Cryptography Reference
In-Depth Information
happens, for example, if all data of a company are securely encrypted and the
decryption key is lost? How can the company recover its data? The same questions
occur if only the data of a specific employee are encrypted. What happens if the
corresponding decryption key gets lost? What happens if the employee himself
or herself gets lost? It is obvious that a professional use of cryptography and
cryptographic techniques for data encryption must take into account a way to recover
keys.
According to RFC 2828, the term key recovery refers to “a process for
learning the value of a cryptographic key that was previously used to perform some
cryptographic operation” [1]. Alternatively, one may also use the term to refer to
“techniques that provide an intentional, alternate (i.e., secondary) means to access
the key used for data confidentiality service” [1]. There are basically two classes of
key recovery techniques:
Key escrow: According to RFC 2828, key escrow is “a key recovery technique for
storing knowledge of a cryptographic key or parts thereof in the custody of one
or more third parties called escrow agents, so that the key can be recovered
and used in specified circumstances” [1]. In this context, escrow agents are
also frequently called trusted third parties (TTPs).
Key encapsulation: According to RFC 2828, key encapsulation is “a key recovery
technique for storing knowledge of a cryptographic key by encrypting it with
another key and ensuring that only certain third parties called recovery agents
can perform the decryption operation to retrieve the stored key. Key encapsu-
lation typically allows direct retrieval of the secret key used to provide data
confidentiality” [1]. Key encapsulation is used in many communication secu-
rity protocols that do not have key recovery as their primary goal. Examples
include swIPe [5] and simple key-management for Internet protocols (SKIP)
[6] (see, for example, Chapter 14 of [7]).
The basic principles of key escrow and key encapsulation are illustrated in
Figure 19.2. In key escrow, the cryptographically protected data is sent from A to B,
whereas the key recovery data is sent to a TTP. In key encapsulation, either data is
sent directly from A to B. Another way to look at things is to say that key escrow
refers to out-band key recovery, whereas key encapsulation refers to in-band key
recovery. These terms, however, are less frequently used in the literature.
Key recovery in general, and key escrow in particular, became hotly debated
research topics in the mid 1990s (see, for example, [8] for a taxonomy referring
to and taking into account all of the proposals that were made). The discussion
was even intensified when the U.S. government published the escrowed encryption
standard (EES) [9] and released a corresponding implementation in the Clipper chip.
Search WWH ::




Custom Search