Key escrow: Difference between revisions
Katana0182 (talk | contribs) Added that key escrow is largely a dead issue as govts have switched to other methods of decryption, including pentathol-based key recovery, and water-board differential analysis. |
Clarified doubtful claim |
||
| (48 intermediate revisions by 37 users not shown) | |||
| Line 1: | Line 1: | ||
{{No footnotes|date=June 2019}} |
|||
{{POV Check}} |
|||
'''Key escrow''' (also known as a '''fair cryptosystem''') is an arrangement in which the keys needed to decrypt [[encryption|encrypted]] data are held in [[escrow]] by a third party, so that someone else can obtain them to decrypt messages. |
|||
'''Key escrow''' (also known as a '''"fair" cryptosystem'''){{Citation needed|reason=Who thinks Key escrow is fair? Certainly not cryptography activists.|date=January 2024}} is an arrangement in which the [[Key (cryptography)|keys]] needed to decrypt [[encryption|encrypted]] data are held in [[escrow]] so that, under certain circumstances, an authorized [[Third-party access|third party]] may gain access to those keys. These third parties may include businesses, who may want access to employees' secure business-related [[communication]]s, or [[government]]s, who may wish to be able to view the contents of encrypted communications (also known as ''exceptional access'').<ref name=":0">{{Cite journal|last1=Abelson|first1=Harold|last2=Anderson|first2=Ross|last3=Bellovin|first3=Steven M.|last4=Benaloh|first4=Josh|last5=Blaze|first5=Matt|last6=Diffie|first6=Whitfield|last7=Gilmore|first7=John|last8=Green|first8=Matthew|last9=Landau|first9=Susan|last10=Neumann|first10=Peter G.|last11=Rivest|first11=Ronald L.|date=2015-11-17|title=Keys under doormats: mandating insecurity by requiring government access to all data and communications|journal=[[Journal of Cybersecurity]]|pages=tyv009|doi=10.1093/cybsec/tyv009|issn=2057-2085|doi-access=free|hdl=1721.1/128748|hdl-access=free}}</ref> |
|||
| ⚫ | The technical problem is a largely structural one |
||
| ⚫ | The technical problem is a largely structural one. Access to protected [[information]] must be provided ''only'' to the intended recipient and at least one third party. The third party should be permitted access only under carefully controlled conditions, as for instance, a [[court order]]. Thus far, no system design has been shown to meet this requirement fully on a technical basis alone. All proposed systems also require correct functioning of some social linkage, as for instance the process of request for access, examination of request for 'legitimacy' (as by a [[court]]), and granting of access by technical personnel charged with access control. All such linkages / controls have serious problems from a system design security perspective. Systems in which the key may not be changed easily are rendered especially vulnerable as the accidental release of the key will result in many devices becoming totally compromised, necessitating an immediate key change or replacement of the system. |
||
| ⚫ | On a national level, |
||
| ⚫ | On a national level, key escrow is controversial in many countries for at least two reasons. One involves mistrust of the security of the structural escrow arrangement. Many countries have a long history of less than adequate protection of others' information by assorted organizations, public and private, even when the information is held only under an affirmative legal obligation to protect it from unauthorized access. Another is technical concerns for the additional vulnerabilities likely to be introduced by supporting key escrow operations.<ref name=":0" /> Thus far, no key escrow system has been designed which meets both objections and nearly all have failed to meet even one. |
||
Key escrow is largely an issue of the past; most governments have discovered that many implementations of cryptography are vulnerable to implementation-based attacks, nearly all implementations of cryptography are vulnerable to side-channel attacks on the system on which they are implemented. In addition, certain countries, including North Korea, Myanmar, Sudan, Iran, the PRC, and the United States have developed special methods of cryptological attacks, such as water-board differential analysis, pentathol-based key recovery, and rubber hose side-channel insertion attacks, which will inevitably compromise all encrypted data within several rounds, use only trivial amounts of computational resources, and cannot be defeated with increased key length, even to over 128 bits. Indeed, in many cases, cryptography often lures targets of surveillance into believing that their information is really more secure than it actually is, when it is in fact vulnerable to TEMPEST, keylogger, swapfile, undeletion, bugging, wiretapping, surreptitious videotaping, and social engineering attacks, among many others. |
|||
Key escrow is proactive, anticipating the need for access to keys; a retroactive alternative is [[key disclosure law]], where users are required to surrender keys upon demand by law enforcement, or else face legal penalties. Key disclosure law avoids some of the technical issues and risks of key escrow systems, but also introduces new risks like loss of keys and legal issues such as involuntary [[self-incrimination]]. The ambiguous term ''key recovery'' is applied to both types of systems. |
|||
==See also== |
==See also== |
||
| Line 12: | Line 13: | ||
* [[Key management]] |
* [[Key management]] |
||
* [[Clipper chip]] |
* [[Clipper chip]] |
||
* [[Data Securities International]] |
|||
* [[Related-key attack]] |
|||
* [[Backdoor (computing)|Backdoor]] |
|||
== References == |
|||
{{Reflist}} |
|||
==External links== |
==External links== |
||
* {{Cite web |url=https://www.schneier.com/cryptography/archives/1997/04/the_risks_of_key_rec.html |title=The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption |year=1997–98}} |
|||
* [http://www.cdt.org/crypto/risks98/ The risks of key escrow] |
|||
* [https://web.archive.org/web/20121015182952/http://www.foia.cia.gov/docs/DOC_0000239468/DOC_0000239468.pdf Encryption Policy: Memo for the Vice President] CIA memo to Al Gore on suggested US policy on key recovery, 11. September 1996. Archived from [https://web.archive.org/web/20110812154427/http://www.foia.cia.gov/docs/DOC_0000239468/DOC_0000239468.pdf the original] on 2012-10-15 |
|||
{{DEFAULTSORT:Key Escrow}} |
|||
[[Category:Key management]] |
[[Category:Key management]] |
||
[[de:Escrow]] |
|||
[[fr:Autorité de séquestre]] |
|||
[[ja:キーエスクロウ]] |
|||
---- |
|||
{{FOLDOC}} |
|||
Latest revision as of 08:44, 31 January 2024
 | This article includes a list of references, related reading, or external links, but its sources remain unclear because it lacks inline citations. (June 2019) |
Key escrow (also known as a "fair" cryptosystem)[citation needed] is an arrangement in which the keys needed to decrypt encrypted data are held in escrow so that, under certain circumstances, an authorized third party may gain access to those keys. These third parties may include businesses, who may want access to employees' secure business-related communications, or governments, who may wish to be able to view the contents of encrypted communications (also known as exceptional access).[1]
The technical problem is a largely structural one. Access to protected information must be provided only to the intended recipient and at least one third party. The third party should be permitted access only under carefully controlled conditions, as for instance, a court order. Thus far, no system design has been shown to meet this requirement fully on a technical basis alone. All proposed systems also require correct functioning of some social linkage, as for instance the process of request for access, examination of request for 'legitimacy' (as by a court), and granting of access by technical personnel charged with access control. All such linkages / controls have serious problems from a system design security perspective. Systems in which the key may not be changed easily are rendered especially vulnerable as the accidental release of the key will result in many devices becoming totally compromised, necessitating an immediate key change or replacement of the system.
On a national level, key escrow is controversial in many countries for at least two reasons. One involves mistrust of the security of the structural escrow arrangement. Many countries have a long history of less than adequate protection of others' information by assorted organizations, public and private, even when the information is held only under an affirmative legal obligation to protect it from unauthorized access. Another is technical concerns for the additional vulnerabilities likely to be introduced by supporting key escrow operations.[1] Thus far, no key escrow system has been designed which meets both objections and nearly all have failed to meet even one.
Key escrow is proactive, anticipating the need for access to keys; a retroactive alternative is key disclosure law, where users are required to surrender keys upon demand by law enforcement, or else face legal penalties. Key disclosure law avoids some of the technical issues and risks of key escrow systems, but also introduces new risks like loss of keys and legal issues such as involuntary self-incrimination. The ambiguous term key recovery is applied to both types of systems.
See also
[edit]References
[edit]- ^ a b Abelson, Harold; Anderson, Ross; Bellovin, Steven M.; Benaloh, Josh; Blaze, Matt; Diffie, Whitfield; Gilmore, John; Green, Matthew; Landau, Susan; Neumann, Peter G.; Rivest, Ronald L. (2015-11-17). "Keys under doormats: mandating insecurity by requiring government access to all data and communications". Journal of Cybersecurity: tyv009. doi:10.1093/cybsec/tyv009. hdl:1721.1/128748. ISSN 2057-2085.
External links
[edit]- "The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption". 1997–98.
- Encryption Policy: Memo for the Vice President CIA memo to Al Gore on suggested US policy on key recovery, 11. September 1996. Archived from the original on 2012-10-15