Presentation is loading. Please wait.

Presentation is loading. Please wait.

Key Escrow System “like leaving your key with a neighbour in case of an emergency” 10-11-2009 SSIN – MIEIC Micael Fernando Fonseca Oliveira.

Similar presentations


Presentation on theme: "Key Escrow System “like leaving your key with a neighbour in case of an emergency” 10-11-2009 SSIN – MIEIC Micael Fernando Fonseca Oliveira."— Presentation transcript:

1 Key Escrow System “like leaving your key with a neighbour in case of an emergency” 10-11-2009 SSIN – MIEIC Micael Fernando Fonseca Oliveira

2 Sumary Key Escrow System (KES) Escrow third party KES advantages KES disadvantages Clipper Chip Clipper System Example Clipper System Vulnerability Recovery system and session keys 2

3 Key Escrow System (KES) A data security measure in which a cryptographic key is entrusted to a third party and are released under certain situation. Ensure that there is a backup of the cryptographic key in case the parties with access to key lose the data. 3

4 Escrow third party Businesses who may want access to employees' private communications. Governments, who may wish to be able to view the contents of encrypted communications. 4

5 KES advantages Ensure that there is a backup of the cryptographic key in case the parties with access to key lose the data through a disaster or malicious intent. 5

6 KES disadvantages New Vulnerabilities & Risks New Complexities New Costs 6

7 Clipper Chip (1) The Clipper chip is a chipset that was developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission. 7

8 Clipper Chip (2) Designed by the NSA Includes a classified encryption algorithm - SKIPJACK Voice encryption chip (for phones) - Clipper Key-escrow system - key is split - half of key held by NIST, half of key held by Treasury Department Manufactured by Mykotronx 8

9 Clipper Chip Message F = Family key (common to all Clipper Chips) - 80 bits N = serial Number of chip - 32 bits K = Key specific to particular conversation - 80 bits U = secret key for chip - 80 bits M = the Message 9

10 Clipper System Example (1) Let’s say that Alice, using a telephone containing a Clipper chip, wants to talk to Bob, who has a similar device. Alice’s chip has unique ID ID A and secret key K A 10

11 Clipper System Example (2) What key will Alice and Bob use for communicating? Alice and Bob use Diffie-Hellman mechanism to produce a shared key K. The chip use K to encrypt and decrypt the data. 11

12 Clipper System Example (3) How does the government know the ID A in order to obtain K A ? How would the government, knowing K A, be able to decrypt the conversation? The information the government needs is in a field known as the LEAF (Law Enforcment Access Field) 12

13 Clipper System Example (4) The government: use F to decrypt outer layer of LEAF revealing ID A and K encrypted by K A obtain escrowed key halves for chip with serial number ID A put key halves together (with XOR) to reveal K A use K A to decrypt K use K to decrypt M (the message) 13

14 Clipper System Vulnerability In 1994, Matt Blaze pointed out that Clipper’s escrow system has a vulnerability. To prevent the software that transmitted the message from tampering with the LEAF, a 16-bit hash was included. A brute force attack would produce another LEAF value that would give the same hash. 14

15 Recovery system and session keys Is it possible to use key-recovery systems to recover session keys? 15

16 References http://www.cdt.org/crypto/risks98/ http://lorrie.cranor.org/pubs/crypt1.html http://en.wikipedia.org/wiki/Clipper_chip http://en.wikipedia.org/wiki/Key_escrow http://www.yourdictionary.com/hacker/key-escrow Kaufman, C., Network Security Private communication on a public world, second edition, 2002. 16


Download ppt "Key Escrow System “like leaving your key with a neighbour in case of an emergency” 10-11-2009 SSIN – MIEIC Micael Fernando Fonseca Oliveira."

Similar presentations


Ads by Google