This article includes alist of references,related reading, orexternal links,but its sources remain unclear because it lacksinline citations. Please helpimprove this article byintroducing more precise citations.(June 2019) (Learn how and when to remove this message) |
Key escrow (also known as a"fair" cryptosystem)[1] is an arrangement in which thekeys needed to decryptencrypted data are held inescrow so that, under certain circumstances, an authorizedthird party may gain access to those keys. These third parties may include businesses, who may want access to employees' secure business-relatedcommunications, orgovernments, who may wish to be able to view the contents of encrypted communications (also known asexceptional access).[2]
The technical problem is a largely structural one. Access to protectedinformation must be providedonly to the intended recipient and at least one third party. The third party should be permitted access only under carefully controlled conditions, for instance, acourt order. Thus far, no system design has been shown to meet this requirement fully on a technical basis alone. All proposed systems also require correct functioning of some social linkage, for instance the process of request for access, examination of request for 'legitimacy' (as by acourt), and granting of access by technical personnel charged with access control. All such linkages / controls have serious problems from a system design security perspective. Systems in which the key may not be changed easily are rendered especially vulnerable as the accidental release of the key will result in many devices becoming totally compromised, necessitating an immediate key change or replacement of the system.
On a national level, key escrow is controversial in many countries for at least two reasons. One involves mistrust of the security of the structural escrow arrangement. Many countries have a long history of less than adequate protection of others' information by assorted organizations, public and private, even when the information is held only under an affirmative legal obligation to protect it from unauthorized access. Another is technical concerns for the additional vulnerabilities likely to be introduced by supporting key escrow operations.[2] Thus far, no key escrow system has been designed which meets both objections and nearly all have failed to meet even one.
Key escrow is proactive, anticipating the need for access to keys; a retroactive alternative iskey disclosure law, where users are required to surrender keys upon demand by law enforcement, or else face legal penalties. Key disclosure law avoids some of the technical issues and risks of key escrow systems, but also introduces new risks like loss of keys and legal issues such as involuntaryself-incrimination. The ambiguous termkey recovery is applied to both types of systems.
See also
editReferences
edit- ^Kilian, Joe; Leighton, Frank Thomson (27 August 1995)."Fair Cryptosystems, Revisited: A Rigorous Approach to Key-Escrow (Extended Abstract)".Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology. Springer-Verlag:208–221.
- ^abAbelson, Harold; Anderson, Ross; Bellovin, Steven M.; Benaloh, Josh; Blaze, Matt; Diffie, Whitfield; Gilmore, John; Green, Matthew; Landau, Susan; Neumann, Peter G.; Rivest, Ronald L. (2015-11-17)."Keys under doormats: mandating insecurity by requiring government access to all data and communications".Journal of Cybersecurity: tyv009.doi:10.1093/cybsec/tyv009.hdl:1721.1/128748.ISSN 2057-2085.
External links
edit- "The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption". 1997–98.
- Encryption Policy: Memo for the Vice President CIA memo to Al Gore on suggested US policy on key recovery, 11. September 1996. Archived fromthe original on 2012-10-15