Key Escrow System “ like leaving your key with a neighbour in case of an emergency”

1. Key Escrow System“like leaving your key with a neighbour in case of an emergency” 10-11-2009 SSIN – MIEIC Micael Fernando Fonseca Oliveira

2. Sumary • Key Escrow System (KES) • Escrow third party • KES advantages • KES disadvantages • Clipper Chip • Clipper System Example • Clipper System Vulnerability • Recovery system and session keys

3. Key Escrow System (KES) • A data security measure in which a cryptographic key is entrusted to a third party and are released under certain situation. • Ensure that there is a backup of the cryptographic key in case the parties with access to key lose the data.

4. Escrow third party • Businesses who may want access to employees' private communications. • Governments, who may wish to be able to view the contents of encrypted communications.

5. KES advantages • Ensure that there is a backup of the cryptographic key in case the parties with access to key lose the data through a disaster or malicious intent.

6. KES disadvantages • New Vulnerabilities & Risks • New Complexities • New Costs

7. Clipper Chip (1) • The Clipper chip is a chipset that was developed and promoted by the U.S. Government as an encryption device to be adopted by telecommunications companies for voice transmission.

8. Clipper Chip (2) • Designed by the NSA • Includes a classified encryption algorithm - SKIPJACK • Voice encryption chip (for phones) - Clipper • Key-escrow system - key is split - half of key held by NIST, half of key held by Treasury Department • Manufactured by Mykotronx

9. Clipper Chip Message • F = Family key (common to all Clipper Chips) - 80 bits • N = serial Number of chip - 32 bits • K = Key specific to particular conversation - 80 bits • U = secret key for chip - 80 bits • M = the Message

10. Clipper System Example (1) • Let’s say that Alice, using a telephone containing a Clipper chip, wants to talk to Bob, who has a similar device. • Alice’s chip has unique ID IDA and secret key KA

11. Clipper System Example (2) • What key will Alice and Bob use for communicating? • Alice and Bob use Diffie-Hellman mechanism to produce a shared key K. • The chip use K to encrypt and decrypt the data.

12. Clipper System Example (3) • How does the government know the IDA in order to obtain KA? • How would the government, knowing KA, be able to decrypt the conversation? • The information the government needs is in a field known as the LEAF (Law Enforcment Access Field)

13. Clipper System Example (4) • The government: • use F to decrypt outer layer of LEAF revealing IDA and K encrypted by KA • obtain escrowed key halves for chip with serial number IDA • put key halves together (with XOR) to reveal KA • use KA to decrypt K • use K to decrypt M (the message)

14. Clipper System Vulnerability • In 1994, Matt Blaze pointed out that Clipper’s escrow system has a vulnerability. • To prevent the software that transmitted the message from tampering with the LEAF, a 16-bit hash was included. • A brute force attack would produce another LEAF value that would give the same hash.

15. Recovery system and session keys • Is it possible to use key-recovery systems to recover session keys?

16. References • http://www.cdt.org/crypto/risks98/ • http://lorrie.cranor.org/pubs/crypt1.html • http://en.wikipedia.org/wiki/Clipper_chip • http://en.wikipedia.org/wiki/Key_escrow • http://www.yourdictionary.com/hacker/key-escrow • Kaufman, C., Network Security Private communication on a public world, second edition, 2002.