3 research outputs found
Key recovery in a business environment
This thesis looks at the use of key recovery primarily from the
perspective of business needs, as opposed to the needs of governments
or regulatory bodies.
The threats that necessitate the use of key recovery as a
countermeasure are identified together with the requirements for a
key recovery mechanism deployed in a business environment. The
applicability of mechanisms (mainly designed for law enforcement
access purposes) is also examined. What follows from this analysis is
that whether the target data is being communicated or archived can
influence the criticality of some of the identified requirements.
As a result, key recovery mechanisms used for archived data need to
be distinguished from those used for communicated data, and the
different issues surrounding those two categories are further
investigated. Two mechanisms specifically designed for use on
archived data are proposed.
An investigation is also carried out regarding the interoperability
of dissimilar key recovery mechanisms, when these are used for
encrypted communicated data. We study a scheme proposed by the Key
Recovery Alliance to promote interoperability between dissimilar
mechanisms and we show that it fails to achieve one of its
objectives. Instead, a negotiation protocol is proposed where the
communicating parties can agree on a mutually acceptable or
different, yet interoperable, key recovery mechanism(s).
The issue of preventing unfair key recovery by either of two
communicating parties, where one of the parties activates a covert
channel for key recovery by a third party, is also investigated. A
protocol is proposed that can prevent this. This protocol can also
be used as a certification protocol for Diffie-Hellman keys in cases
where neither the user nor the certification authority are trusted to
generate the user’s key on their own.
Finally, we study the use of key recovery in one of the authentication
protocols proposed in the context of third generation mobile communications.
We propose certain modifications that give it a key recovery capability in an
attempt to assist its international deployment given potential government
demands for access to encrypted communications
On the Difficulty of Software Key Escrow
. At Eurocrypt'95, Desmedt suggested a scheme which allows individuals to encrypt in such a way that the receiver can be traced by an authority having additional information. This paper shows that the proposed scheme does not have the required properties, by devising three non-specified protocols misleading the authority. We also discuss how to repair Desmedt's scheme, such that our attacks are no longer possible. However, by allowing slightly more general, but absolutely realistic attacks also this improved system can be broken. In fact, we argue that software key escrow as proposed by Desmedt will be very hard to implement as it requires that the distributed public key can only be used in few, well-defined systems. Furthermore, even if this is achieved, most applications to key distribution can be broken. 1 Introduction In key escrow systems, such as Clipper [5], it is necessary to be able to identify ciphertexts sent to a person whose messages are to be read by the authorities (giv..
On the Difficulty of Software Key Escrow
At Eurocrypt'95, Desmedt suggested a scheme which allows individuals to encrypt in such a way that the receiver can be traced by an authority having additional information. This paper shows that the proposed scheme does not have the required properties, by devising three non-specified protocols misleading the authority. We also discuss how to repair Desmedt's scheme, such that our attacks are no longer possible. However, by allowing slightly more general, but absolutely realistic attacks also this improved system can be broken. In fact, we argue that software key escrow as proposed by Desmedt will be very hard to implement as it requires that the distributed public key can only be used in few, well-defined systems. Furthermore, even if this is achieved, most applications to key distribution can be broken. 1 Introduction In key escrow systems, such as Clipper [5], it is necessary to be able to identify ciphertexts sent to a person whose messages are to be read by the authorities (given..