Juniper Networks will be removing the random number generator used by ScreenOS software in NetScreen series firewalls, following the discovery of “unauthorized code”.
The Dual Elliptic Curve Deterministic Random Bit Generator (DUAL_EC_DBRG) is widely believed to have been ‘backdoored’ by the US National Security Agency (NSA). Juniper knew about the potential issues back in 2013, but assured customers that its own implementation was secure.
Prior to 2013, DUAL_EC_DBRG was widely used as a component in encryption, but instead of completely random numbers, it apparently produced numbers based on parameters defined by its creators – the NSA – so the results could be predicted if these parameters were known.
Juniper said the vulnerability discovered in ScreenOS in December 2015 could enable an attacker who can monitor VPN traffic to decrypt that traffic.
The vulnerabilities built into DUAL_EC_DBRG – rumored for nearly a decade - were officially revealed by the US National Institute of Standards and Technology (NIST) as early as September 2013.
The algorithm included default curve points for three elliptic curves. If the attacker knew these, they could decrypt the data in transit. NIST Immediately recommended against using DUAL_EC_DBRG in any type of security software.
But despite all the warnings, Juniper maintained that its implementation of the algorithm was secure.
“ScreenOS does make use of the Dual_EC_DRBG standard, but not in a way that should be vulnerable to the possible issues described by NIST. Instead of using the NIST recommended curve points, ScreenOS uses self-generated basis points,” the company said at the time.
ScreenOS was the company’s only product to feature Dual_EC_DRBG, and it kept using it.
Three years later, in December 2015, Juniper published a security advisory in which it admitted that certain versions of ScreenOS could be compromised by the use of the random number generator. What’s worse, the company said there was no way to detect whether this vulnerability has been actively exploited.
Juniper issued a number of patches to temporarily fix the problem, and last week finally announced it would be getting rid of the controversial algorithm.
“We will replace Dual_EC and ANSI X9.31 in ScreenOS 6.3 with the same random number generation technology currently employed across our broad portfolio of Junos OS products. We intend to make these changes in a subsequent ScreenOS software release, which will be made available in the first half of 2016,” said Bob Worrall, SVP and CIO at Juniper.
“We are committed to the integrity, security, and assurance of our products. We have also demonstrated that it is our policy to fix security vulnerabilities when they are found and to notify our customers according to our Security Incident Response Team procedures.”
Security experts are not entirely convinced. Security consultant John Pironti told TechRepublic the delayed fix was “unfortunate” and suggested a reason for it might be ”the significant amount of business that Juniper does with the US Government.”