Juniper Networks has announced its intention to remove two flawed cryptographic functions from its software over the next few months.
Last December, the multinational provider and marketer of networking products discovered unauthorized code in its ScreenOS software, which powers its NetScreen firewall, VPN, and traffic-shaping technology. The company subsequently launched an investigation into the matter and issued patched versions of ScreenOS.
Derrick Scholl explained in a post published on Juniper’s blog last week that the investigation has not found any other unauthorized code in its software. Even so, the company has decided to make additional, more comprehensive changes to ScreenOS going forward by rejecting two of its underlying cryptographic functions: the pseudo-random number generators Dual_EC and ANSI X9.31.
“We will replace Dual_EC and ANSI X9.31 in ScreenOS 6.3 with the same random number generation technology currently employed across our broad portfolio of Junos OS products,” announces Scholl. “We intend to make these changes in a subsequent ScreenOS software release, which will be made available in the first half of 2016.”
It has long been known that the National Security Agency subverted Dual_EC, an algorithm based on the dual elliptic curve discrete logarithm problem.
By contrast, ANSI X9.31 is more of a mystery. Kim Zetter of Wired reports that observers thought that Juniper Networks had originally secured its software using both functions from the start or, in the very least, that the company had never solely relied on Dual_EC.
However, Steven Checkoway, a computer science professor at the University of Illinois of Chicago, has found that the networking provider introduced Dual_EC into its software long after it had first implemented ANSI X9.31, causing some to wonder why Juniper might have undermined an already secured system.
The story gets even more confusing when one considers research presented at the Real World Cryptography Conference 2016 that suggests Dual_EC generated predictable outputs that allowed NetScreen to bypass ANSI X9.31.
In addition, a number of other code changes, including an increase in the size of the cryptographic nonce used to generate random numbers, were allegedly made at one point that further undermined the encryption standards of Juniper’s NetScreen products, writes Dan Goodin of Ars Technica.
And to top things off, Juniper Network has not yet commented on (or perhaps not yet discovered) how exactly the unauthorized code got into its software code. The company’s investigation is ongoing, and in an email sent to Network World, a Juniper spokesperson said, “We have nothing further to share past what is included within the blog.”
Clearly, there are still many gaps in our understanding of what exactly happened.
Some are speculating that a hacker might have preyed upon a Juniper employee and abused their access to inject the code into the ScreenOS software. Others are suspicious about the NSA-Dual_EC link and feel that the U.S. intelligence agency is somehow involved.
Either way, it is recommended that customers update their ScreenOS to the latest versions (if they haven’t done so already) and keep an eye out for the upcoming patch that will remove both Dual_EC and ANSI X9.31 from the software. Perhaps we will have more answers by the time of that patch’s release.