96 research outputs found
The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption
A variety of "key recovery," "key escrow," and "trusted third-party" encryption requirements have been suggested in recent years by government agencies seeking to conduct covert surveillance within the changing environments brought about by new technologies. This report examines the fundamental properties of these requirements and attempts to outline the technical risks, costs, and implications of deploying systems that provide government access to encryption keys
Recommended from our members
The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption
A variety of "key recovery," "key escrow," and "trusted third-party" encryption requirements have been suggested in recent years by government agencies seeking to conduct covert surveillance within the changing environments brought about by new technologies. This report examines the fundamental properties of these requirements and attempts to outline the technical risks, costs, and implications of deploying systems that provide government access to encryption keys
Regulating the technological actor: how governments tried to transform the technology and the market for cryptography and cryptographic services and the implications for the regulation of information and communications technologies
The formulation, adoption, and transformation of policy
involves the interaction of actors as they negotiate, accept, and
reject proposals. Traditional studies of policy discourse focus
on social actors. By studying cryptography policy discourses, I
argue that considering both social and technological actors in
detail enriches our understanding of policy discourse.
The case-based research looks at the various cryptography
policy strategies employed by the governments of the United
States of America and the United Kingdom. The research
method is qualitative, using hermeneutics to elucidate the
various actors’ interpretations. The research aims to
understand policy discourse as a contest of principles involving
various government actors advocating multiple regulatory
mechanisms to maintain their surveillance capabilities, and the
reactions of industry actors, non-governmental organisations,
parliamentarians, and epistemic communities.
I argue that studying socio-technological discourse helps us to
understand the complex dynamics involved in regulation and
regulatory change. Interests and alignments may be contingent
and unstable. As a result, technologies can not be regarded as
mere representations of social interests and relationships.
By capturing the interpretations and articulations of social and
technological actors we may attain a better understanding of
the regulatory landscape for information and communications
technologies
BlockPKI: An Automated, Resilient, and Transparent Public-Key Infrastructure
This paper describes BlockPKI, a blockchain-based public-key infrastructure
that enables an automated, resilient, and transparent issuance of digital
certificates. Our goal is to address several shortcomings of the current TLS
infrastructure and its proposed extensions. In particular, we aim at reducing
the power of individual certification authorities and make their actions
publicly visible and accountable, without introducing yet another trusted third
party. To demonstrate the benefits and practicality of our system, we present
evaluation results and describe our prototype implementation.Comment: Workshop on Blockchain and Sharing Economy Application
Recommended from our members
Information Security and Privacy in Network Environments
This report focuses on policy issues in three areas: 1 ) national cryptography policy, including federal information processing standards and export controls; 2) guidance on safeguarding unclassified information in federal agencies; and 3) legal issues and information security, including electronic commerce, privacy, and intellectual property
Strong knowledge extractors for public-key encryption schemes
Completely non-malleable encryption schemes resist attacks which allow an adversary to tamper with both ciphertexts and public keys. In this paper we introduce two extractor-based properties that allow us to gain insight into the design of such schemes and to go beyond known feasibility results in this area. We formalise strong plaintext awareness and secret key awareness and prove their suitability in realising these goals. Strong plaintext awareness imposes that it is infeasible to construct a ciphertext under any public key without knowing the underlying message. Secret key awareness requires it to be infeasible to produce a new public key without knowing a corresponding secret key.The authors were funded in part by eCrypt II (EU FP7 - ICT-2007-216646) and FCT project PTDC/EIA/71362/2006. The second author was also funded by FCT grant BPD-47924-2008
- …