Communications of the ACM
Proceedings of the 4th ACM conference on Computer and communications security
A Key Escrow System with Warrant Bounds
CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
Escrow Encryption Systems Visited: Attacks, Analysis and Designs
CRYPTO '95 Proceedings of the 15th Annual International Cryptology Conference on Advances in Cryptology
An Analysis of Integrity Services in Protocols
INDOCRYPT '01 Proceedings of the Second International Conference on Cryptology in India: Progress in Cryptology
The Correctness of Crypto Transaction Sets (Discussion)
Revised Papers from the 8th International Workshop on Security Protocols
On the Difficulty of Key Recovery Systems
ISW '99 Proceedings of the Second International Workshop on Information Security
Does Trusted Computing Remedy Computer Security Problems?
IEEE Security and Privacy
Breaking up is hard to do: modeling security threats for smart cards
WOST'99 Proceedings of the USENIX Workshop on Smartcard Technology on USENIX Workshop on Smartcard Technology
Tamper resistance: a cautionary note
WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
Language identification of encrypted VoIP traffic: Alejandra y Roberto or Alice and Bob?
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
Uncertainty in the weakest-link security game
GameNets'09 Proceedings of the First ICST international conference on Game Theory for Networks
Hi-index | 0.02 |
The Escrowed Encryption Standard (EES) defines a US Government family of cryptographic processors, popularly known as “Clipper” chips, intended to protect unclassified government and private-sector communications and data. A basic feature of key setup between pairs of EES processors involves the exchange of a “Law Enforcement Access Field” (LEAF) that contains an encrypted copy of the current session key. The LEAF is intended to facilitate government access to the cleartext of data encrypted under the system. Several aspects of the design of the EES, which employs a classified cipher algorithm and tamper-resistant hardware, attempt to make it infeasible to deploy the system without transmitting the LEAF. We evaluated the publicly released aspects of the EES protocols as well as a prototype version of a PCMCIA-based EES device. This paper outlines various techniques that enable cryptographic communication among EES processors without transmission of the valid LEAF. We identify two classes of techniques. The simplest allow communication only between pairs of “rogue” parties. The second, more complex methods permit rogue applications to take unilateral action to interoperate with legal EES users. We conclude with techniques that could make the fielded EES architecture more robust against these failures.