ISO (International Organisation of Standardisation) blocks NSA’s latest IoT encryption systems as experts complain of shoddy tech specs and personal attacks
Two new encryption algorithms developed by the NSA have been rejected by an international standards body amid accusations of threatening behavior. The simon and speck cryptographic tools were designed for secure data to and from the next generation of IoT gizmos and sensors and were intended to become a global standard.
But the simon and speck cryptographic tools techniques were formally rejected by the International Organization of Standards (ISO) amid concerns that they contained a backdoor that would allow US spies to break the encryption. The process was also marred by complaints from encryption experts of threatening behaviour from American snoops.
The ISO’s meetings are confidential and held behind closed doors, but a number of encryption experts have broken their silence now that the NSA’s three-year effort to push has effectively been ended.
Their approval as ISO standards failed three times, however at a meeting in 2016, the NSA failed to get the two-thirds approval by one vote. That resulted in the NSA finally providing a lengthy technical explanation that experts had been requesting for three years that covered a security analysis and an explanation of their design choices.
The NSA also agreed to drop the lightweight version of both standards – which were pitched as less intensive encryption techniques but which experts felt were easily compromised. But it continued pushing its other, stronger versions.
But by then the trust had been undermined and the same block of countries again voted against the standards at a meeting in the US late last year. That’s when things seemingly turned nasty and the NSA started attacking the reputations of those experts who were advising against approving the standards. The full details of the final vote that took place this week are still unknown. But the end result is clear: Simon and Speck have been cancelled by the ISO, which means that they will most likely never be rolled out elsewhere.