Privacy board sees new encryption technology

[David Farber <farber () central cis upenn edu>]

From: hal () clark net (hal)




Just wanted to report on what I saw at the last meeting of the NIST
Privacy Advisory Board. They had two vendors that told of their hardware
developments. It is basically a neat plug in card for the PC or laptop
that holds an encryption engine. It was developed to do all the users
encryption needs on the card including signature, key exchanges, basic
message encryption and transaction encryption (application layer). The
really interesting thing was the socalled FLAG module (about 1 inch wide
by 2 inches in length). It slides into a slot on the encryption plug in
card. This flag card contains the national policy definition and
conditions the card to only provide services defined by the local nations
policy. In the US that might mean key escrow, in other contries something
else. The card would include protocols that enforce say.. a plaintext
gateway policy. (One country has such a policy: only plaintext can cross
the boarder. I suppose the card handshakes with the gateway and "tells"
your card to shut off its privacy feature, just a guess).


The whole card including the slide in FLAG module is about the size
of three credit cards stacked on top of each other. Its a standard (
and the standards name escapes me just now. Maybe a reader can supply
it).


When pressed by the panel about policy issues the vendors said they
were not interested in policy issues. That it was a matter for local
governments to decide. That they only wished to separate the technology
issues away from the policy debate in order to create a standard that
all countries could use. That when the technology was a bit
more mature it would be submitted to various economic unions (like the
EC) for standardization.


The FLAG module would contain all the rules and local policy "keys"
in a non-forgeable format and the whole thing will be tamper proof.
The vendors indicated that they had shown this technology to half a
dozen countries an it had been received very well. One country
that is currently building an infrastructure wants to incorporate
it now into their plans.


There was some discussion about using the existing postal services
as a source for the cards and modules. That this would provide
a certified source for the boards/flag module (i.e. issued by a
government outlet). You would get them at your local post office.


The panel raised the issue of interoperability between different
countries. The vendor again stressed that this was a policy issue
that would have to be worked out by international agreements.But that
this technology had no limitations in that respect.


One panel member raised the issue that sooner or later someone would
forge a FLAG module and run under a "false" FLAG policy. There was
some discussion about this and it was agreeded that someone at sometime
would attempt to forge a FLAG module. But the vendors said that the
FLAG module would have a secure protocol that it would use to communicate
with the actual crypto-card. That it would be necessary to either
reverse engineer the FLAG and card, assumed to be very very difficult,
or break the secure protocol, also very very difficult to do.
It was then agreeded that someone could produce a forged card that
didn't use a FLAG module. This was thought possible.


I'm not quite sure but I found the notion of your own laptop having to
communicate with a government policy server kind of funny. This was
thought necessary to enforce some types of government policy (not
necessarily an American policy). One country was said to favor a
postal meter arrangement under which your card ran out after a
certain number of sessions and had to be recharged by the post and
telegraph people.  It will be interesting to see the full range
of local government policies when they get published as part of an
international standard.


                  -hal () seta com