View
215
Download
2
Embed Size (px)
Citation preview
Key Escrow System“like leaving your key with a neighbour in case of an emergency”
10-11-2009SSIN – MIEICMicael Fernando Fonseca Oliveira
Sumary
• Key Escrow System (KES)• Escrow third party• KES advantages• KES disadvantages• Clipper Chip• Clipper System Example• Clipper System Vulnerability• Recovery system and session keys
2
Key Escrow System (KES)
• A data security measure in which a cryptographic key is entrusted to a third party and are released under certain situation.
• Ensure that there is a backup of the cryptographic key in case the parties with access to key lose the data.
3
Escrow third party
• Businesses who may want access to employees' private communications.
• Governments, who may wish to be able to view the contents of encrypted communications.
4
KES advantages
• Ensure that there is a backup of the cryptographic key in case the parties with access to key lose the data through a disaster or malicious intent.
5
Clipper Chip (1)• The Clipper chip is a chipset that was developed and
promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission.
7
Clipper Chip (2)
• Designed by the NSA
• Includes a classified encryption algorithm - SKIPJACK
• Voice encryption chip (for phones) - Clipper
• Key-escrow system - key is split - half of key held by NIST, half of key held by Treasury Department
• Manufactured by Mykotronx 8
Clipper Chip Message
• F = Family key (common to all Clipper Chips) - 80 bits• N = serial Number of chip - 32 bits• K = Key specific to particular conversation - 80 bits• U = secret key for chip - 80 bits• M = the Message
9
Clipper System Example (1)
• Let’s say that Alice, using a telephone containing a Clipper chip, wants to talk to Bob, who has a similar device.
• Alice’s chip has unique ID IDA and secret key KA
10
Clipper System Example (2)
• What key will Alice and Bob use for communicating?
• Alice and Bob use Diffie-Hellman mechanism to produce a shared key K.
• The chip use K to encrypt and decrypt the data.
11
Clipper System Example (3)
• How does the government know the IDA in order to obtain KA?
• How would the government, knowing KA, be able to decrypt the conversation?
• The information the government needs is in a field known as the LEAF (Law Enforcment Access Field)
12
Clipper System Example (4)
• The government:• use F to decrypt outer layer of LEAF revealing IDA and K
encrypted by KA
• obtain escrowed key halves for chip with serial number IDA
• put key halves together (with XOR) to reveal KA
• use KA to decrypt K
• use K to decrypt M (the message)
13
Clipper System Vulnerability
• In 1994, Matt Blaze pointed out that Clipper’s escrow system has a vulnerability.
• To prevent the software that transmitted the message from tampering with the LEAF, a 16-bit hash was included.
• A brute force attack would produce another LEAF value that would give the same hash.
14
Recovery system and session keys
• Is it possible to use key-recovery systems to recover session keys?
15
References• http://www.cdt.org/crypto/risks98/• http://lorrie.cranor.org/pubs/crypt1.html• http://en.wikipedia.org/wiki/Clipper_chip• http://en.wikipedia.org/wiki/Key_escrow• http://www.yourdictionary.com/hacker/key-escrow• Kaufman, C., Network Security Private communication on a
public world, second edition, 2002.
16