Key Escrow Protocol

1
Key Escrow Protocol

• Group 6
• Jonathan Razza
• Paul Everton
• Doria Kung
• Kanish Kapur
• Galina Yeremenchuk

2
Key Escrow Components

• User Security Component (USC). This is a hardware
  device or software program that provides data
  encryption and decryption capabilities as well as
  support for the key escrow function. This support
  can include attaching a data recovery field (DRF)
  to encrypted data. The DRF may be part of the
  normal key distribution mechanism.
• Key Escrow Component (KEC). This component, which
  is operated by key escrow agents, manages the
  storage and release or use of data recovery keys.
  It may be part of a public-key certificate
  management system or part of a general key
  management infrastructure.
• 3. Data Recovery Component (DRC). This consists
  of the algorithms, protocols, and equipment
  needed to obtain the plaintext from the
  ciphertext plus information in the DRF and
  provided by the KEC. It is active only as needed
  to perform a specific authorized data recovery.

3
User Security Component

• The USC encrypts and decrypts data and performs
  functions that support the data recovery process.
  It is characterized by
• Application Domain
• A USC can support either or both of the
  following
• 1. Communications. This includes phone calls,
  electronic mail, and other types of connections.
  Emergency decryption is used by law enforcement
  in conjunction with court-authorized interception
  of communications (i.e., "wiretap").
• 2. Stored data. Stored data can be simple data
  files or more general objects. Emergency
  decryption is used either by the owners of the
  data to recover lost or damaged keys, or by law
  enforcement officials to decrypt computer files
  seized under a court order.
• Data Encryption Algorithm
• The following attributes are particularly
  relevant to escrowed encryption
• 1. Name and mode of operation. Mode of operation
  can affect exportability (e.g., triple encryption
  modes may not be allowed under a general export
  license).
• 2. Key length. This also can affect
  exportability.
• 3. Classification. An algorithm may be classified
  or unclassified. If unclassified, it may be
  proprietary or public.
• Stored Identifiers and Keys
• The USC stores identifiers and keys that are used
  for emergency decryption
• 1. Identifiers. These can include a user or USC
  identifier, identifiers for keys, and identifiers
  for the KEC or escrow agents.
• 2. Keys. These can include keys unique to the
  USC, keys belonging to its user, or global system
  keys used by the KEC. They can be public or
  private. Copies of the keys or their private
  counterparts may be held in escrow.
• Data Recovery Field and Mechanism

4
Key Escrow Component

• The KEC could be a component of the key
  management infrastructure, which could be a
  single key infrastructure (e.g., key distribution
  center) or public-key infrastructure. With the
  latter, the escrow agents could serve as the
  public-key certificate authorities.
• Escrow Agents
• The escrow agents, also called trusted parties,
  are responsible for operating the KEC. They may
  be registered with a key escrow center that
  coordinates their operation or serves as a point
  of contact for the USC or DRC.
• Data Recovery Keys
• With escrowed encryption, all encrypted data are
  bound to escrowed data recovery keys that enable
  access to the data encryption keys
• Safeguards for Escrowed Keys
• The KEC employs safeguards to protect against
  compromise or loss of keys. These can include a
  combination of technical, procedural, and legal
  safeguards. Examples are auditing, separation of
  duties, split knowledge, two person control,
  physical security, cryptography, redundancy,
  computer security, trusted systems, independent
  testing and validation, certification,
  accreditation, configuration management, and laws
  with penalties for misuse.

5
Data Recovery Component

• The DRC supports recovery of plaintext from
  encrypted data using information supplied by the
  KEC and in the DRF. It is characterized by
• Capabilities
• These include
• 1. Timely decryption.
• 2. Real-time decryption of intercepted
  communications.
• 3. Post-processing. The DRC can decrypt
  communications that were previously intercepted
  and recorded.
• 4. Transparency. Decryption is possible without
  the knowledge of the parties involved.
• 5. Independence. Once the keys have been
  obtained, the DRC can decrypt using its own
  resources, that is, independently of the KEC.
• Data Encryption Key Recovery
• To decrypt data, the DRC must acquire the data
  encryption key K.
• 1. Access through sender or receiver. A critical
  factor is whether K can be recovered using data
  recovery keys associated with the sender, the
  receiver, or either party.
• 2. Frequency of interaction with KEC. The DRC may
  be required to interact with the KEC once per
  data encryption key or once per USC or user.
• Safeguards on Decryption
• The DRC can use technical, procedural, and legal
  safeguards to control what can be decrypted. For
  example, data recovery may be restricted to a
  particular time period (as authorized by a court
  order). These safeguards supplement restrictions
  imposed by the KEC in its release of keys.
  Authentication mechanisms could be used to
  prevent the DRC from using the keys it acquires
  to create and substitute bogus messages.

6
Clipper

• Escrow System Proposed by the Government in 1994.
• Uses Skipjack as its encryption algorithm which
  is classified by the NSA.
• Uses 80 bit keys.
• Government holds all the keys and distributes the
  keys via hardware chips that are built into
  communication technology.
• Reason Government wants to retain the ability to
  do wiretaps on various sorts of communication,
  but with the widespread use of encryption this
  would make it impossible.
• Protect citizens from being listened in on by
  just anyone.
• Government holds keys that allow them to break
  encryption being used by certain individuals if
  they obtain court order.
• First Proposal for Clipper Shot Down because of
  privacy advocates
• Second Proposal Clipper II underwent same
  scrutiny by the privacy advocates.
• Government has now changed the purpose of Clipper
  to key recovery instead of key escrow.
• NOTE Same thing

7
Key Escrow Policy and Politics

• On April 16, 1993, the Clinton Administration
  announced the Clipper chip as part of the
  Capstone program. The intention was to require
  users of encryption to allow government
  decryption of their communications.
• To obtain backdoor access an authorized
  government agency would have been required to
  retrieve two halves of the key from the NIST and
  the Automated Systems Division of the Department
  of the Treasury (after receiving legal
  authorization from a supreme court appointed
  quasi-judicial body).
• On Feb. 4, 1994, the White House announced the
  adoption of the Clipper Chip. The adoption was
  supported by Vice President Gore.
• The clipper chip, based on the NSA SKIPJACK
  algorithm, provided government backdoor access to
  any material it encrypted. However after several
  years the Clinton Administration gave up on
  trying to pass legislation to requiring the
  chip's use due to strong opposition from the
  technology and security community.

8
Key Escrow Policy and Politics

• On September 13, 2001 Senator Judd Gregg (R-NH)
  asked congress to support a bill which would
  allow government law enforcement agencies to
  obtain access to private keys. This would be
  done by requiring encryption software to include
  back doors the government could use to intercept
  messages. Senator Gregg introduced the idea two
  days after learning that the terrorists involved
  in the September 11 attack used encryption to
  protect their communications on the internet.
• Numerous civil rights groups, high-tech
  companies, security organizations, and members of
  the public opposed the idea, causing Sen. Gregg
  to back down from his position. Among the
  opponents to the idea was Ed Black, President of
  the Computer Communications Industry
  Association.

9
Quote from Mr. NP?

• Immediate, Voluntary GAC
• Mike Nelson, in the August 17, 1995 meeting on
  key escrow, repeated the refrain "voluntary,
  voluntary, voluntary". He was emphasizing that
  the Clinton Administration would never institute
  controls on domestic cryptography. However, he is
  also clear that the Administration wants to have
  US citizens use Government Access
• Cryptography (GAC).

10
Advantages of Key Escrow

• Data is adequately secure
• Allow other legitimate users access on an
  emergency basis (i.e. allow businesses a way to
  recover data that is encrypted by angry
  employees)
• Many businesses want to have the export controls
  lifted on products with encryption, and Key
  Escrow provisions may be necessary for any such
  export liberalization.

11
Disadvantages of Key Escrow

• Privacy
• Secrecy of Algorithm
• Security
• trusted third party
• permanent record

12
QUESTIONS?