The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption

A variety of "key recovery," "key escrow," and "trusted third-party" encryption requirements have been suggested in recent years by government agencies seeking to conduct covert surveillance within the changing environments brought about by new technologies. This report examines the fundamental properties of these requirements and attempts to outline the technical risks, costs, and implications of deploying systems that provide government access to encryption keys

The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption

A variety of "key recovery," "key escrow," and "trusted third-party" encryption requirements have been suggested in recent years by government agencies seeking to conduct covert surveillance within the changing environments brought about by new technologies. This report examines the fundamental properties of these requirements and attempts to outline the technical risks, costs, and implications of deploying systems that provide government access to encryption keys

Regulating the technological actor: how governments tried to transform the technology and the market for cryptography and cryptographic services and the implications for the regulation of information and communications technologies

The formulation, adoption, and transformation of policy involves the interaction of actors as they negotiate, accept, and reject proposals. Traditional studies of policy discourse focus on social actors. By studying cryptography policy discourses, I argue that considering both social and technological actors in detail enriches our understanding of policy discourse. The case-based research looks at the various cryptography policy strategies employed by the governments of the United States of America and the United Kingdom. The research method is qualitative, using hermeneutics to elucidate the various actors’ interpretations. The research aims to understand policy discourse as a contest of principles involving various government actors advocating multiple regulatory mechanisms to maintain their surveillance capabilities, and the reactions of industry actors, non-governmental organisations, parliamentarians, and epistemic communities. I argue that studying socio-technological discourse helps us to understand the complex dynamics involved in regulation and regulatory change. Interests and alignments may be contingent and unstable. As a result, technologies can not be regarded as mere representations of social interests and relationships. By capturing the interpretations and articulations of social and technological actors we may attain a better understanding of the regulatory landscape for information and communications technologies

BlockPKI: An Automated, Resilient, and Transparent Public-Key Infrastructure

This paper describes BlockPKI, a blockchain-based public-key infrastructure that enables an automated, resilient, and transparent issuance of digital certificates. Our goal is to address several shortcomings of the current TLS infrastructure and its proposed extensions. In particular, we aim at reducing the power of individual certification authorities and make their actions publicly visible and accountable, without introducing yet another trusted third party. To demonstrate the benefits and practicality of our system, we present evaluation results and describe our prototype implementation.Comment: Workshop on Blockchain and Sharing Economy Application

Information Security and Privacy in Network Environments

This report focuses on policy issues in three areas: 1 ) national cryptography policy, including federal information processing standards and export controls; 2) guidance on safeguarding unclassified information in federal agencies; and 3) legal issues and information security, including electronic commerce, privacy, and intellectual property

Strong knowledge extractors for public-key encryption schemes

Completely non-malleable encryption schemes resist attacks which allow an adversary to tamper with both ciphertexts and public keys. In this paper we introduce two extractor-based properties that allow us to gain insight into the design of such schemes and to go beyond known feasibility results in this area. We formalise strong plaintext awareness and secret key awareness and prove their suitability in realising these goals. Strong plaintext awareness imposes that it is infeasible to construct a ciphertext under any public key without knowing the underlying message. Secret key awareness requires it to be infeasible to produce a new public key without knowing a corresponding secret key.The authors were funded in part by eCrypt II (EU FP7 - ICT-2007-216646) and FCT project PTDC/EIA/71362/2006. The second author was also funded by FCT grant BPD-47924-2008