, to the point where Microsoft has had to announce a plan to make their code however less closed source.

Re:Intended Consequence?

[exomondo]

1/ How can observers know that the source code shown results in the compiled binary sold.

Compile the code and compare the binaries?

2/ How can observers know that when compiled the compiler does not introduce vulnerabilities.

Same way you would for open source software: inspect the compiler code.

3/ Would not a malicious observer use the knowledge of the source to look for vulnerabilities for their intelligence agencies to exploit later.

Maybe.

4/ As a private citizen how can I be assured of or against all the above if I and a number of expert friends cannot also look at the source.

You can't, but then you can't practically do it in the open source world either, at some point you have to trust somebody, if you don't then the simple answer is don't use the product. I inspect a lot of open source software but it's mostly for interest sake, I don't pretend to understand the full scope of it, much less the 3rd party libraries or the compilers or OS I run it on or the drivers for the hardware or the physical hardware or the microcode within that hardware (where I can even get to it), you have to trust far to many people to consider things safe even when using open source software.

Seriously?

[NewtonsLaw]

Who the hell is going to sit down and scan a few million lines of source code with Microsoft looking over your shoulder and hope to spot a backdoor or two in the process?

Even then, how can you be sure that the source code they show you is the stuff you're actually running?

What a PR stunt this is!

Too little too late?

[erroneus]

1. Government shouldn't use anything proprietary and the US should follow its own rules (AMD exists because gov't rules requirements, why not Microsoft compatible-competitors?)
2. Vendor lock-in always leads to over-pricing and government waste (also, see #1)
3. Microsoft did a deal with the devil (US Government) and now wants to regain trust. Sorry Microsoft. Not going to work.

And did anyone miss the work facebook has been doing with government? Holy crap. Not only is their censorship completely to the left, they are conducting psych experiments at the request of the US government. I personally avoid the social networking sites and [almost] always have.

(I have used LinkedIn due in no small part to my previous employer reducing its staff by over 90% Oh yeah, now I can talk about it too! Turns out the Fukushima incident and subsequent lies, deception, inaccuracies and omissions run pretty deep and even found its way to my former employer, a Mitsubishi company. Anyway, LinkedIn... i was checking that from my mobile device and it made mobile pages unusable through CSS and insisted I use an app. I loaded the app and agreed to whatever and the next thing I knew LinkedIn grabbed my whole addressbook and pulled it into their servers. I can't say whether they used the data to spam others, but I can say they used it to "suggest links" to my profile. That's pretty dirty and disgusting.)

Trust is a difficult thing these days... a fragile thing. And I hope companies everywhere, large and small, learn that lesson. They can learn the hard way or they can be good and decent people asking themselves "would I want someone doing this to me?!" (Just like government gun confiscation -- the answer is NO. The government wouldn't allow the citizens to take their guns, so why should the citizens allow government to take theirs?) Of course, too few people care about golden rules of morality because the world is run by psychopaths. Psychopaths think they can just buy trust. That may have been true, but the pendulum has reached its furthest point and is about to swing back the other way. Microsoft and others are only now figuring that out.

Re:Better way for Microsoft to earn trust

[exomondo]

Hundreds of legacy code developed for Windows platform using Windows development tools run only on XP and are not supported by 7 or 8.

So not only have you tied yourself to a particular version of a proprietary OS that - as we all know from previous experience - has a limited lifetime but you chose to do that by using proprietary software that won't run on anything else and you didn't think there might be a problem with that? Seriously? If you cut corners then you're going to get burned.

Re:Better way for Microsoft to earn trust

[Dr_Barnowl]

Hundreds of legacy code developed for Windows platform using Windows development tools run only on XP and are not supported by 7 or 8.

This is generally because they were really badly written and do things that have been recommended against for years - like storing settings in the same folder as the program, which means that in some cases non-admin users can't even use the program because they don't have permission to create the initial settings file. I'd like to say this is generally confined to amateur developers but I've seen it so many times from so-called professionals that it's sad.

It's not something specific to Windows, but not something you tend to see as much in the POSIX world because there is such a long-standing culture of *nix machines being multi-user machines - programmers tend to grok from the outset that user programs need to store user settings in a user's home folder.

In general, Windows 7 is impressively compatible with code written for Windows XP (and Windows 2000, etc.). The difference is that IT departments have started locking Windows 7 machines more than they have done in the past.

Somebody much smarter than you, dbIII

[cbhacking]

The summary's description of PFS is a complete clusterfuck, of course (this is /. so *obviously* the summary is going to be technically inaccurate, right?). Yours (LordLimecat) is more accurate, but the full concept isn't that hard so I'll explain it below.

First, some quick basics of TLS (I'm leaving out a lot of details; do *NOT* try to implement this yourself!):

• A server has a public key and a private key for an asymmetric cipher, such as RSA.
• When a client connects, the server sends their public key to the client. The public key is used to authenticate the server, so the client knows their connection wasn't intercepted or redirected.
• The client can also encrypt messages using the public key, and only the holder of the private key (the server) can decrypt those messages.
• Because RSA and similar ciphers are slow, TLS uses a fast, symmetric cipher (like AES or RC4) for bulk data.
• Before bulk data can be sent, the client and the server need to agree on a symmetric cipher and what key to use.
• The process of ensuring that both parties have the same symmetric key is called Key Exchange.
• Obviously, the key exchange itself needs to be protected; if the key is ever sent in plaintext, an attacker can decrypt the whole session.

Here's the scenario where PFS matters, and why it is "perfect":

• SSL/TLS (same concept, just different versions of the protocol really) is being used to secure connections.
• An attacker (think NSA) has been recording the encrypted traffic, and wants to decrypt it.
• The attacker has a way to get the private key from the server (a bug like Heartbleed, or possibly just a NSL).

Here's where it gets interesting:

• Without PFS (normal SSL/TLS key exchanges), the key exchange is protected using the same kind of public-key crypto used to authenticate the server. Therefore, without PFS, our attacker could use the private key material to either decrypt or re-create the key, and decrypt all the traffic.
• With PFS, the key exchange is done using randomly generated ephemeral (non-persistent) public and private parameters (Diffie-Hellman key exchange). Once the client and server each clear their private parameters, it is not possible for anybody to reconstruct the symmetric key, even if they later compromise the server's persistent public/private key pair (the one used for authentication).

It is this property, where the secrets needed to recover an encryption key are destroyed and cannot be recovered even if one party cooperates with the attacker, which is termed Perfect Forward Secrecy. Note that PFS doesn't make any guarantees if the crypto is attacked while a session is in progress (in this case, the attacker could simply steal the symmetric key) or if the attacker compromises one side before the session begins (in which case they can impersonate that party, typically the server). It is only perfect secrecy going forward.

Provenance matters

[Antique+Geekmeister]

For highly reliable code, knowing that the code you review is the code you compile with is vital both for stability and security. This can't be done by visual inspection: it requires good provenance at every stage of the game.

This is actually a security problems with many opensource and freeware code repositories. The authors fail to provide GPG signatures for their tarballs, or to GPG sign tags for their code. So anyone who can steal access can alter the code at whim. And anyone who can forge an SSL certificate can replace the HTTPS based websites and cause innocent users to download corrupted, surreptitiously patched code or tarballs.

I'm actually concerned for the day that someone sets up a proxy in front of github.com for a localized man-in-the-middle attack to manipulate various targeted projects.

Deterministic building

[DrYak]

By itself, that doesn't create a backdoor, but anything compiled using the tainted binary could potentially have a backdoor secretly added, even though the source code for both that code and the compiler would appear to be perfectly clean.

...And solutions against this do exist:

A. Deterministic building.
All software were security is important (Tor, Truecrypt, Bitcoin, to mention a few who practicise this approach) have clear procedures designed to compile a binary in a perfectly repeatable form. A rogue compiler would be easy to detect, because it won't create the same binary as everybody else.

B. Comparing compilers.
Use a small collection of different compilers (a few version of GCC, a few other of LLVM, etc) to compile a compiler whose source you trust (say, a security-reviewed and approved GCC 4.9).
From this point on, you can already compare the output of each of these "GCC 4.9-as-compiled-by-other" by compiling a few test code and see if they matches. Look if any of the test codes has backdoors injected.
- Now you already know which compiler you can trust

Then use that compiler (I mean the multiple versions produced by the various compilers of the first step) to bootstrap it self (you end-up with several version of "GCC 4.9 as compiled by GCC 4.9", each with a different starting point).
Normally all these last step compilers should be more or less similar (see "deterministic" building to reduce the amount of random differences). A rogue compiler will notably stand out.
- Now you have trusted environment, compiled by a trusty compiler.

Seems complicated, but as I've said, people in critical niches (Tor, Truecrypt, Bitcoin) are already doing exactly that.

That raises tremendously the bar of what the governments need to back-door software (virtually any modern compiled need to be compromised, as well as numerous tools around them. Forget one obscure thing somewhere, and someday a researcher or hobbyist will notice discrepencies)

I think most of us are already familiar with this sort of attack, but it's worth repeating, since it's exactly the sort of thing that Microsoft's "Transparency Centers" don't address, and exactly the sort of thing we'd be expecting a government to be doing.

Yup. The first most important thing is to determine a clear procedure how to take the official source and rebuild the same binaries that everybody is having.
(i.e.: you should be able to check out the source, hit recompile and end-up with an installation CD that is indistinguishable from the retail one. So you know you're actually check the real source, and not some decoy put here for you, while a different backdoor-infested version is getting distributed to your government).
And as you say that excatly NOT what microsoft is doing.

Also, having only 2 centers world-wide, where only government mandated devs are invited severly limits the research exposure of the code.
I'm ready to predict that the only real results will be.
- Big security people who don't happen to be sent by a government won't have a look at the code, and probably several shortcomings will never get seen. The end result won't be as secure as if you let the OpenBSD devs create a LibreDows(*) fork with a "Valhalla Rampage" treatment on it.
- Some black hat will manage to slip through the checks, leak the source. It will get passed around on under ground dark nets, and the next week you'll see an abominable explosion of 0-day exploits traded on the shadiest parts of the net.

---
(*): Only works when built on system with massive security counter-measures in their default C library. Like OpenBSD. Secured wrappers provided for Linux (those blissfully ignorant people). Go fuck yourself if you use some outdated os like old-school VMS (pre OpenVMS). Or if you use an outdated compiler like Visua... Oops. Damn!

Opensource

[DrYak]

The main advantages of free/libre open-source software is:

- source is available to review and hack upon for a WAY MUCH LARGER audience. It's "a few security reviewers cherry picked by a government" vs. "virtually anybody who has the time and resource to invest in it".
So you have a bigger pool from which to pick somebody who "is going to understand everything at every layer", or at least understand big enough parts of it, at a large enough number of layers, with enough overlap with the other "somebodies".

- the whole echo system is open. You can review lots of other stuff (compilers, libraries, etc.) You can have deterministic building to check if you really have the code that really produced the official binaries (that's already something that Tor, Truecrypt, Bitcoin, etc. are doing).
There's lot of things that you can do to check every piece of software that you need to trust.

Well of course, that's a lot work required. So in the end, you'll end up having to trust multiplt other people anyway. But at least, with opensource, that's a choice, and in any case you can do the checks your serlf (or more reallistically: ask someone you actually trust to do it for you. As in the current ongoing review of TrueCrypt, for example).

Whereas, no matter how motivated, with closed source software you'll always hit a wall. (Well microsoft gives you a peek at the windows code, but not necessarily all the rest needed to check full security).