September 2013 | SafeLogic

Archive for September, 2013

23 Sep 2013

Look What the NSA Dragged In

LookWhatNSA

There are many changes to track in the world of standards-based crypto, another on the long list of challenging facets in this industry.  These changes can sometimes include the algorithms themselves.

NIST Special Publication 800-131A defines transition timelines for what NIST considers to be weak or weakening algorithms.  It makes sense; as computing power increases, the underlying strength of cryptographic algorithms (whether for encryption or hashing) diminishes.  This is tricky business though, as some of these algorithms are part of protocols implemented by technology vendors and are widely supported and adopted by the industry.  It’s hard for some folks to develop towards those changes because of user adoption, customer environments, backwards compatibility, and other reasons, but eventually the algorithm must be phased out.

We are currently facing an entirely different and even more rare algorithm change, which requires quick action and leaves little time for a planned transition.  It was the direct result of the discussions on surrounding entropy sources and the 800-90 series of draft Special Publications from NIST.  SP 800-90A is titled “Recommendation for Random Number Generation Using Deterministic Random Bit Generators” and does just that.  However, one of the methods listed is now under scrutiny, and NIST has re-opened the public comment period to address concerns from the community.

The end result is a consensus revocation of confidence in the security of the Dual EC DRBG algorithm.  In the wake of the NSA revelations, the industry has become very sensitive to potential conflicts of interest and this algorithm is suspected of containing backdoors.  Even though Dual EC DRBG is a FIPS-approved algorithm, NIST is currently recommending against using Dual EC DRBG until SP 800-A is re-issued.

In this context, SafeLogic issued a notice on our support portal.  SafeLogic agrees with NIST’s evaluation and we discourage the use of Dual EC DRBG until further notice.  Fortunately, there is no impact to our FIPS 140 certificate, our customers’ FIPS 140 certificates, or our customers’ products and solutions. Dual EC DRBG is one of many algorithms available for use within CryptoComply for Mobile and CryptoComply for Server modules, but requires specific customer action to select and activate the algorithm in question.  Our default is AES 256 CTR, which is covered in Section 10.2 of SP 800-90A, and if that is not your preference, there are several other options that are still endorsed by NIST.

Of greater concern is the prevalence of use across the industry.  While SafeLogic has not promoted the use of Dual EC DRBG, it is the sole algorithm in use for some solutions.  In others, including the entire RSA BSAFE family of cryptographic toolkits, Dual EC DRBG is of primary importance and is used as a default algorithm in every version of BSAFE and Data Protection Manager (DPM).

RSA responded by making a similar announcement, advising all developer customers to discontinue use of the algorithm immediately.  They plan to update their libraries ‘as needed’ and ‘change the RNG as appropriate’ as well.  This, of course, does not help existing customers, who must follow technical guidance provided by RSA to update their own implementations.  This is no trivial undertaking and is by no means immediate.  RSA has provided a complicated and time-consuming recipe for an antidote, while the poison itself is already at work.  While I’m sure many developers spent their weekend on this, the popularity of RSA’s BSAFE product line leaves a high probability that there are many more still vulnerable and struggling to respond.

If you are in this group, please reach out.  SafeLogic is making the team available to answer any questions you may have about algorithm selection, how to respond to these advisories, and how CryptoComply may solve your issues.

BlogFooter_Ray

19 Sep 2013

The EMM Dating Scene

On Monday, I was catching up on my reading when I noticed a familiar face featured on Forbes.com in Maribel Lopez’s column.  It was me!  What an honor to be included in the well-known analyst’s series of interviews with CEOs and mobility experts.RayPotter

I wanted to add a few more thoughts, specifically regarding concerns that should be addressed by buying agents.  There’s no way to cover all the bases with one or two articles or posts, but we have to start somewhere.  Looking for an EMM vendor is like searching for a spouse. You have to weed through the hype, check references, and go through a trial period before fully making the commitment.  There are no one-size-fits-all solutions, so you need to get out there and meet some candidates.

When end users ask me about questions to ask vendors, I often mention “What’s your scalability?” as a consideration.

There is a great deal of connotation implied within this question.

Scalability is one key area to consider, as you want to think ahead for optimistic long term growth.  Bluntly, you can be assured that vendors who are prepared to deploy to all 305,000 employees at GE immediately can handle your needs as well.

The flip side of the coin is that you may not need a truly massive support network, but you’ll want a vendor that is nimble and accessible. You should be confident that they can grow with you and that your internal IT team can manage the deployment. There is a happy medium between the start-up with two guys in a garage and no dedicated support team and an outsourced technical support call center that keeps you on hold for an hour.

In that vein, don’t be too quick to rush to the latest and greatest, high hype, cool vendors; those solutions may not be right for you. The needs of each customer will vary, but the ability to provide technical support and to continue innovating the product is a non-negotiable. Worse, those vendors may not be around in 9 months because this industry moves so fast. You may be their first customer… or their last.

Asking about a vendor’s scalability is practically a secret code.  It means “Tell me about your size, your reliability, your history, your roadmap, and your team.  Tell me all the factors that will help me sleep at night and get buy-in from my superiors.”

I can’t stress it enough – you need to seek a high comfort level with your EMM vendor.  Policies can be changed and updated, the devices will evolve, but switching EMM platforms is a nightmare.  So choose wisely, and don’t rush into that long term relationship without thinking carefully.

 

P.S. I just wanted to extend a sincere THANK YOU to Maribel, Forbes, and our friends, customers, and partners who have been so supportive and encouraging regarding this article.

BlogFooter_Ray

13 Sep 2013

The MobITS Awards 2013

MobITs_AwardsHeaderPublic voting opened today for The MobITS awards, presented by CTIA as part of the MobileCON event.  The awards are designed to recognize the top mobile technology of the year, specifically new products and solutions that increase the efficiency and effectiveness of IT.

SafeLogic entered the competition with CryptoComply, our FIPS 140-2 validated encryption module that was released as our flagship product earlier this year.  We are in the Mobile Security and Privacy category, although it feels odd to be competing for the same trophy as our friends and colleagues.  Our goal is to be recognized for the role that CryptoComply plays in bringing the very best solutions to market without delay.

There are some fantastic entries across the board, including products from AirWatch, AsdeqDocs, Averail, Enterproid, Good Technology, Symantec and others.  I recommend checking it out and definitely casting a vote for your favorites… in addition to your vote for SafeLogic, of course.

Good luck to all who plan to take home a MobITS award in October, we hope to see you in the winner’s circle!

BlogFooterWalt

5 Sep 2013

Certicom: The Key to Blackberry’s Future?

certicomBlackberry is for sale, and many are predicting that the key to any sale is the portfolio of encryption patents held by subsidiary Certicom.  Boasting over 350 patents and patents pending worldwide total, including what is considered a near-monopoly on elliptic curve cryptography, Certicom is the subject of much interest.  Unfortunately for Waterloo’s most famous product, it appears to be the fascination of journalists’ speculation more than investors’.

Is the commentary on the patent portfolio about the high value of elliptic curve cryptography?  Or is it saying more about the relative worth of the rest of Blackberry’s holdings?  Maybe both?

The biggest issue with the patents is this: who is going to pay strong licensing fees when there are plenty of other algorithms available, many of which are are able to be validated by NIST’s CAVP?  I understand that elliptic curve is the shiny new toy, and the NSA has openly supported it, but even their own Suite B algorithms still include AES and SHA alternatives.

Pushing for ECC is an uphill battle with a challenging dependency and catch 22.  In order to realize significant profits from the patents, elliptic curve cryptography must become a widespread standard.  However, for it to become mainstream, it cannot be subject to licensing fees that create instantly prohibitive financials.

Think of alternative fuel.  If Chevron owned the intellectual property for a fuel that was twice as efficient as gasoline, and a fraction of the cost to manufacture, they would make more money that we could count… right?  Possibly.  We didn’t factor in the demand.  If Mercedes, BMW, Ford and Chevrolet received subsidies to develop new engines to run on this miracle fuel, (and probably were included in a profit sharing arrangement,) demand could be created.  Then other manufacturers would likely adopt the new specs to meet changing demands and stay competitive.

Blackberry isn’t in a strong position to create this demand or to subsidize it, however, so I just don’t see the potential for organic growth that could justify it.  Licensing fees would have to be relatively paltry to garner enough interest in the current climate.

What if the climate changed drastically?  Last month at the Black Hat conference in Las Vegas, some researchers theorized that RSA and classic Diffie-Hellman could become obsolete within five years.  This is more in the seemingly growing trend of Chicken Little activity in cryptography.  Sure, it’s possible, but they are giving a lot of credit to potential accelerations in codebreaking technology.

Even in this case, licensing the patents would be a tough sell.  One of those same doomsday researchers admits that the U.S. government would probably overturn Certicom’s patents for the sake of national interest.  Alex Stamos, CTO of Artemis, figures that “if the cryptopocalypse happens, those patents are not going to last.”

So where does that leave Blackberry’s portfolio?  Possibly gathering dust alongside Betamax tapes, HD DVD’s, and the Microsoft Zune.  It was the right strategy to acquire Certicom in 2009, for $106 Million, but the demise of Blackberry’s core business may have submarined the market for their crypto patents.

Let’s entertain an alternate ending to this same story.  Blackberry’s devices would have continued to accumulate market share.  With a stranglehold on the government and private enterprise mobile device demand, Certicom would have earned its purchase price and then some, as elliptic curve cryptography was established as the standard.  Other handset manufacturers and app developers would have been at the mercy of Blackberry to either license the ECC algorithms or fall by the wayside, incompatible with the incumbent.

With Apple showing weakness for the first time in years, Microsoft stumbling again with hardware, and Google continuing to remind everyone “Don’t Be Evil”, we should be happy that there is no single 800 pound gorilla in mobility.  Otherwise, they might have wielded that power as Blackberry envisioned, and we’d all be forced to fall into line.

Thanks but no thanks.  In reality, I see ECC as being relegated to local encryption, embedded in the device hardware manufactured by whoever buys the patent portfolio, unless it is released without royalties.  Most folks are satisfied with current algorithm options and there is no obvious incentive to pay licensing fees.

So unless the landscape turns, I’ll take my chances with the ‘cryptopocalypse’ and wait to see how things pan out.

BlogFooterWalt