[2621] in cryptography@c2.net mail archive
Re: Director of Central Intelligence on Trust
daemon@ATHENA.MIT.EDU (Arnold G. Reinhold)
Fri May 1 17:35:06 1998
In-Reply-To: <19980430232008.A4143@die.com>
Date: Fri, 1 May 1998 12:34:49 -0400
To: die@die.com, koontz@netapp.com (David Koontz), cme@acm.org
From: "Arnold G. Reinhold" <reinhold@world.std.com>
Cc: cryptography@c2.net
At 11:20 PM -0400 4/30/98, Dave Emery wrote:
>On Thu, Apr 30, 1998 at 05:33:45PM -0400, Arnold G. Reinhold wrote:
>> >>algorithms like Skipjack and SHA, plus "high grade algorithms:" BATON,
>> >>FIREFLY, SDNS signature, STU-III
>> >
>> >FIREFLY is a public key certificate exchange system originally developed
>> >for certifying the role of the recipient - classification level
>> >authorization, role .
>> >
>>
>> Indeed. The STE sets and Fortezza cards can each be programmed to enforce a
>> variety of usage controls. Given the versatility of STE, I am suprised that
>> e-mail isn't built in.
>
>
> Does anybody know whether the KOV-14 actually implements key
>escrow such that a third party with access to all the private key
>components supplied by NSA could intercept the contents of a secure call ?
>Can NSA do this to other government departments (they appear to have
>legal authority for such as part of their INFOSEC mission) ? Is there
>some equivalent of the Clipper LEAF field in each call setup ? Or is the
>backdoor just based on the use of a unique to the particular KOV-14
>public key supplied and known by NSA to encrypt the session keys
>negotiated. Is there any way a STE user could communicate without
>escrow ?
>
Let me say first that my "expertise" on STE comes from reading the Web
sites that I and others have listed in this thread.
According to this material, STE uses the same key management techniques as
STU-III and SDNS, NSA's secure digital network. This functionality is
simply added to the existing Fortezza functionality. There is no indication
that Skipjack, LEAF, DSA or other classic Fortezza stuff plays any role in
STE whatsoever. Since all STE keys come from the NSA, they presumably keep
a copy and can, therefore, decrypt anything.
There seems to be a split in NSA's overall approach to individual access
control. In their MISSI program for securing computer networks, all that an
individual apparently needs to access Top Secret data is a properly
initialized Fortezza card and its PIN code. STE adds the requirement for a
Crypto Ignition Key which is kept separate from the Fortezza card after
initial distribution.
I suspect that some parts on NSA do not trust public key cryptography and
will not permit it to be used as the sole method of securing highly
classified voice transmissions. But this added complexity may actually
degrade overall system security by discouraging use of the STE in secure
mode. One of the sites Gary Mounfield <mani@firehouse.net> mentioned,
http://www.dtic.mil/dodsi/sab3e.html, is a humorous story trying to
encourage STU-III usage. It seems the complexity of key management keeps
many STU-III owners from actually using the equipment.
My interest has always been in the human factors aspects of cryptography:
how to make crypto systems that real people can actually use. I'm not sure
NSA completely gets this. We can have unbreakable crypto systems and, at
the same time, be a lucrative target for foreign signals intelligence
agencies. This will happen as long as users find key management a pain in
the butt and end up having sensitive conversations on ordinary phones.
If the US government allowed commercial cryptography to develop without
restrictions, it might be pleasantly surprised by getting better solutions
for these thorny problems.
Arnold Reinhold
Got crypto? http://ciphersaber.gurus.com
