Steven B. Lipner

Commercial key recovery

eavesdropper and a serious disadvantage to the target of the eavesdropping. Sometimes the eavesdropper is the government— either law enforcement or an intelligence agency— and these agencies have learned to prize such sources of information very highly. They entail minimum risk for agents without inhibiting the conversations of the targets. Sometimes the eavesdropper is a criminal and the target is a solid citizen. In that case, security is needed. Cryptography provides the needed security and digital computers provide a means to implement high-quality cryptography with minimal inconve-

Security and source code access: issues and realities

This paper addresses some of the benefits and drawbacks for security of open access to source code. After a discussion of alternative models for open access to source code, the paper reviews the positive and negative implications of each for system security. The paper concludes that source code review can have real benefits for security, but that those benefits are not realized automatically, and that some source code access models introduce significant drawbacks.

Security assurance

How can customers tell they are getting it?

Twenty years of evaluation criteria and commercial technology

The major source of progress in computer security products during the last twenty years (1980-99) has been the Internet revolution of the mid-nineties. Evaluation criteria and processes have provided users with some characterization of the security attributes of operating system products. The newly developed Common Criteria show promise of offering more timely and relevant evaluation results. However there is little sign of progress in products that can deal with hostile code or in meeting needs for high assurance.

Information assurance technology forecast 2005

This paper gives insights into how the threats evolving nature, the current information technology environment, and various market forces are combining to yield new security challenges and likely new technology paths for the future.

Key Escrow Cryptosystems

Key escrow systems are those where part or all of the cryptographic keys are kept “in escrow” by third parties. The keys are released only upon proper authority to allow some person other than the original sender or receiver to read the message. The U. S. government is strongly supporting key escrow as a way to balance the needs for secrecy between communicating persons against the needs of law enforcement and national security agencies to sometimes read these encrypted communications (with proper legal authority). This chapter presents the technical aspects of the Clipper Chip, the U.S. Government’s first proposed key escrow system. It also mentions how Clipper fits into other proposed government cryptosystems and then presents a more general view of key escrow cryptosystems.