The Dual-EC-DRBG was shown to have been targeted by the NSA for tapping into encrypted communications
Juniper Networks said on Friday it plans to remove encryption code from its NetScreen line of firewalls that’s suspected of including a back door that could allow intruders to listen in on traffic sent through virtual private networks.
Juniper said it would remove the Dual Elliptic Curve Deterministic Random Bit Generation (Dual-EC-DRBG) random number generator, as well as another random number generator called ANSI X.9.32, and replace them with the functions used in the company’s Junos operating system.
Dual-EC-DRBG was shown in 2007 to be vulnerable to attacks by a knowledgeable adversary, and documents made public in 2013 by former US government contractor Edward Snowden showed that the function could be exploited by the US’ National Security Agency (NSA) to listen in on encrypted traffic. Security firm RSA removed the function from a software development kit following the disclosure.
Juniper had argued that Dual-EC-DRBG weaknesses couldn’t be exploited because of the way in which it was implemented in NetScreen, but research presented (PDF) at the Real World Cryptography Conference last week found to the contrary that the issues could be exploited.
The group of researchers, led by Hovav Shacham of the University of California, San Diego, said a change to NetScreen’s code base made in 2008 made it easier for the Dual-EC-DRBG weaknesses to be exploited.
Juniper chief information officer Bob Worrall said on Friday that the decision had been made following “a review of commentary from security researchers and through our own continued analysis”.
The change is to be introduced in a version of ScreenOS, the software that powers NetScreen products, to be released in the first half of this year, Worrall said in a statement.
“As part of our established processes, we will continue to monitor our code bases and evaluate the security of them,” he stated.
Back doors unearthed
Juniper disclosed last month that it had found two pieces of unauthorised code in ScreenOS that could allow back-door access, which security researchers said were introduced in 2012 and 2014.
The 2012 code changed a mathematical constant in the encryption process to one which researchers said allowed a knowledgeable attacker to eavesdrop, while the 2014 modification allowed anyone to eavesdrop using a hard-coded password, according to researchers.
Juniper has released a patch removing the back doors and said on Friday it is continuing to investigate how the malicious code came to be inserted into ScreenOS.
The company said it has also examined its Junos OS for such code but has found none. “The investigation also confirmed that it would be much more difficult to insert the same type of unauthorised code in Junos OS,” Worrall stated.
RSA used flawed encryption
Following reports of Dual-EC-DRBG’s weaknesses in 2013, security company RSA warned that the function was used by default in its BSafe toolkit, used by developers to create other security tools.
A report later that year suggested that RSA, which had worked with the NSA for 10 years, had used the function as part of a $10 million contract with the NSA, something RSA denied. The NSA encouraged the broad use of such flawed functions in order to make it easier to tap into encrypted communications, according to the report.
RSA said in 2014 that it was aware of the weaknesses in Dual-EC-DRBG, but didn’t know that these were being exploited by the NSA.
Government law-enforcement bodies, including those in the UK, have criticised the growing use of encrypted online communications as making it difficult to ensure national security, with some governments considering mandating encryption back doors.
Are you a security pro? Try our quiz!