Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

IP: NSA report details risks of key-recovery technology

From: Dave Farber <farber () cis upenn edu>
Date: Wed, 22 Apr 1998 20:55:02 -0400
14 April 1998: Federal Computer Week has put the NSA critique of key
recovery on its Web site:


http://www.fcw.com/pubs/fcw/1998/0413/web-nsareport-4-14-1998.html 


                             See a related FCW article about it today at:


http://www.fcw.com/pubs/fcw/1998/0413/web-nsacdt-4-14-1998.html 


                        The blacked out portions of the diagrams await
decoding. 


                              13 April 1998: Link to FCW online story: 






Date: Mon, 13 Apr 1998 09:32:24 -0400
From: millers <millers () cfw com>
Subject: Re: NSA Report in FCW 


Hello, 


The story you mentioned is now on our website. We'd be delighted if you'd
link to it. 




http://www.fcw.com/pubs/fcw/1998/0406/fcw-polnsa-4-6-1998.html 


Thanks. 


Susan Miller
Editor of Online Services
FCW Government Technology Group
540-337-8808
susan_miller () fcw com 






To: millers <millers () cfw com>
From: John Young <jya () pipeline com>
Date: April 13, 1998, 10:19 AM
Subject: NSA Report in FCW 


Dear Ms. Miller, 


Thanks very much for making your NSA report available online. We have
linked to it. 


You might wish to know that a number of cryptographers have indicated
strong interest in seeing the NSA report cited in
your article. 


Do you think FCW might be able to publish the report in full? Or, if not
that, provide a lead to obtain a copy for
publication? 


Best regards, 


John Young
JYA/Urban Deadline
jya () pipeline com 






                                        10 April 1998
                                 Source: Fax from William Payne 


                                  Thanks to the author and FCW 






Federal Computer Week, April 6, 1998, p. 16 


Policy & Procurement 


SECURITY 


NSA report details risks of key-recovery technology


BY HEATHER HARRELD 


The National Security Agency has prepared a report that may be the first
federal government documentation of the
potential risks posed by the encryption technology that has been at the
center of a raging debate between the Clinton
administration and industry. 


The report details the potential threats of following a key-recovery
technology, which is an encryption system that uses a
so-called back door, which allows users to retrieve the key needed to
unscramble encrypted data should they lose the
key. Key recovery would also allow law enforcement agents to decode
encrypted data after obtaining a court order or
other authorization. The FBI has been a forceful proponent of key-recovery
technology, arguing that investigation would
be impeded without it. 


The Clinton administration intends to make a market for key-recovery
technology by urging federal agencies to use these
encryption systems. At least one bill that is now being considered by
Congress would require federal agencies to
purchase key-recovery encryption systems for securing data. 


But the report, "Threat and Vulnerability Model for Key Recovery," pointed
out that certain law enforcement agents and
officials operating key-recovery centers could pose the greatest threat to
a key-recovery system -- and to the users'
data, which is encrypted by the system -- if proper security mechanisms
were not in place. 


"A rogue key-recovery agent, because of his high level of access, poses the
most formidable threat, although [he]  may
lack motivation and risk-tolerance to exploit this access," the report
stated. "The law enforcement agent is also trusted
with a high degree of access during the recovery process and may be more
motivated to exploit this access since he is
already in the 'wiretap business.' " 


The report said organized crime, foreign intelligence and hackers represent
a low risk to key-recovery systems because
these individuals lack access. However, a rogue key-recovery agent is more
likely to sell his high level of access to those
groups or individuals than to work on his own behalf, the report concluded. 


Dave Banisar, staff counsel for the Electronic Privacy Information Center,
said NSA's report is teh first public


documentation from a federal entity that outlines potential risks
associated with key-recovery technology. A group of
leading encryption expert in May 1997 issued a report noting that
widespread key-recovery systems would be
extraordinarily difficult and expensive to build. That report also noted
that the risks of unauthorized disclosures are much
higher in a key-recovery system than a system without key-recovery features. 


"It raises a lot of issues when you add it to the cryptographers' report,"
Banisar said. "[NSA is] finally now admitting that
there are serious problems with key recovery. It raises the question: Why
have they been promoting it all these years."
The report was prepared by an NSA analyst at the request of a
public/private advisory committee working to develop a
standard for federal agency use of key-recovery technology. 


The threat that anyone poses to key-recovery systems is a function of how
well the application has been designed and
operated to address the potential security concerns, according to a
statement NSA provided to FCW. 


"Key recovery, like any other application, is secure against attacks to the
extent that it was properly designed,
implemented and operated," according to the statement. "If due
consideration is given to the threats and vulnerabilities
identified in the paper and appropriate countermeasures are employed for
each of the factors identified, there would be
minimal risk posed to the resulting key-recovery system." 


The major factor in assessing the overall security of a key-recovery system
would be the strength of the countermeasures
applied "against the full spectrum of threats and vulnerabilities," the
report stated. 


Peter Neumann, principal scientist at SRI International, Menlo Park,
Calif., and one of the cryptographers who authored
the report on key-recovery risks, said key-recovery systems are "inherently
risky" because of overall weaknesses in the
computer operating systems and networking products. 


"If they put a total air gap between all the key-recovery systems in the
world and the the rest of the world, then they
could reduce the risks," Neumann said. "As soon as the government creates
any access whatsovever to the
key-recovery systems, they're vulnerable to the fact that the computer
security and network protocols stink." 






[End]
Previous By Date Next
Previous By Thread Next

Current thread: