Matching key recovery mechanisms to business requirements
Introduction
In the information age it has become vital for businesses and organisations to protect their most valuable asset, i.e. the information they possess, from unauthorised access both from outsiders and insiders. Encryption mechanisms are deployed, amongst other countermeasures, for this purpose. Use of these mechanisms, however, might lead to undesirable situations where access to encrypted data is not feasible due to loss of, or inaccessibility to, the encryption keys.
The resulting loss of important information might be very serious. Corporations will typically not wish to tolerate such a loss, especially if the inaccessible data hold potentially valuable information. Key recovery mechanisms (KRMs) can help overcome problems arising when encryption keys are lost, and hence prevent loss of information. KRMs allow authorised parties to retrieve cryptographic keys used for data confidentiality with the ultimate goal of recovering the encrypted data (Denning and Branstad, 1996, Smith et al., 2000).
The term key recovery (KR) or more specifically, key escrow, has attracted much unfavourable publicity mainly because of a number of government proposals for compulsory escrow of all private communications keys, see e.g. The White House (1993). The intention of these proposals was to give governments the ability to decrypt intercepted communications to deal with criminal activities. However, this has been seen by a number of parties as a potential infringement of the rights of individuals and corporations to provide privacy for data stored and communicated electronically.
In a business environment, however, the situation is rather different. A company normally owns its information, and therefore the issues surrounding access to private communications through compulsory key escrow do not arise. KRMs deployed in a corporate environment can be thought of as part of routine disaster recovery planning.
This paper looks at threats that corporate information might face from loss of encryption keys, and at the various scenarios in which these threats might be realised. Based on this analysis, the business need for KR is outlined, and the concomitant requirements for a KRM are described. The applicability of two main types of KRMs to a business environment is then examined, and the pros and cons of these mechanisms when used for communicated and archived data are investigated. The need for this latter distinction arises from the fact that, as discussed below, different KR requirements exist for these two types of data. Note that possible legal requirements for access to business communications are not examined here.
Section snippets
Business needs for key recovery
Protection of information through the use of security mechanisms has become vital for business. Cryptographic keys, including key agreement keys, session keys used for encrypting communication sessions or stored data, and signature keys, are a crucial part of the security infrastructure protecting corporate data. Loss or unavailability of encryption keys will lead to an inability to access the encrypted information, a situation the corporation will typically not wish to tolerate. Within a
Distinguishing between a business environment and law enforcement access
The term key recovery, or more specifically key escrow, has attracted much unfavourable publicity mainly because of a number of government proposals for compulsory escrow of all private communications keys, see e.g. The White House (1993). The intention of these proposals was to give governments the ability to decrypt intercepted communications to deal with criminal activities. However, this has been seen by a number of parties as a potential infringement of the rights of individuals and
Requirements for KRMs deployed in a business environment
Although key recovery mechanisms address problems arising from loss of decryption keys, they should always be deployed with extreme care. If the mechanism is not properly deployed it can seriously weaken security, as KR provides an alternative means of access to encryption keys that may be easier for an attacker to exploit than the original computation process. Thus, the fundamental security requirement for any KRM is that the effort to exploit and break the cryptographic infrastructure with KR
Classification and assessment of existing mechanisms
A variety of KRMs have been proposed by both the commercial sector and academia. Denning and Branstad (1996) give a description of a wide range of KRMs identified as key escrow encryption systems, while Smith et al. (2000) classify the existing KRMs into several types. However, as previously mentioned, KRMs in the information security literature are usually divided into two types: key escrow and key encapsulation mechanisms.
Distinguishing between communicated and archived data
The above analysis of KRMs in a business environment has not considered the target data. There are certain issues, however, that need to be addressed as far as the target of the KRM is concerned. This arises from the fact that there are different requirements for KRMs for archived data and KRMs for communicated data.
The majority of existing key recovery mechanisms were designed for use with communicated data, and with the objective of giving access to LEAs. Giving user access was typically not
Key recovery mechanisms for communications
The issues surrounding key recovery for communicated and archived data are somewhat different, as previously mentioned. In this section we look at the requirements that surround KRMs for communicated data, and investigate the applicability of the two main categories of KRMs. In the next section a similar analysis is performed for encrypted archived data.
Key recovery mechanisms for archived data
In this section the requirements of KRMs for archived data and the applicability of existing mechanisms are examined.
Conclusions
An analysis has been made of the requirements for KRMs applied in a business environment, and the applicability of existing mechanisms was investigated. As there is no panacea to the key recovery problem, careful analysis of the business needs is necessary to identify appropriate solutions. A further distinction was made between requirements for KRMs for communicated data, and requirements for KRMs for archived data, and it was shown that mechanisms providing KR functionality for communicated
Konstantinos Rantos received his Diploma in Computer Engineering and Informatics in 1996 from the University of Patras, Greece, his M.Sc. in Information Security in 1997 and his Ph.D. (sponsored by Marie Curie Research and Training Grant) in 2001 from Royal Holloway, University of London. Between 1997 and 1999 he was involved in an EU ACTS project concerning security for third generation mobile communications. In 2001 he joined Datacard Group as a smart card security architect until 2003 when
References (20)
A common key recovery block format: promoting interoperability between dissimilar key recovery mechanisms
Computers & Security
(2000)- et al.
Cryptographic information recovery using key recovery
Computers & Security
(2000) - et al.
The risks of key recovery, key escrow, and trusted third party encryption
Information warfare and security
Addison Wesley
(1998)- et al.
A taxonomy of key escrow encryption systems
Communications of the ACM
(March 1996) Towards a framework based solution to cryptographic key recovery
- et al.
Trusted third party based key management allowing warranted interception
- et al.
A proposed architecture for trusted third parties
- et al.
In search of multiple domain key recovery
Journal of Computer Security
(1998) Crypto backup and key escrow
Communications of the ACM
(March 1996)
Cited by (4)
Decentralized and privacy-preserving key management model
2020, 2020 International Symposium on Networks, Computers and Communications, ISNCC 2020Practical key recovery model for self-sovereign identity based digital wallets
2019, Proceedings - IEEE 17th International Conference on Dependable, Autonomic and Secure Computing, IEEE 17th International Conference on Pervasive Intelligence and Computing, IEEE 5th International Conference on Cloud and Big Data Computing, 4th Cyber Science and Technology Congress, DASC-PiCom-CBDCom-CyberSciTech 2019A supervising authenticated encryption scheme for multilevel security
2011, International Journal of Innovative Computing, Information and ControlA proposal of key recovery mechanism for personal decryptographic keys
2011, 2011 International Conference on Internet Technology and Applications, iTAP 2011 - Proceedings
Konstantinos Rantos received his Diploma in Computer Engineering and Informatics in 1996 from the University of Patras, Greece, his M.Sc. in Information Security in 1997 and his Ph.D. (sponsored by Marie Curie Research and Training Grant) in 2001 from Royal Holloway, University of London. Between 1997 and 1999 he was involved in an EU ACTS project concerning security for third generation mobile communications. In 2001 he joined Datacard Group as a smart card security architect until 2003 when he joined Encode S.A. as a security consultant contributing to a number of security related projects. His research interests lie in the areas of public-key infrastructures, smart cards, key management, security protocol design, and telecommunications security.
Chris Mitchell received his B.Sc. (1975) and Ph.D. (1979) degrees in Mathematics from Westfield College, London University. Since joining Royal Holloway in 1990, he helped launch the M.Sc. in Information Security in 1992. His research interests cover information security and the applications of cryptography. He has played an active role in a number of international collaborative projects. He has edited eight international security standards and published well over 160 research papers. He is academic editor of Computer and Communications Security Abstracts, a member of the Editorial Advisory Board for the journals of the London Mathematical Society, and a member of Microsoft's Trustworthy Computing Academic Advisory Board.