Transcription
Tutorial description to be published in the ConferenceProceedingsa. Title of tutorial :Key Recoveryb. Instructor :Dr. Sarbari GuptaCygnaCom Solutions, Inc.7927 Jones Branch Drive Suite 100WMcLean, VA 22102(703)848-0883 ext 217 (VOICE)(703)848-0960 (FAX)Email: sgupta@cygnacom.comc. Other speakers : Noned. Summary of topics to be addressed in your sessionThis tutorial provides in-depth coverage of all technical aspects of key recovery. Itconsists of three parts. The first part, entitled “Background and Definitions,” describesthe fundamental issues that create the need for key recovery, defines relevant terms,describes a functional model for key recovery, and discusses key recovery policy. Thesecond part, entitled “Current Status,” takes a quick tour of the various key recoverytechniques that are currently available, describes the current work being pursued invendor alliances and standards organizations, and provides an overview of key recoverytrial projects being undertaken. Finally, part three, entitled “Deployment,” discussesinteroperability issues, the steps involved in obtaining US export approval for keyrecovery products, and global deployment issues for key recovery systems. This tutorialdoes not address the political debates surrounding key recovery, or the privacy rightsissues related to the use of key recovery.
A Tutorial on Key RecoveryDr. Sarbari GuptaCygnaCom Solutionssgupta@cygnacom.com(703)848-0883 ext 217
Outline Background and Definitions Current status Interoperability and Deployment
Background and Definitions The Need for Key RecoveryKey Recovery DefinitionsKey Recovery ModelKey Recovery Policy
Need for Key Recovery Use of encryption for data confidentialityProblem for individualsProblem for enterprisesProblem for law enforcementcurrent US export regulations
Use of encryption for dataconfidentiality Secure storage/transfer of electronicdocuments Secure E-mail Securing data on the Web Secure electronic commerce Secure network connections
Problem for Individuals Lost Keys Corrupted Keys#*&!!#** %@!#! *
Problem for Enterprises #*&!!#** %@!#! *Careless EmployeeAbsent EmployeeDisgruntled EmployeeEmployee undersurveillance
Problem for Law Enforcement National Security Surveillance#*&!!#** %@!#! *
US Crypto Export Policy(Supp. 4 Part 742 Criteria) product must make decryption key available– under legal authority– w/o cooperation or knowledge of user crypto functions must be inoperable until key ismade available output of product must contain recovery information– in accessible format– with reasonable frequency allow recovery whether product generates/receivesciphertext
Key Recovery OperationalScenariosLaw Enforcement Key Recovery (LE scenario)- recovery for law enforcement needs- mandatory key recovery- based on key recovery policy set by jurisdictions of manufacture/useEnterprise Key Recovery (ENT scenario)- recovery for enterprise monitoring and audit needs- mandatory key recovery- based on key recovery policy set by enterprise of useIndividual Key Recovery (INDIV scenario)- recovery for owner of data when keys are lost/destroyed- discretionary key recovery- triggered by owner of data
Background and Definitions The Need for Key RecoveryKey Recovery DefinitionsKey Recovery ModelKey Recovery Policy
Key Recovery Key Recovery encompasses mechanismsthat provide a secondary means of access tothe cryptographic keys used for dataconfidentiality.[NOTE: It is assumed that all cryptographic systems provide aprimary means of obtaining the confidentiality key.]
Types of Key Recovery MechanismsKey EscrowKeys or key parts escrowed with Escrow Agent(s)Key EncapsulationKeys or key parts encapsulated into key recovery block andassociated with ciphertext. The de-encapsulation may bedone by Recovery Agent(s).HybridCombination of escrow and encapsulation mechanisms
Key Escrow BB{Ks}Kb, Enc(Ks, Data)AEscrow Product ABEscrow Product B
Key Encapsulation ExampleXKprivXYKey RecoveryAgent XKprivYKey RecoveryAgent YXY{Ks}Kx, {Ks}Kb, Enc(Ks, Data)X AEscrow Product AB YEscrow Product B
Key Recovery Block ExamplesPrivate Key EscrowAliceBob’s CA ID, KpubBob, {Ks}KpubBob, Enc(Ks, Data)BobKRblockEphemeral Key EncapsulationAliceBobKRAgent IDs, Encap(Ks), Key Exch(Ks), Enc(Ks, Data)KRblock
Phases of Key RecoveryKey Recovery Registration/Setup (optional)KRRegistrationApplicationRegistration MessagesKeyRecoveryAgentKey Recovery EnablementKR enabledCryptographicApplication AKey Exch, KR block, CiphertextKey Recovery ation CredentialsKR blockKeyRecoveryRecovered KeyServer/CoordinatorKR enabledCryptographicApplication BKRAgent1KRAgent2KRAgentn
Background and Definitions Key Recovery DefinitionsThe Need for Key RecoveryKey Recovery ModelKey Recovery Policy
Key Recovery ModelLicensingAgentKeyRecoveryAgentRecovery RequestRecovery ResponseKRRequesterPKISourceEndSystemKey Recovery InformationTo peer End SystemData of Encrypted AssociationRegistrationAgentOne-time or indirect associationInterceptionDirect association
Key Recovery InformationAggregate of the information that is used tofacilitate the (direct or indirect) recovery ofthe confidentiality key used by end systemsto encrypt data. typically generated by the encryptor end systemmay be validated by the decryptor end systemmade available to the requestor entityused to recover the confidentiality key
End SystemsParties or clients who generateconfidentiality-protected data and wish tohave their data made recoverable throughkey recovery techniques
Key Recovery AgentsThe escrow agents or the recovery agentsthat possess the keying material required torecover the keys needed to decryptconfidentiality-protected data.
Key Recovery RequesterEntity that interacts with one or more KRAsto recover the key needed to decrypt theconfidentiality-protected data generated bythe end systems. responsible for the location and collection of the KRI needs to provide proof of authorization to KRA(s) May act on behalf of end user, enterprise or law enforcement
KR Public Key SourcesThe Certification Authorities that providepublic key certificates to the other entities(e.g. end systems, KRAs, requestors, etc.) inthe key recovery system.
Licensing/Registration Agents Licensing Agent - An entity who maintainsinformation on the various key recovery products,the schemes the products deploy, and the locationof key recovery information Registration Agent - An entity which accreditsKRAs in order to ensure the security,trustworthiness, and impartiality of the KRAs tobe able to handle incoming key recovery requests,and maintain the keying material needed toperform key recovery.
Background and Definitions Key Recovery DefinitionsThe Need for Key RecoveryKey Recovery ModelKey Recovery Policy
Key Recovery PolicyThe Key Recovery Policy determines: when key recovery information is to be generated when key recovery information is to be received how key recovery information that is received is tobe processed/validated what key recovery agents may be used by theproduct in the generation and processing of KRI
Key Recovery Policy Types Jurisdiction-controlled policy Organizational policy Individual policy
US Export based Key Recovery PolicyPolicy for exportedcryptographic productsfor non-US useEncryption AlgoMaximum AllowedEncryption Key Lengthw/o Key RecoveryDES56 bitsRC256 bitsRC456 bitsAll0 bitPolicy for US domestic useEncryption AlgoAllMaximum AllowedEncryption Key Lengthw/o Key Recoveryinfinity
ConfigurabilityKey Recovery Products may allow limitedconfigurability of the KR policies used bythem:– Enterprise KR Policy (system administratorconfigurable)– Individual KR Policy (end user configurable)
Non-circumventabilityThe implementation of mandatory keyrecovery policies need to be noncircumventable or non-bypassable– Law Enforcement KR policy– Enterprise KR policy
Outline Background and Definitions Current status Interoperability and Deployment
Current Status Tour of available key recovery techniques Organizations working on KR Issues Key Recovery Trial Projects
Outline Background and Definitions Current status Interoperability and Deployment
Key Recovery InteroperabilityCompatibility areas: Application Protocol Key Recovery Mechanism Key Recovery Policy Key Recovery Agent
Protocol InteroperabilityKR system has to make KRB available to interceptor. Choices: Primary Channel: flow KRB within data security protocol (e.g. SSL,IPSEC, S/MIME)– legacy protocols need to accommodate KRB– use of existing hooks or reserved fields to carry KRB– explicit extension of protocol to carry KRB– new data security protocols designed to accommodate KRB Secondary Channel: flow KRB along protocol separate from datasecurity protocol– no extensions required to data security protocol– linking of the KRB and the data security protocol instantiationrequired
Interoperability Scenarios(KRB carried in data security R-enabledsystem(c)KR-enabledsystemKRB, CiphertextKRB, CiphertextKRB, systemKR-awaresystemKR-unawaresystem
Interoperability Scenarios(KRB carried in separate n-KRsystem
Key Recovery MechanismCompatibility KRI generation– sender generates KRI for receiver (sender needsto support KR mechanism of receiver) KRI Validation– semantic validation of KRI (receiver needs tosupport KR mechanism of sender)– non-semantic validation of KRI (use ofCommon Key Recovery Block Format options)
Key Recovery PolicyCompatibility Policy on KRI generation– if one party generates KRI, it must satisfy theKR policy of both sides of association Policy on KRI receipt and validation– if KRI validation is required by receiver, senderand receiver need to agree on validationtechnique
Key Recovery AgentCompatibility Use of common KRA(s) by both parties - thepolicies of the common KRA(s) must be agreeableto both sides Use of different KRA(s) by each party - theKRA(s) used by one party may have to be trusted(through certificate chaining / validation) by theother party
Global Deployment of KeyRecovery National sovereignty issues Need for standardization Need for global public key infrastructures
National SovereigntyEach country wants sovereignty over their : Crypto and Key Recovery policies KRA Policies and Procedures PKIs for the KRAs
Need for Standardization Protocols to accommodate KRIKRI formatsCrypto and Key Recovery policiesKRA Policies and Procedures
Need for Global PKIs Global hierarchy with single root Comparable certification policies for CAs Cross-certification of CAs
US KR Product DeploymentScenario IJurisdiction 1KRAJurisdiction 2US KRProductACiphertext KRBKRACAJurisdiction USAUS KRProductBKRA
US KR Product DeploymentScenario IIJurisdiction 1Jurisdiction 2US KRProductACiphertext KRBKRAKRACAKRAJurisdiction USAUS KRProductB
US KR Product DeploymentScenario IIIJurisdiction 1KRACAKRAJurisdiction 2US KRProductACiphertext KRBKRACAKRAJurisdiction USAUS KRProductB
US KR Product DeploymentScenario IVJurisdiction 1KRACAKRAUS KRProductAJurisdiction 2Ciphertext KRBJurisdiction USAUS KRProductBKRACAKRA
Oct 08, 1998 · Key Recovery Agent End System PKI Source KR Requester Recovery Request Recovery Response Key Recovery Information Data of Encrypted Association To peer End System One-time or indirect association Direct association Interception. Key Recovery
![Database Management System [DBMS] Tutorial](/img/2/dbms-tutorial.jpg)
