Nevenko Zunic

Special feature: Two-phase cryptographic key recovery system

A two-phase method of key recovery which will be referred to as Secure Key Recovery (SKR) is presented. The proposed key recovery system permits a portion of the key recovery information to be generated once and then used for multiple encrypted data communications sessions and encrypted file applications. In particular, the portion of the key recovery information that is generated just once is the only portion that requires public key encryption operations. We also describe a verification mode in which the communicating parties each produce SKR recovery information independently, without checking the others so produced information. In this mode, if at least one side is correctly configured, all required recovery information is correctly produced. In addition, the communicating parties are free to include any optional recovery fields without causing a false invalidation of what the other parties sent. Further, we present a method of verification of key recovery information within a key recovery system, based on a variation of the three-party Diffie-Hellman key agreement procedure. Without communication with a trustee, the sender is able to encrypt recovery information in such a way that both the receiver and the respective trustee can decrypt it. This reduces the number of encryptions, and inherently validates the recovery information when the receiver decrypts it. The method allows full caching of all public key operations, thus further reducing computational overhead.

The data encryption standard

In 1972, the NBS Institute for Computer Sciences and Technology (ICST) initiated a project in computer security, a subject then in its infancy. One of the first goals of the project was to develop a cryptographic algorithm standard that could be used to protect sensitive and valuable data during transmission and in storage. Prior to this NBS initiative, encryption had been largely the concern of military and intelligence organizations. The encryption algorithms, i.e., the formulas or rules used to encipher information, that were being used by national military organizations were closely held secrets. There was little commercial or academic expertise in encryption. One of the criteria for an acceptable encryption algorithm standard was that the security provided by the algorithm must depend only on the secrecy of the key, since all the technical specifications of the algorithm itself would be made public. NBS was the first to embark on developing a standard encryp-tion algorithm that could satisfy a broad range of commercial and unclassified government requirements in information security. Ruth M. Davis, then Director of ICST, asked the National Security Agency (NSA) to help evaluate the security of any cryptographic algorithm that would be proposed as a Federal standard. She then initiated the standards development project by publishing an invitation in the Federal Register (May 15, 1973) to submit candidate encryption algorithms to protect sensitive, unclassified data. NBS received many responses demonstrating interest in the project, but did not receive any algorithms that met the established criteria. NBS issued a second solicitation in the Federal Register (August 17, 1974) and received an algorithm from the IBM Corp., which had developed a family of cryptographic algorithms, primarily for financial applications. After significant review within the government, NBS published the technical specifications of the proposed algorithm in the Federal Register (March 17, 1975), requesting comments on the technical aspects of the proposed standard. NBS received many comments on the security and utility of the proposed standard and held two public workshops during 1976 on its mathematical foundation and its utility in various computer and network architectures. After intense analysis of the recommendations resulting from the workshops, NBS issued the Data Encryption Standard (DES) as Federal Information Processing Standard (FIPS) 46 on Novem-ber 23, 1977 [1]. Many NBS, NSA, and IBM technical staff members participated in this initiative, which combined expertise from government and industry. In 1973 the Bureau hired Dennis Branstad to …

Global Interoperability for Key Recovery

This document describes techniques for implementing key recovery. The document then addresses interoperability between encryptors and decryptors using the key encapsulation method of key recovery. The Common Key Recovery Block is presented as a cornerstone for interoperability. The interoperability is summarized in an interoperability matrix for key recovery systems.

Additional Key Recovery Functions

This document describes additional functions that may be required by specific implementations of the key recovery model. This document should not be read in isolation, but must be read in conjunction with the Key Recovery Functional Model document.

Key Recovery Functional Model

This document describes a model for key recovery. The means by which plaintext may be recovered or reconstructed from recovered key(s) is not addressed in the key recovery model. The key recovery model is a generalized model that encompasses a wide variety of key recovery systems, including both key backup and encapsulated key recovery information techniques. The key recovery model is a functional model. That is, the components of the model are functional components not system components.

Organization Implementation Guidelines for Recovery of Encrypted Information

In order to access information that has been encrypted, it is necessary to have access to the key. Since it is critical for an organization to have access to its data when it is needed, it is essential that an organization planning to use encryption technology also have plans for recovering that data in the event that the key is lost.This document will discuss how an organization should plan for and make decisions about the use of key recovery technology for the purpose of recovering its own data in the event that the key has been lost.

Organization Considerations for Retrieval of Stored Data via Key Recovery Methods

The purpose of this document is to identify technical and procedural issues that need to be considered when selecting and deploying key recovery systems to enable emergency recovery of data that is stored or archived in encrypted form. Emergency recovery of encrypted data is necessary in the event that the decryption keys are unavailable through normal key management mechanisms. In many cases, the need to support emergency recovery of encrypted data is vital to ongoing operations and jurisdictional policy compliance. A disaster recovery plan may also give consideration to an ability to recover many data keys by using a single key recovery request.