Computer Privacy Digest Tue, 17 Aug 93

 Date:       Tue, 17 Aug 93 16:39:25 EST

Errors-To:  Comp-privacy Error Handler <comp-privacy-request@PICA.ARMY.MIL>

From:       Computer Privacy Digest Moderator  <comp-privacy@PICA.ARMY.MIL>

To:         Comp-privacy@PICA.ARMY.MIL

Subject:    Computer Privacy Digest V3#016


Computer Privacy Digest Tue, 17 Aug 93              Volume 3 : Issue: 016


Today's Topics: Moderator: Dennis G. Rears


                       Call for Clipper Comments


   The Computer Privacy Digest is a forum for discussion on the

  effect of technology on privacy.  The digest is moderated and

  gatewayed into the USENET newsgroup comp.society.privacy

  (Moderated).  Submissions should be sent to

  comp-privacy@pica.army.mil and administrative requests to

  comp-privacy-request@pica.army.mil.

   Back issues are available via anonymous ftp on ftp.pica.army.mil

  [129.139.160.133].

----------------------------------------------------------------------


Organization: CPSR Washington Office

From: Dave Banisar <banisar@washofc.cpsr.org>

Date: Tue, 17 Aug 1993 14:23:16 EST    

Subject: Call for Clipper Comments 


  Call for Clipper Comments


The National Institute of Standards and Technology (NIST) has 

issued a request for public comments on its proposal to establish 

the "Skipjack" key-escrow system as a Federal Information 

Processing Standard (FIPS).  The deadline for the submission of 

comments is September 28, 1993.  The full text of the NIST notice 

follows.


CPSR is urging all interested individuals and organizations to 

express their views on the proposal and to submit comments 

directly to NIST.  Comments need not be lengthy or very detailed; 

all thoughtful statements addressing a particular concern will 

likely contribute to NIST's evaluation of the key-escrow proposal.  


The following points could be raised about the NIST proposal

(additional materials on Clipper and the key escrow proposal may 

be found at the CPSR ftp site, cpsr.org):


* The potential risks of the proposal have not been assessed and 

many questions about the implementation remain unanswered.  The 

NIST notice states that the current proposal "does not include 

identification of key escrow agents who will hold the keys for the 

key escrow microcircuits or the procedures for access to the 

keys."  The key escrow configuration may also create a dangerous 

vulnerability in a communications network.  The risks of misuse of 

this feature should be weighed against any perceived benefit.


* The classification of the Skipjack algorithm as a "national 

security" matter is inappropriate for technology that will be used 

primarily in civilian and commercial applications.  Classification 

of technical information also limits the computing community's 

ability to evaluate fully the proposal and the general public's 

right to know about the activities of government.

 

* The proposal was not developed in response to a public concern 

or a business request.  It was put forward by the National 

Security Agency and the Federal Bureau of Investigation so that 

these two agencies could continue surveillance of electronic 

communications. It has not been established that is necessary for 

crime prevention.  The number of arrests resulting from wiretaps 

has remained essentially unchanged since the federal wiretap law 

was enacted in 1968.


* The NIST proposal states that the escrow agents will provide the 

key components to a government agency that "properly demonstrates 

legal authorization to conduct electronic surveillance of 

communications which are encrypted."  The crucial term "legal 

authorization" has not been defined.  The vagueness of the term 

"legal authorization" leaves open the possibility that court-

issued warrants may not be required in some circumstances.  This 

issue must be squarely addressed and clarified. 


* Adoption of the proposed key escrow standard may have an adverse 

impact upon the ability of U.S. manufacturers to market 

cryptographic products abroad.  It is unlikely that non-U.S. users 

would purchase communication security products to which the U.S. 

government holds keys.



Comments on the NIST proposal should be sent to:


Director, Computer Systems Laboratory

ATTN: Proposed FIPS for Escrowed Encryption Standard

Technology Building, Room B-154

National Institute of Standards and Technology

Gaithersburg, MD 20899


Submissions must be received by September 28, 1993.  CPSR has 

asked NIST that provisions be made to allow for electronic 

submission of comments.


Please also send copies of your comments on the key escrow 

proposal to CPSR for inclusion in the CPSR Internet Library, our 

ftp site.  Copies should be sent to <clipper@washofc.cpsr.org>.




================================================================= 


                         FEDERAL REGISTER

                         VOL. 58, No. 145

 

                     DEPARTMENT OF COMMERCE (DOC)

        National Institute of Standards and Technology (NIST)


                     Docket No. 930659-3159

                         RIN 0693-AB19


A Proposed Federal Information Processing Standard for an Escrowed 

Encryption Standard (EES)


                        58 FR 40791


                     Friday, July 30, 1993


Notice; request for comments.


SUMMARY: A Federal Information Processing Standard (FIPS) for an 

Escrowed Encryption Standard (EES) is being proposed. This 

proposed standard specifies use of a symmetric-key 

encryption/decryption algorithm and a key escrowing method which 

are to be implemented in electronic devices and used for 

protecting certain unclassified government communications when 

such protection is required. The algorithm and the key escrowing 

method are classified and are referenced, but not specified, in 

the standard.


   This proposed standard adopts encryption technology developed 

by the Federal government to provide strong protection for 

unclassified information and to enable the keys used in the 

encryption and decryption processes to be escrowed. This latter 

feature will assist law enforcement and other government agencies, 

under the proper legal authority, in the collection and decryption 

of electronically transmitted information. This proposed standard 

does not include identification of  key escrow  agents who will 

hold the keys for the  key escrow  microcircuits or the procedures 

for access to the keys. These issues will be addressed by the 

Department of Justice.


   The purpose of this notice is to solicit views from the public, 

manufacturers, and Federal, state, and local government users so 

that their needs can be considered prior to submission of this 

proposed standard to the Secretary of Commerce for review and 

approval.


   The proposed standard contains two sections: (1) An 

announcement section, which provides information concerning the 

applicability, implementation, and maintenance of the standard; 

and (2) a specifications section which deals with the technical 

aspects of the standard. Both sections are provided in this 

notice.



DATES: Comments on this proposed standard must be received on or 

before September 28, 1993.



ADDRESSES: Written comments concerning the proposed standard 

should be sent to: Director, Computer Systems Laboratory, ATTN: 

Proposed FIPS for Escrowed Encryption Standard, Technology 

Building, room B-154, National Institute of Standards and 

Technology, Gaithersburg, MD 20899.


   Written comments received in response to this notice will be 

made part of the public record and will be made available for 

inspection and copying in the Central Reference and Records 

Inspection Facility, room 6020, Herbert C. Hoover Building, 14th 

Street between Pennsylvania and Constitution Avenues, NW., 

Washington, DC 20230.



FOR FURTHER INFORMATION CONTACT: Dr. Dennis Branstad, National 

Institute of Standards and Technology, Gaithersburg, MD 20899, 

telephone (301) 975-2913.



   SUPPLEMENTARY INFORMATION: This proposed FIPS implements the 

initiative announced by the White House Office of the Press 

Secretary on April 16, 1993. The President of the U.S. approved a 

Public Encryption Management directive, which among other actions, 

called for standards to facilitate the procurement and use of 

encryption devices fitted with  key-escrow  microcircuits in 

Federal communication systems that process sensitive, but 

unclassified information.


   Dated: July 26, 1993.


 Arati Prabhakar,

 Director.(NIST)



 ----------------------------------------------------

 Federal Information Processing Standards Publication XX

 1993 XX

 Announcing the Escrowed Encryption Standard (EES)


   Federal Information Processing Standards Publications (FIPS 

PUBS) are issued by the National Institute of Standards and 

Technology (NIST) after approval by the Secretary of Commerce 

pursuant to section 111(d) of the Federal Property and 

Administrative Services Act of 1949 as amended by the Computer 

Security Act of 1987, Public Law 100-235.

 

 Name of Standard: Escrowed Encryption Standard (EES).


 Category of Standard: Telecommunications Security.


 Explanation: This Standard specifies use of a symmetric-key 

encryption (and decryption) algorithm and a Law Enforcement Access 

Field (LEAF) creation method (one part of a  key escrow  system) 

which provide for decryption of encrypted telecommunications when 

interception of the telecommunications is lawfully authorized. 

Both the algorithm and the LEAF creation method are to be 

implemented in electronic devices (e.g., very large scale 

integration chips). The devices may be incorporated in security 

equipment used to encrypt (and decrypt) sensitive unclassified 

telecommunications data. Decryption of lawfully intercepted 

telecommunications may be achieved through the acquisition and use 

of the LEAF, the decryption algorithm and escrowed key components.


   To escrow something (e.g., a document, an encryption key) means 

that it is "delivered to a third person to be given to the grantee 

only upon the fulfillment of a condition" (Webster's Seventh New 

Collegiate Dictionary). A key escrow  system is one that entrusts 

components of a key used to encrypt telecommunications to third 

persons, called key component escrow agents. In accordance with 

the common definition of "escrow", the key component escrow agents 

provide the key components to a "grantee" (i.e., a government 

agency) only upon fulfillment of the condition that the grantee 

properly demonstrates legal authorization to conduct electronic 

surveillance of communications which are encrypted using the 

specific device whose key component is requested. The key 

components obtained through this process are then used by the 

grantee to reconstruct the device unique key and obtain the 

session key (contained in the LEAF) which is used to decrypt the 

telecommunications that are encrypted with that device. The term, 

"escrow", for purposes of this standard, is restricted to the 

dictionary definition.


   The encryption/decryption algorithm has been approved for 

government applications requiring encryption of sensitive 

unclassified telecommunications of data as defined herein. The 

specific operations of the algorithm and the LEAF creation method 

are classified and hence are referenced, but not specified, in 

this standard.


   Data, for purposes of this standard, includes voice, facsimile 

and computer information communicated in a telephone system. 

Telephone system, for purposes of this standard, is limited to 

systems circuit-switched up to no more than 14.4 kbs or which use 

basic-rate ISDN, or to a similar grade wireless service.


   Data that is considered sensitive by a responsible authority 

should be encrypted if it is vulnerable to unauthorized disclosure 

during telecommunications. A risk analysis should be performed 

under the direction of a responsible authority to determine 

potential threats and risks. The costs of providing encryption 

using this standard as well as alternative methods and their 

respective costs should be projected. A responsible authority 

should then make a decision, based on the risk and cost analyses, 

whether or not to use encryption and then whether or not to use 

this standard.


 Approving Authority: Secretary of Commerce.


 Maintenance Agency: Department of Commerce, National Institute of 

Standards and Technology.


 Applicability: This standard is applicable to all Federal 

departments and agencies and their contractors under the 

conditions specified below. This standard may be used in designing 

and implementing security products and systems which Federal 

departments and agencies use or operate or which are operated for 

them under contract. These products may be used when replacing 

Type II and Type III (DES) encryption devices and products owned 

by the government and government contractors.


   This standard may be used when the following conditions apply:


   1. An authorized official or manager responsible for data 

security or the security of a computer system decides that 

encryption is required and cost justified as per OMB Circular A-

130; and


   2. The data is not classified according to the National 

Security Act of 1947, as amended, or the Atomic Energy Act of 

1954, as amended.


   However, Federal departments or agencies which use encryption 

devices for protecting data that is classified according to either 

of these acts may use those devices also for protecting 

unclassified data in lieu of this standard.


   In addition, this standard may be adopted and used by non-

Federal Government organizations. Such use is encouraged when it 

provides the desired security.

 

Applications: Devices conforming to this standard may be used for 

protecting unclassified communications.


 Implementations: The encryption/decryption algorithm and the LEAF 

creation method shall be implemented in electronic devices (e.g., 

electronic chip packages) that can be physically protected against 

unauthorized entry, modification and reverse engineering. 

Implementations which are tested and validated by NIST will be 

considered as complying with this standard. An electronic device 

shall be incorporated into a cyptographic module in accordance 

with FIPS 140-1. NIST will test for conformance with FIPS 140-1. 

Cryptographic modules can then be integrated into security 

equipment for sale and use in an application. Information about 

devices that have been validated, procedures for testing equipment 

for conformance with NIST standards, and information about 

obtaining approval of security equipment are available from the 

Computer Systems Laboratory, NIST, Gaithersburg, MD 20899.


 Export Control: Implementations of this standard are subject to 

Federal Government export controls as specified in title 22, Code 

of Federal Regulations, parts 120 through 131 (International 

Traffic of Arms Regulations -ITAR). Exporters of encryption 

devices, equipment and technical data are advised to contact the 

U.S. Department of State, Office of Defense Trade Controls for 

more information.   Patents: Implementations of this standard may 

be covered by U.S. and foreign patents.


 Implementation Schedule: This standard becomes effective thirty 

days following publication of this FIPS PUB.


 Specifications: Federal Information Processing Standard (FIPS 

XXX)(affixed).


 Cross Index:


   a. FIPS PUB 46-2, Data Encryption Standard.


   b. FIPS PUB 81, Modes of Operation of the DES


   c. FIPS PUB 140-1, Security Requirements for Cryptographic 

Modules.



 Glossary:


   The following terms are used as defined below for purposes of 

this standard:


   Data-Voice, facsimile and computer information communicated in 

a telephone system.


   Decryption-Conversion of ciphertext to plaintext through the 

use of a cryptographic algorithm.


   Device (cryptographic)-An electronic implementation of the 

encryption/decryption algorithm and the LEAF creation method as 

specified in this standard.


   Digital data-Data that have been converted to a binary 

representation.


   Encryption-Conversion of plaintext to ciphertext through the 

use of a cryptographic algorithm.


   Key components-The values from which a key can be derived 

(e.g., KU sub 1 + KU sub 2).


   Key escrow -A process involving transferring one or more 

components of a cryptographic key to one or more trusted key 

component escrow agents for storage and later use by government 

agencies to decrypt ciphertext if access to the plaintext is 

lawfully authorized.


   LEAF Creation Method 1-A part of a  key escrow  system that is 

implemented in a cryptographic device and creates a Law 

Enforcement Access Field.


   Type I cryptography-A cryptographic algorithm or device 

approved by the National Security Agency for protecting classified 

information.


   Type II cryptography-A cryptographic algorithm or device 

approved by the National Security Agency for protecting sensitive 

unclassified information in systems as specified in section 2315 

of Title 10 United State Code, or section 3502(2) of Title 44, 

United States Code.


   Type III cryptography-A cryptographic algorithm or device 

approved as a Federal Information Processing Standard.


   Type III(E) cryptography-A Type III algorithm or device that is 

approved for export from the United States.


 Qualifications. The protection provided by a security product or 

system is dependent on several factors. The protection provided by 

this standard against key search attacks is greater than that 

provided by the DES (e.g., the cryptographic key is longer). 

However, provisions of this standard are intended to ensure that 

information encrypted through use of devices implementing this 

standard can be decrypted by a legally authorized entity.


 Where to Obtain Copies of the Standard: Copies of this 

publication are for sale by the National Technical Information 

Service, U.S. Department of Commerce, Springfield, VA 22161. When 

ordering, refer to Federal Information Processing Standards 

Publication XX (FIPS PUB XX), and identify the title. When 

microfiche is desired, this should be specified. Prices are 

published by NTIS in current catalogs and other issuances. Payment 

may be made by check, money order, deposit account or charged to a 

credit card accepted by NTIS.

 Specifications for the Escrowed Encryption Standard



 1. Introduction


   This publication specifies Escrowed Encryption Standard (EES) 

functions and parameters.



 2. General


   This standard specifies use of the SKIPJACK cryptographic 

algorithm and the LEAF Creation Method 1 (LCM-1) to be implemented 

in an approved electronic device (e.g., a very large scale 

integration electronic chip). The device is contained in a logical 

cryptographic module which is then integrated in a security 

product for encrypting and decrypting telecommunications.


   Approved implementations may be procured by authorized 

organizations for integration into security equipment. Devices 

must be tested and validated by NIST for conformance to this 

standard. Cryptographic modules must be tested and validated by 

NIST for conformance to FIPS 140-1.



 3. Algorithm Specifications


   The specifications of the encryption/decryption algorithm 

(SKIPJACK) and the LEAF Creation Method 1 (LCM-1) are classified. 

The National Security Agency maintains these classified 

specifications and approves the manufacture of devices which 

implement the specifications. NIST tests for conformance of the 

devices implementing this standard in cryptographic modules to 

FIPS 140-1 and FIPS 81.



 4. Functions and Parameters



 4.1 Functions


   The following functions, at a minimum, shall be implemented:


   1. Data Encryption: A session key (80 bits) shall be used to 

encrypt plaintext information in one or more of the following 

modes of operation as specified in FIPS 81: ECB, CBC, OFB (64) CFB 

(1, 8, 16, 32, 64).


   2. Data Decryption: The session key (80 bits) used to encrypt 

the data shall be used to decrypt resulting ciphertext to obtain 

the data.


   3.  Key Escrow:  The Family Key (KF) shall be used to create 

the Law Enforcement Access Field (LEAF) in accordance with the 

LEAF Creation Method 1 (LCM-1). The Session Key shall be encrypted 

with the Device Unique Key and transmitted as part of the LEAF. 

The security equipment shall ensure that the LEAF is transmitted 

in such a manner that the LEAF and ciphertext may be decrypted 

with legal authorization. No additional encryption or modification 

of the LEAF is permitted.



 4.2 Parameters


   The following parameters shall be used in performing the 

prescribed functions:


   1. Device Identifier (DID): The identifier unique to a 

particular device and used by the  Key Escrow  System.


   2. Device Unique Key (KU): The cryptographic key unique to a 

particular device and used by the  Key Escrow  System.


   3. Cryptographic Protocol Field (CPF): The field identifying 

the registered cryptographic protocol used by a particular 

application and used by the  Key Escrow  System (reserved for 

future specification and use).


   4. Escrow Authenticator (EA): A binary pattern that is inserted 

in the LEAF to ensure that the LEAF is transmitted and received 

properly and has not been modified, deleted or replaced in an 

unauthorized manner.


   5. Initialization Vector (IV): A mode and application dependent 

vector of bytes used to initialize, synchronize and verify the 

encryption, decryption and key escrow  functions.


   6. Family Key (KF): The cryptographic key stored in all devices 

designated as a family that is used to create the LEAF.


   7. Session Key (KS): The cryptographic key used by a device to 

encrypt and decrypt data during a session. 


   8. Law Enforcement Access Field (LEAF): The field containing 

the encrypted session key and the device identifier and the escrow 

authenticator.



 5. Implementation


   The Cryptographic Algorithm and the LEAF Creation Method shall 

be implemented in an electronic device (e.g., VLSI chip) which is 

highly resistant to reverse engineering (destructive or non-

destructive) to obtain or modify the cryptographic algorithms, the 

DID, the KF, the KU, the EA, the CPF, the operational KS, or any 

other security or  Key Escrow  System relevant information. The 

device shall be able to be programmed/personalized (i.e., made 

unique) after mass production in such a manner that the DID, KU 

(or its components), KF (or its components) and EA fixed pattern 

can be entered once (and only once) and maintained without 

external electrical power.


   The LEAF and the IV shall be transmitted with the ciphertext. 

The specifics of the protocols used to create and transmit the 

LEAF, IV, and encrypted data shall be registered and a CPF 

assigned. The CPF shall then be transmitted in accordance with the 

registered specifications.


   The specific electric, physical and logical interface will vary 

with the implementation. Each approved, registered implementation 

shall have an unclassified electrical, physical and logical 

interface specification sufficient for an equipment manufacturer 

to understand the general requirements for using the device. Some 

of the requirements may be classified and therefore would not be 

specified in the unclassified interface specification.



------------------------------



End of Computer Privacy Digest V3 #016

******************************


Comments

Popular posts from this blog

BOTTOM LIVE script

Evidence supporting quantum information processing in animals

ARMIES OF CHAOS