Presentation on theme: "Information Assurance Management Key Escrow Digital Cash Week 12-1."— Presentation transcript:
Information Assurance Management Key Escrow Digital Cash Week 12-1
Key Escrow Private keys in a Public Key system Escrowed Encryption Standard –Each chip has a unique ID and secret key –Key split in two parks and stored with the ID at two different Escrow agencies. –Each time the chip functions it encrypts the session key with the secret key –Then transmits the encrypted session key and ID over the comm channel.
Key Escrow –LEA gets Court order to get both halves of the secret key –records traffic with the ID it wants –XOR’s the two together, decrypts the session key then decrypts the messages. Same thing can be done with PKE Fair cryptosystems
Key Escrow Private key is broken up into several pieces Each piece can be verified to be correct without having to be reassembled None of the escrow holders can reconstruct the private key alone…takes them all Several methods of ensuring that the key is authentic and verifiable
Key Escrow Politics –With several commercial plans out along with the government's plan, what advantages are there for the user? –NONE! –Several disadvantages –Trust the escrow agent’s security and people –Trust the agent and government not to change the rules and laws
Key Escrow –Trust LEA to be lawful –Must be forced to use it by banning non- escrowed encryption –How to enforce that? Must monitor ALL traffic –Academic research? –User liability if encrypted data gets out…always the user’s fault! –What if escrow database stolen?
Key Escrow Scandal…political opponents, critics of intelligence or law enforcement agencies What if signature keys were also encrypted? Will authenticity of signatures based on escrowed keys be acceptable in court? What recourse would you have if authorities used your signature key?
Digital Cash Great social need for Digital Cash Digital Money presumes an audit trail –Won’t ever happen! Why? Several protocols exist that can work… –Cheating is possible but difficult…penalties must be sever enough to deter cheating.
Digital Cash Protocol # 1 –100 money orders for $1000, sealed with carbon paper inside. –Bank selects 99 to open, confirms each is for $1000, signs the 100th through the envelope –Hands back the 100th envelope and deducts $1K from your account.
Digital Cash –You spend it at some merchant, which redeems it at the bank, without the bank knowing who it came from. 1% chance of cheating Protocol #2 –Double spending problem…photocopy the signed money order –Works the same as #1 but… –A long unique string of numbers on each check
Digital Cash –When cashed, bank checks number against db for duplicates Protocol #3 –Same as above but…protects the bank from cheaters and identifies them –you are asked to provide an identity string when giving the merchant the MO.
Digital Cash –The uniqueness string will be checked by the bank for reuse –The ID string will tell if the merchant tried to copy the MO or if the user tried to copy it Still, this and the others can be cheated But Digital Cash is necessary –Independence - security of cash not dependent on a physical location
Digital Cash –Security - cannot be copied and reused –Privacy - untraceability, no relationship between user and his purchases –Off-line Payment - protocol between user and merchant is executed off-line –Transferability -digital cash can be transferred –Divisibility- a piece of digital cash can be subdivided