The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption

A variety of "key recovery," "key escrow," and "trusted third-party" encryption requirements have been suggested in recent years by government agencies seeking to conduct covert surveillance within the changing environments brought about by new technologies. This report examines the fundamental properties of these requirements and attempts to outline the technical risks, costs, and implications of deploying systems that provide government access to encryption keys

The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption

A variety of "key recovery," "key escrow," and "trusted third-party" encryption requirements have been suggested in recent years by government agencies seeking to conduct covert surveillance within the changing environments brought about by new technologies. This report examines the fundamental properties of these requirements and attempts to outline the technical risks, costs, and implications of deploying systems that provide government access to encryption keys

Hierarchical Integrated Signature and Encryption

In this work, we introduce the notion of hierarchical integrated signature and encryption (HISE), wherein a single public key is used for both signature and encryption, and one can derive a secret key used only for decryption from the signing key, which enables secure delegation of decryption capability. HISE enjoys the benefit of key reuse, and admits individual key escrow. We present two generic constructions of HISE. One is from (constrained) identity-based encryption. The other is from uniform one-way function, public-key encryption, and general-purpose public-coin zero-knowledge proof of knowledge. To further attain global key escrow, we take a little detour to revisit global escrow PKE, an object both of independent interest and with many applications. We formalize the syntax and security model of global escrow PKE, and provide two generic constructions. The first embodies a generic approach to compile any PKE into one with global escrow property. The second establishes a connection between three-party non-interactive key exchange and global escrow PKE. Combining the results developed above, we obtain HISE schemes that support both individual and global key escrow. We instantiate our generic constructions of (global escrow) HISE and implement all the resulting concrete schemes for 128-bit security. Our schemes have performance that is comparable to the best Cartesian product combined public-key scheme, and exhibit advantages in terms of richer functionality and public key reuse. As a byproduct, we obtain a new global escrow PKE scheme that is $12-30 \times$ faster than the best prior work, which might be of independent interest

Leviathan in cyberspace : how to tax e-commerce

Because of the upswing in electronic commerce via the Internet, governments in the European Union and the United States have been discussing the shaping of an effective system of turnover taxation in cyberspace since the late 1990s, but have failed to agree on a definite tax system. An analysis of the various possible approaches to turnover taxation in cyberspace shows that the main challenge of the new economy is to effectively cope with business-to-consumer (B2C) transborder trade in digital on-line goods and services. However, the traditional systems of turnover taxation that are based on the country-of-destination principle such as the transitional system of the European Union, the sales tax system, the community principle, and the VIVAT and CVAT approaches give rise to several surveillance, efficiency, incentive, and identification problems in taxing B2C e-commerce. This is also the case with the more innovative proposals that have been made with regard to the taxation of B2C transborder trade in digital on-line goods, such as the German payment flow proposal, the U.S. e-card proposal, the modified country-of-origin proposal of the EU Commission, or the bit tax proposal. As a consequence, there are only two appropriate approaches to deal with the special characteristics of transborder trade in cyberspace: the country-of-origin principle combined with a taxation of digital goods and services at the physical location of producers, and the community principle in combination with a withholding tax (WITHVAT). Under the country-of-origin principle, exports are taxed at the rate of the country of origin and imports are free of tax. The taxation of goods turnovers at the physical location of the firms involved could at least partly prevent the transfer of Internet firms to low-tax countries. The main advantage of the country-of-origin principle is that it does not require any transborder tax adjustment and that it is also a suitable and effective approach for the turnover taxation of traditional off-line and on-line goods. However, the country-of-origin principle requires an administratively burdensome central clearinghouse system in order to guarantee the regional fiscal assignment according to the countryof- destination principle as demanded by the governments of the EU member states. Under the WITHVAT system, exports of digital on-line goods are taxed at the rate of the country of destination and consumers are responsible for passing the tax funds on to their national tax authorities. In order to set incentives for consumers to correctly report their digital on-line purchases to national tax authorities, all suppliers of digital online goods would be forced to add a withholding tax that equals the highest VAT rate of all countries participating in the transborder VAT system to any sales to consumers. Consumers would get a refund according to the difference between the withholding tax and the tax rate of the country of destination if they presented the bills to their national tax authorities. The main advantage of the WITHVAT approach is that it does not need a central clearinghouse mechanism, because decentralized clearing is endogenous in the system. However, the WITHVAT approach may give rise to an unspecifiable obstacle to e-commerce and is not a suitable approach for the taxation of traditional off-line and on-line goods. --

Extending Eventually Consistent Cloud Databases for Enforcing Numeric Invariants

Geo-replicated databases often operate under the principle of eventual consistency to offer high-availability with low latency on a simple key/value store abstraction. Recently, some have adopted commutative data types to provide seamless reconciliation for special purpose data types, such as counters. Despite this, the inability to enforce numeric invariants across all replicas still remains a key shortcoming of relying on the limited guarantees of eventual consistency storage. We present a new replicated data type, called bounded counter, which adds support for numeric invariants to eventually consistent geo-replicated databases. We describe how this can be implemented on top of existing cloud stores without modifying them, using Riak as an example. Our approach adapts ideas from escrow transactions to devise a solution that is decentralized, fault-tolerant and fast. Our evaluation shows much lower latency and better scalability than the traditional approach of using strong consistency to enforce numeric invariants, thus alleviating the tension between consistency and availability

Take It To The Bank: How Land Banks Are Strengthening America's Neighborhoods

This report scans the land banking field nationally and reports on the scope and state of this movement. It also includes insights and recommendations for land bank practitioners, based on Community Progress staff members' many collective years of experience working with land banks across the country. There is no land bank model kit. There are, however, common attributes of effective and successful land banks that current and future land bank staff, practitioners, governments, and partner organizations can adopt. This report is intended to help shorten the learning curve

Settlement Escrows

This article is structured as follows. Part I considers the reasons why cases do not settle, or why they do not settle more quickly than they do, and discusses how settlement escrows can facilitate settlement in each context. Part II provides a game-theoretic model of a settlement escrow in order to further demonstrate how this device can reduce delay and promote settlement in the presence of asymmetric information. In the model, the use of an escrow device results in a higher level of settlement than would occur in the absence of the escrow, and thus saves transactions costs for the parties. In addition, the expected settlement is as close or closer to the true value of the claim than in the absence of a settlement escrow. Part III discusses some subtle issues and potential problems with the implementation of settlement escrows. Part IV briefly suggests some potential applications of the model outside the context of civil litigation and Part V addresses the relationships among arbitration, mediation, and settlement escrows

Using risk mitigation approaches to define the requirements for software escrow

Two or more parties entering into a contract for service or goods may make use of an escrow of the funds for payment to enable trust in the contract. In such an event the documents or financial instruments, the object(s) in escrow, are held in trust by a trusted third party (escrow provider) until the specified conditions are fulfilled. In the scenario of software escrow, the object of escrow is typically the source code, and the specified release conditions usually address potential scenarios wherein the software provider becomes unable to continue providing services (such as due to bankruptcy or a change in services provided, etc.) The subject of software escrow is not well documented in the academic body of work, with the largest information sources, active commentary and supporting papers provided by commercial software escrow providers, both in South Africa and abroad. This work maps the software escrow topic onto the King III compliance framework in South Africa. This is of value since any users of bespoke developed applications may require extended professional assistance to align with the King III guidelines. The supporting risk assessment model developed in this work will serve as a tool to evaluate and motivate for software escrow agreements. It will also provide an overview of the various escrow agreement types and will transfer the focus to the value proposition that they each hold. Initial research has indicated that current awareness of software escrow in industry is still very low. This was evidenced by the significant number of approached specialists that declined to participate in the survey due to their own admitted inexperience in applying the discipline of software escrow within their companies. Moreover, the participants that contributed to the research indicated that they only required software escrow for medium to highly critical applications. This proved the value of assessing the various risk factors that bespoke software development introduces, as well as the risk mitigation options available, through tools such as escrow, to reduce the actual and residual risk to a manageable level

Ensuring patients privacy in a cryptographic-based-electronic health records using bio-cryptography

Several recent works have proposed and implemented cryptography as a means to preserve privacy and security of patients health data. Nevertheless, the weakest point of electronic health record (EHR) systems that relied on these cryptographic schemes is key management. Thus, this paper presents the development of privacy and security system for cryptography-based-EHR by taking advantage of the uniqueness of fingerprint and iris characteristic features to secure cryptographic keys in a bio-cryptography framework. The results of the system evaluation showed significant improvements in terms of time efficiency of this approach to cryptographic-based-EHR. Both the fuzzy vault and fuzzy commitment demonstrated false acceptance rate (FAR) of 0%, which reduces the likelihood of imposters gaining successful access to the keys protecting patients protected health information. This result also justifies the feasibility of implementing fuzzy key binding scheme in real applications, especially fuzzy vault which demonstrated a better performance during key reconstruction