An International Cryptographic Experiment A Solution to the International Use of Cryptography?

[David Farber <farber () central cis upenn edu>]

            An International Cryptographic Experiment
      A Solution to the International Use of Cryptography?


                        Stephen T. Walker
                Trusted Information Systems, Inc.


                         April 12, 1994




Summary


This document proposes a program that could fundamentally change
the international availability of information security products.


There is an ever growing need by individuals, corporations, and
governments for improved protection of their sensitive
information.  At the same time, governments worldwide need to
maintain their prerogatives to control the use and export of
cryptography by their own countries.  This paper proposes a
development plan to provide a range of solutions to the
international availability of cryptography which meets the needs
of both governments and industry.


This international plan has emerged from a variety of ideas
proposed by industry and governments in several countries.




The Overall Problem


As the world of business moves ever further into the information
age, the need to protect sensitive information from unauthorized
access is rapidly growing in all segments of the economy.
Failure to provide appropriate mechanisms for protecting
information vital to the functioning of an organization (be it a
business or government) threatens the very existence of that
organization.  Lack of such mechanisms will severely damage the
potential of any national or global information highway.


And yet, the very availability of technological solutions to
protect essential business and government information threatens a
vital function of modern government in the information age, the
monitoring of communications of its adversaries, be they
terrorists, criminals, or others.


The dilemma posed by these fundamental and conflicting interests
is causing difficult and emotional debates within many countries
today.  The lack of a solution acceptable to both sides is
frustrating both government and business interests and keeping
much highly sensitive information at risk of compromise.




The Ingredients of the Problem


Until very recently, the use of cryptographic techniques for
protecting information from unauthorized access was the exclusive
domain of governments.  Only in the past fifteen years have
algorithms such as the Data Encryption Standard and techniques
such as public key cryptography made cryptography available to
ordinary business interests.  Only in the past few years has the
wide spread use of information networks raised the general
public's awareness of the need for such protection.


Governments have long protected their prerogatives in
cryptography through control of its export, import, and, in some
cases internal use.  As cryptography has become available
worldwide, continuation of these controls by governments has been
seen as increasingly futile and restrictive by information system
developers and users.  Nevertheless, the restrictions remain and
the penalties are sufficiently severe to strongly curtail the
availability of popular information system products with
integrated cryptographic capabilities.  Vendors of major mass
market software systems with worldwide markets will not afford to
build products they cannot ship to all their existing and
potential markets.


Meanwhile in an effort to establish what it feels is a reasonable
balance between the interests of privacy and those of the law
enforcement community, the US government has introduced a
technique it calls key escrow that makes available strong
cryptography while maintaining the interests of law enforcement
by allowing decryption of key-escrowed communications when
legally authorized.


The recently announced Tessera initiative by the US National
Security Agency (NSA) places the cryptographic functions for
protection of unclassified but sensitive information in an
external card (called a PCMCIA card) that interfaces to
applications running on a workstation or laptop computer.  This
approach, which employs key escrow, has the advantage of
isolating the cryptography from the computer system, thus making
it difficult to modify and easier to control its distribution.


While the details of key escrow bother some, the US is proceeding
with Tessera for at least government use.  Other governments are
said to be considering similar programs.


Meanwhile, business groups within most western countries continue
to try to convince their governments that the growing worldwide
availability of cryptography makes further control of
cryptographic export both futile and highly restrictive to the
economic interests of those countries.  These efforts may
eventually succeed in loosening some export control restrictions,
but any coordinated worldwide relaxation of controls is highly
unlikely in the near future.


An Interim Solution That Meets the Needs of Both Sides?


In the meantime, it is useful to explore alternatives that may
provide at least partial solutions to this international dilemma
while satisfying the interests of both sides.  The seeds of one
potential solution come from a number of sources within various
national government and industry initiatives.


The success of the NSA Tessera initiative depends upon the
information systems industry adopting a common set of interface
standards for Cryptographic Application Programming Interfaces
(CAPIs).  The Tessera program has defined an initial set of such
standards, but they must be endorsed industry-wide to succeed.


Various vendors such as Hewlett-Packard and National
Semiconductor have proposed the development of additional PCMCIA
card configurations that would make use of standard CAPIs and
allow individual countries to implement their own collections of
cryptographic algorithms serving their own particular needs.  If
common CAPIs were to be widely adopted, initiatives such as the
Tessera program in individual countries would be much more likely
to succeed.


In the United Kingdom, the Ministry of Defence (MoD) has begun a
Security in Open Systems (SOS) Technology Demonstration Programme
(TDP) with a specific objective of defining such CAPIs and
attempting to get them widely adopted by industry and government
throughout the world.


These proposals, sparked in part by the Tessera program, could
bring about a fundamental change in the availability of
information security capabilities.  With common CAPIs at
sufficiently high levels of abstraction, mass market software
developers could include the capability for cryptographic
functions in their products without implementing any particular
cryptographic algorithms.  Such products, which rely on the user
selecting the actual cryptography to be used at the time of
actual use, should be readily exportable.  The user in a
particular country would choose among those available
cryptographic PCMCIA cards in that country to perform the actual
encryption functions.


This approach offers the dual advantages of freeing major
software vendors to include some form of cryptographic function
in their products while allowing governments to retain the same
controls they now have over the export, import, and use of
cryptography.  Governments that wish to pursue techniques like
key escrow can "enter the marketplace" and "prove" the advantages
of their approach.


A program to define and place such CAPIs in use internationally
requires no legislation (at least in most western countries) and
can be adopted through industry-wide cooperation, drawing from
already available draft CAPI standards.




An International Cryptographic Experiment


What is needed now is a consortium of interested parties in
industry and government to define preliminary standards and place
them in use on an experimental basis for a period of a year or
two.  After this test period, international standards
organizations would be requested to adopt the resulting CAPIs for
widespread use throughout the world.




This paper proposes three phases for such an experiment:


     CAPI Definition Phase (3 to 6 months)


     A rapid effort over three to six months to define an initial
     set of cryptographic application programming interfaces for
     use in the experiment.  These interfaces would be derived
     from the Tessera interface standards, a National Institute
     of Standards and Technology draft entitled Standard for
     Cryptographic Service Calls, other publicly available
     specifications from industry in the US, UK, Canada, Germany
     and elsewhere, and from the efforts of programs such as the
     UK Technology Demonstration Programme.  This effort should
     look at such interfaces in the context of multiple
     cryptographic algorithms.


     Development Phase (3 to 6 months)


     Application Software Development.  Major software
     application developers would include cryptographic function
     calls to the high-level CAPIs within their products.
     Products containing these function calls would be tested
     against the PCMCIA implementations that would be developed
     in the next phase.  These high-level products that contain
     no cryptography themselves should not be subject to export
     controls in most countries.  All exports of these products
     will be coordinated with the country's government in which
     they are developed.


     PCMCIA card implementations.  Cryptographic functions that
     meet the CAPIs would be implemented in each participating
     country in accordance with the cryptography available in
     that country.  These implementations may not be exportable
     from the country of implementation depending upon the type
     of cryptography used.


     Experimental Use Phase (one to two years)


     As soon as applications using the CAPIs are generally
     available and PCMCIA implementations of specific
     cryptography are available in specific countries, a one-to-
     two-year experimental period will commence.  During this
     period, coordination of use within each participating
     country and among participating countries (where compatible
     cryptography is available) will validate the design and
     implementation of the CAPIs and lead to additional
     application development.  Because the actual use of
     cryptography is constrained to be in accordance with the
     internal regulations of each  participating country, there
     should be no export issues with this phase.  Following the
     experimental use phase, international standards
     organizations will be consulted to begin adoption of the
     validated CAPIs as international standards.




Additional Thoughts


The approach proposed herein relies on the use of PCMCIA cards
for isolating the selection of cryptographic functions to a
user's decision at the time of use rather than a developer's
decision at the time of implementation.  This time-of-use feature
is essential to allowing application developers to employ high-
level cryptographic functions without encountering export
controls.


However, the use of PCMCIA devices is considered a disadvantage
by many because of extra hardware costs and potential performance
issues.  It may be possible within a particular country to
implement system level cryptographic software compatible with the
PCMCIA CAPIs.  Such software functions would be subject to export
control and if integrated directly into the general purpose
application, would render that version of the application
unexportable.  If a sufficient market existed within a particular
country, overcoming the hardware disadvantages may be worth the
export restrictions.


Some will argue that this approach does not satisfy government's
concerns with the widespread availability of cryptography.  In
reality, though, this approach gives governments that wish to
pursue techniques such as key escrow their best chance for
success by providing a wide marketplace of application programs
that can easily be used by their PCMCIA cards so long as they are
compatible with the evolving worldwide standards.




So Where Do We Go From Here?


Persons interested in participating in such a consortium should
send email to ice () tis com; or correspondence to Stephen T.
Walker, Trusted Information Systems, Inc., 3060 Washington Road
(Rt. 97), Glenwood, MD  21738.  Please use the words "Crypto API"
in the subject field of your internet message or letter and
indicate whether you are interested in:


     application development,
     cryptographic function development,
     participating as a user, or
     something else.


As our contacts in various industries and governments develop, we
will be back to you with details on how to proceed.




























- ------- End of Forwarded Message




------- End of Forwarded Message