Key escrow
   HOME

TheInfoList



Click Here for Items Related To - Key escrow
OR:
Key escrow on:   [Wikipedia]   [Google]   [Amazon]

Key escrow (also known as a "fair" cryptosystem) is an arrangement in which the keys needed to decrypt
encrypted In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can decip ...
data are held in
escrow An escrow is a contractual arrangement in which a third party (the stakeholder or escrow agent) receives and disburses money or property for the primary transacting parties, with the disbursement dependent on conditions agreed to by the transacti ...
so that, under certain circumstances, an authorized
third party Third party may refer to: Business * Third-party source, a supplier company not owned by the buyer or seller * Third-party beneficiary, a person who could sue on a contract, despite not being an active party * Third-party insurance, such as a Veh ...
may gain access to those keys. These third parties may include businesses, who may want access to employees' secure business-related
communication Communication (from la, communicare, meaning "to share" or "to be in relation with") is usually defined as the transmission of information. The term may also refer to the message communicated through such transmissions or the field of inquir ...
s, or
government A government is the system or group of people governing an organized community, generally a state. In the case of its broad associative definition, government normally consists of legislature, executive, and judiciary. Government is a ...
s, who may wish to be able to view the contents of encrypted communications (also known as ''exceptional access''). The technical problem is a largely structural one. Access to protected
information Information is an abstract concept that refers to that which has the power to inform. At the most fundamental level information pertains to the interpretation of that which may be sensed. Any natural process that is not completely random ...
must be provided ''only'' to the intended recipient and at least one third party. The third party should be permitted access only under carefully controlled conditions, as for instance, a
court order A court order is an official proclamation by a judge (or panel of judges) that defines the legal relationships between the parties to a hearing, a trial, an appeal or other court proceedings. Such ruling requires or authorizes the carrying out o ...
. Thus far, no system design has been shown to meet this requirement fully on a technical basis alone. All proposed systems also require correct functioning of some social linkage, as for instance the process of request for access, examination of request for 'legitimacy' (as by a
court A court is any person or institution, often as a government institution, with the authority to adjudicate legal disputes between parties and carry out the administration of justice in civil, criminal, and administrative matters in accordance ...
), and granting of access by technical personnel charged with access control. All such linkages / controls have serious problems from a system design security perspective. Systems in which the key may not be changed easily are rendered especially vulnerable as the accidental release of the key will result in many devices becoming totally compromised, necessitating an immediate key change or replacement of the system. On a national level, key escrow is controversial in many countries for at least two reasons. One involves mistrust of the security of the structural escrow arrangement. Many countries have a long history of less than adequate protection of others' information by assorted organizations, public and private, even when the information is held only under an affirmative legal obligation to protect it from unauthorized access. Another is technical concerns for the additional vulnerabilities likely to be introduced by supporting key escrow operations. Thus far, no key escrow system has been designed which meets both objections and nearly all have failed to meet even one. Key escrow is proactive, anticipating the need for access to keys; a retroactive alternative is
key disclosure law Key disclosure laws, also known as mandatory key disclosure, is legislation that requires individuals to surrender cryptographic keys to law enforcement. The purpose is to allow access to material for confiscation or digital forensics purposes and ...
, where users are required to surrender keys upon demand by law enforcement, or else face legal penalties. Key disclosure law avoids some of the technical issues and risks of key escrow systems, but also introduces new risks like loss of keys and legal issues such as involuntary
self-incrimination In criminal law, self-incrimination is the act of exposing oneself generally, by making a statement, "to an accusation or charge of crime; to involve oneself or another ersonin a criminal prosecution or the danger thereof". (Self-incrimination ...
. The ambiguous term ''key recovery'' is applied to both types of systems.


See also

*
Cryptography Cryptography, or cryptology (from grc, , translit=kryptós "hidden, secret"; and ''graphein'', "to write", or ''-logia'', "study", respectively), is the practice and study of techniques for secure communication in the presence of adver ...
*
Key management Key management refers to management of cryptographic keys in a cryptosystem. This includes dealing with the generation, exchange, storage, use, crypto-shredding (destruction) and replacement of keys. It includes cryptographic protocol design, ...
*
Clipper chip The Clipper chip was a chipset that was developed and promoted by the United States National Security Agency (NSA) as an encryption device that secured "voice and data messages" with a built-in backdoor that was intended to "allow Federal, State, ...
*
Data Securities International Data Securities International, DSI was a technology escrow administration company based in San Francisco, California. Founded in 1982, the company escrows source code and other maintenance materials for licensees and stakeholders. The company was a ...
*
Related-key attack In cryptography, a related-key attack is any form of cryptanalysis where the attacker can observe the operation of a cipher under several different keys whose values are initially unknown, but where some mathematical relationship connecting the k ...
*
Backdoor A back door is a door in the rear of a building. Back door may also refer to: Arts and media * Back Door (jazz trio), a British group * Porta dos Fundos (literally “Back Door” in Portuguese) Brazilian comedy YouTube channel. * Works so title ...


References


External links

*
Encryption Policy: Memo for the Vice President
CIA memo to Al Gore on suggested US policy on key recovery, 11. September 1996. Archived fro
the original
on 2012-10-15 {{DEFAULTSORT:Key Escrow Key management