The GCHQ protocol and its problems

Authors:
Ross Anderson;Michael Roe
Affiliations:
Cambridge University Computer Laboratory, Cambridge;Cambridge University Computer Laboratory, Cambridge
Venue:
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Year:
1997

Citing 8
Cited 3

Why cryptosystems fail

Communications of the ACM
Applied cryptography (2nd ed.): protocols, algorithms, and source code in C

Applied cryptography (2nd ed.): protocols, algorithms, and source code in C
Using encryption for authentication in large networks of computers

Communications of the ACM
On the Risk of Opening Distributed Keys

CRYPTO '94 Proceedings of the 14th Annual International Cryptology Conference on Advances in Cryptology
Escrow Encryption Systems Visited: Attacks, Analysis and Designs

CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
A Proposed Architecture for Trusted Third Party Services

Proceedings of the International Conference on Cryptography: Policy and Algorithms
Kerberos on wall street

SSYM'96 Proceedings of the 6th conference on USENIX Security Symposium, Focusing on Applications of Cryptography - Volume 6
Kerberos: an authentication service for computer networks

IEEE Communications Magazine

Towards Signature-Only Signature Schemes

ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Key Management Techniques

State of the Art in Applied Cryptography, Course on Computer Security and Industrial Cryptography - Revised Lectures
On the Difficulty of Key Recovery Systems

ISW '99 Proceedings of the Second International Workshop on Information Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

The UK government is fielding an architecture for secure electronic mail based on the NSA's Message Security Protocol, with a key escrow scheme inspired by Diffie-Hellman. Attempts have been made to have this protocol adopted by other governments and in various domestic applications. The declared policy goal is to entrench commercial key escrow while simultaneously creating a large enough market that software houses will support the protocol as a standard feature rather than charging extra for it. We describe this protocol and show that, like the 'Clipper' proposal of a few years ago, it has a number of problems. It provides the worst of both secret and public key systems, without delivering the advantages of either; it does not support nonrepudiation; and there are serious problems with the replacement of compromised keys, the protection of security labels, and the support of complex or dynamic administrative structures.