Boing Boing Staging

ISO rejects the NSA's IoT crypto standard, believing it to be backdoored

For three years, International Standards Organization has been wrangling over which cryptographic algorithms will be incorporated into a standard for interoperability in “Internet of Things” gadgets; at issue has been the NSA’s insistence that “Simon” and “Speck” would be the standard block cipher algorithms in these devices.


The NSA has a history of sabotaging cryptographic standards; most famously, documents provided by Edward Snowden showed that the NSA had sabotaged NIST security standards, but the story goes farther back than that: I have been told by numerous wireless networking exercises that the weaknesses in the now-obsolete Wireless Encryption Protocol (WEP) were deliberately introduced by NSA meddling. And of course, the NSA once classified working cryptography as a munition and denied civilians access to it, until EFF got a court to declare code to be a form of protected speech under the First Amendment.

Now, the NSA has been defeated at ISO, with its chosen ciphers firmly rejected by the committee members, who were pretty frank about their reason for rejecting Simon and Speck: they don’t trust the NSA.


Two delegates told WikiTribune that the opposition to adding these algorithms was led by Dr. Tomer Ashur from KU Leuven University, representing the Belgian delegation and it was supported by a large group of countries.


Israeli delegate Orr Dunkelman told Reuters he did not trust the U.S. designers following the September meetings.

“There are quite a lot of people in NSA who think their job is to subvert standards,” said Dunkelman. “My job is to secure standards.”

The NSA said Simon and Speck were developed to protect U.S. government equipment without requiring a lot of processing power, and firmly believes they are secure.

Exclusive: NSA encryption plan for ‘internet of things’ rejected by international body [Jack Barton/Wikitribune]

Exit mobile version