NSA cryptography

Abstract: In June 2013, the English newspaper The Guardian began publishing a series of secret documents leaked from the National Security Agency (NSA). Each day brought startling news, from the NSA's collection of metadata records of all calls made within the US to programs that collected and stored data of “non-US” persons to the UK Government Communications Headquarters' (GCHQ) interception of 200 transatlantic fiberoptic cables at the point where they reached Britain. The author summarized these initial revelations in the July/August issue of IEEE Security & Privacy. In late December 2013, in a different district court case, the NSA metadata collection was ruled legal.

Abstract: Skipjack is a block cipher designed by the NSA for use in US government phones, and commercial mobile and wireless products by AT&T Among its initial implementations in hardware were the Clipper chip and Fortezza PC cards, which have since influenced the private communications market to be compatible with this technology For instance, the Fortezza card comes in PCMCIA interface and is a very easy plug-n-play device to add on to mobile and wireless systems to provide encryption for wireless transmissions Initially classified when it was first proposed, Skipjack was declassified in 1998 and sparked numerous security analyses from security researchers worldwide because it provides insight into the state-of-the-art security design techniques used by a highly secretive government intelligence agency such as the NSA In this paper, commemorating over a decade since Skipjack's public revelation, we revisit the security of Skipjack against cryptanalytic results and discuss why certain attack approaches fare better with reference to Skipjack's design structure

Abstract: Recent revelations of heretofore secret U.S. government surveillance programs have sparked national conversations about their constitutionality and the delicate balance between security and civil liberties in a constitutional democracy. Among the revealed policies asserted by the National Security Agency (NSA) is a provision found in the “minimization procedures” required under section 702 of the Foreign Intelligence Surveillance Act of 1978. This provision allows the NSA to collect and keep indefinitely any encrypted information collected from domestic communications — including the communications of U.S. citizens. That is, according to the U.S. government, the mere fact that a U.S. citizen has encrypted her electronic communications is enough to give the NSA the right to store that data until it is able to decrypt or decode it.Through this provision, the NSA is automatically treating all electronic communications from U.S. citizens that are hidden or obscured through encryption — for whatever reason — as suspicious, a direct descendant of the “nothing-to-hide” family of privacy minimization arguments. The ubiquity of electronic communication in the United States and elsewhere has led to the widespread use of encryption, the vast majority of it for innocuous purposes. This Article argues that the mere encryption by individuals of their electronic communications is not alone a basis for individualized suspicion. Moreover, this Article asserts that the NSA’s policy amounts to a suspicionless search and seizure. This program is therefore in direct conflict with the fundamental principles underlying the Fourth Amendment, specifically the protection of individuals from unwarranted government power and the establishment of the reciprocal trust between citizen and government that is necessary for a healthy democracy.