Archives
  Columns
  Features
  Print Archives
1994-1998
  Special
  BYTE Digest
  Michael Abrash's Graphics Programming Black Book
  101 Perl Articles
  About Us
  How to Access BYTE.com
  Write to BYTE.com
  Advertise with BYTE.com

Newsletter
Free E-mail Newsletter from BYTE.com
 
    
  HOME   ABOUT US   ARCHIVES   CONTACT US   ADVERTISE   REGISTER
Visit the home page Browse the four-year online archive Download platform-neutral CPU/FPU benchmarks Find information for advertisers, authors, vendors, subscribers Request free information on products written about or advertised in BYTE Submit a press release, or scan recent announcements Talk with BYTE's staff and readers about products and technologies

ArticlesSoftware-Key Escrow Emerges

October 1994 / News & Views / Software-Key Escrow Emerges
Peter Wayner

For the last year, the U.S. government tried to convince the country that it should embrace the Clipper encryption chip--the top-secret chip for protecting secrets that came with a trapdoor that allowed law-enforcement officials to listen in. Public reaction to the plan was largely negative, because many people believed that the technology was overly expensive, dangerously fragile, and an unwelcome invasion of privacy. Now, Trusted Information Systems (Glenwood, MD) is offering a new software-based proposal that keeps the trapdoor for law enforcement but may eliminate many objections to cost and flexibility.

Many of the objections to Clipper's cost emerged from the government's plan to fix the design in hardware. A solution using software can be distributed at little cost, incorporated into operating systems, and quickly updated in the event the system is compromised.

TIS's system still maintains the controversial ``escrow'' feature by using public-key encryption technology to attach an additional field called the LEAF (Law Enforcement Access Field) that contains the session key for the conversation encrypted with the government's public key. Only law-enforcement officials would have access to the matching private key that could decode this extra field. This key can be split into many parts and distributed to different parties if necessary.

Many companies proposed similar schemes, but TIS took the additional step of defending against ``rogue'' implementations that could fool law-enforcement officials. Matthew Blaze, a researcher for AT&T (Holmdel, NJ), discovered such a flaw in the first prototypes of the Tessera PCMCIA cards that adapted Clipper for PCs. These attacks work by binding in a false session key into the LEAF so that law-enforcement personnel can't decrypt the mes sage. The TIS implementation defeats this by requiring both ends of the conversation to compute the LEAF using the chosen session key. The receiving end compares its LEAF to the one sent and shuts down if they don't match. This will force hackers to tamper with the equipment on both ends of the conversation--a limitation that TIS hopes will be severe enough to keep many in line.

The TIS proposal is just a proposal, but many people expect that it will be seriously studied by government officials. Others think that the most important problem is still individual privacy. David Banisar, a lawyer for EPIC ( Electronic Privacy Information Center) in Washington, D.C., says, ``We are concerned that the cure for Clipper is worse than the disease. Key escrow in software or hardware is a bad idea and threatens the security and privacy of communications. The Fourth Amendment doesn't require that every man, woman, and child in the U.S. leave a copy of their keys at the local police station. It's unacceptable to hav e these requirements for our communications.''

Up to the News & Views section contentsGo to previous article: System Commander for Multiple Operating-System ProjectsSearchSend a comment on this articleSubscribe to BYTE or BYTE on CD-ROM  
Flexible C++
Matthew Wilson
My approach to software engineering is far more pragmatic than it is theoretical--and no language better exemplifies this than C++.

more...

BYTE Digest

BYTE Digest editors every month analyze and evaluate the best articles from Information Week, EE Times, Dr. Dobb's Journal, Network Computing, Sys Admin, and dozens of other CMP publications—bringing you critical news and information about wireless communication, computer security, software development, embedded systems, and more!

Find out more
BYTE.com Store

BYTE CD-ROM
NOW, on one CD-ROM, you can instantly access more than 8 years of BYTE.
 
The Best of BYTE Volume 1: Programming Languages
The Best of BYTE
Volume 1: Programming Languages
In this issue of Best of BYTE, we bring together some of the leading programming language designers and implementors...

Copyright © 2005 CMP Media LLC, Privacy Policy, Your California Privacy rights, Terms of Service
Site comments: webmaster@byte.com
SDMG Web Sites: BYTE.com, C/C++ Users Journal, Dr. Dobb's Journal, MSDN Magazine, New Architect, SD Expo, SD Magazine, Sys Admin, The Perl Journal, UnixReview.com, Windows Developer Network