NSA Suite B Cryptography

NSA Suite B Cryptography is a set of cryptographic algorithms promulgated by the National Security Agency as part of its Cryptographic Modernization Program. It is to serve as an interoperable cryptographic base for both unclassified information and most classified information.

Suite B was announced on 16 February 2005. A corresponding set of unpublished algorithms, Suite A, is "used in applications where Suite B may not be appropriate. Both Suite A and Suite B can be used to protect foreign releasable information, US-Only information, and Sensitive Compartmented Information (SCI)."^[1]

Suite B's components are:

Advanced Encryption Standard (AES) with key sizes of 128 and 256 bits. For traffic flow, AES should be used with either the Counter Mode (CTR) for low bandwidth traffic or the Galois/Counter Mode (GCM) mode of operation for high bandwidth traffic (see Block cipher modes of operation) – symmetric encryption
Elliptic Curve Digital Signature Algorithm (ECDSA) – digital signatures
Elliptic Curve Diffie–Hellman (ECDH) – key agreement
Secure Hash Algorithm 2 (SHA-256 and SHA-384) – message digest

General information

NIST, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography, Special Publication 800-56A
Suite B Cryptography Standards
RFC 5759, Suite B Certificate and Certificate Revocation List (CRL) Profile
RFC 6239, Suite B Cryptographic Suites for Secure Shell (SSH)
RFC 6379, Suite B Cryptographic Suites for IPsec
RFC 6460, Suite B Profile for Transport Layer Security (TLS)

History

In December 2006, NSA submitted an Internet Draft on implementing Suite B as part of IPsec. This draft had been accepted for publication by IETF as RFC 4869, later made obsolete by RFC 6379.

Certicom Corporation of Ontario, Canada, which was purchased by BlackBerry Limited in 2009,^[2] holds some elliptic curve patents, which have been licensed by NSA for United States government use. These include patents on ECMQV, but ECMQV has been dropped from Suite B. AES and SHA had been previously released and have no patent restrictions. See also RFC 6090.

As of October 2012, CNSSP-15^[3] stated that the 256-bit elliptic curve (specified in FIPS 186-2), SHA-256, and AES with 128-bit keys are sufficient for protecting classified information up to the Secret level, while the 384-bit elliptic curve (specified in FIPS 186-2), SHA-384, and AES with 256-bit keys are necessary for the protection of Top Secret information. As of August 2015, NSA indicated that only the Top Secret algorithm strengths should be used to protect all levels of classified information.^[1]

Quantum resistant suite

In August, 2015, NSA announced that it is planning to transition "in the not too distant future" to a new cipher suite that is resistant to quantum attacks. "Unfortunately, the growth of elliptic curve use has bumped up against the fact of continued progress in the research on quantum computing, necessitating a re-evaluation of our cryptographic strategy." NSA advised: "For those partners and vendors that have not yet made the transition to Suite B algorithms, we recommend not making a significant expenditure to do so at this point but instead to prepare for the upcoming quantum resistant algorithm transition."^[1]

In the marketplace

NSA Suite B Cryptography is used by Cellcrypt and uses no key servers,^[4] providing the "Voice Cypher" service and partnered with Verizon Wireless.^[5] Verizon does not, however, utilize true end-to-end encryption, given that the Cellcrypt software leaves a backdoor available to law enforcement agencies.^[6]

References

1 2 3 "Suite B Cryptography". National Security Agency.
↑ Gardner, W. David (11 February 2009). "BlackBerry Maker Acquires Certicom For $106 Million". Information Week.
↑ "CNSSP-15 National Information Assurance Policy on the Use of Public Standards for the Secure Sharing of Information Among National Security Systems". Committee on National Security Systems.
↑ "Cellcrypt Voice Security Brief: An Introduction to Cell Phone Voice Call Interception and Security" (PDF). March 2011. Cellcrypt's security model uses NSA Suite B cryptography and no key server, which avoids the vulnerabilities and costs of external key management.
↑ "Security when it matters most: VOICE CYPHER". Verizon Wireless. Verizon Voice Cypher by Cellcrypt delivers powerful, end-to-end mobile security solutions. Trust the industry's most secure voice communication for your phones and mobile devices.
↑ Bode, Karl (15 December 2014). "Verizon Offers Encrypted Calling With NSA Backdoor At No Additional Charge". TechDirt.

Public-key cryptography

Algorithms

Integer Factorization	Benaloh Blum–Goldwasser Cayley–Purser Damgård–Jurik GMR Goldwasser–Micali Paillier Rabin RSA Okamoto–Uchiyama Schmidt–Samoa

Discrete logarithm	Cramer–Shoup DH DSA ECDH ECDSA EdDSA EKE ElGamal signature scheme MQV Schnorr SPEKE SRP STS

Others	AE CEILIDH EPOC HFE IES Lamport McEliece Merkle–Hellman Naccache–Stern Naccache–Stern knapsack cryptosystem NTRUEncrypt NTRUSign Three-pass protocol XTR

Theory

Standardization

Topics

This article is issued from Wikipedia - version of the 11/28/2016. The text is available under the Creative Commons Attribution/Share Alike but additional terms may apply for the media files.