a bit more information on key escrow

[smb@research.att.com]

I and a few others sent a short list of questions to Dorothy Denning
and Steve Kent, with a request that they forward them to the other review
panel members.  Here are Denning's answers.  I do not know if they
represent the view of the other committee members, or if more details
will be forthcoming.  In particular, I do not know if anyone on the
committee will ask NSA to declassify any information relative to these
questions.  I did ask that if the answer to anything was ``it's
classified'', that a persuasive rationale for the classification
status be given.

Reposted with permission....

		--Steve Bellovin

------- Forwarded Message

Date: Fri, 17 Jun 94 16:01:43 EDT
From: denning@chair.cosc.georgetown.edu (Dorothy Denning)

Steve,

Here are answers to the questions you asked.  The answers generally
apply to the current system.  In some cases, I noted changes that will
be made in the target system that is under development.

Regards,
Dorothy

			Questions on Key Escrow

1.	How are the halves of the unit key generated?  What is
	the function?
	
	The Device Unique Key (KU) is a function of two Random Seed
	values that are brought to the chip programming facility
	by Escrow Officers from each of the Escrow Agents,
	arbitrary input from the keyboard provided by the Escrow
	Officers, and the Device Unique Identifier (UID).  The exact
	function is classified in order to avoid revealing
	cryptographic principles about generating good keys.

2.      How are the seeds generated for the unit key generation
	process?  These are extremely sensitive values, since
	their compromise could give away an entire production run.

	Each Escrow Agent generates a separate Random Seed using a PC
	and NIST-developed smart card.  The smart card implements a
	pseudorandom number generator (PRNG) approved for cryptographic
	key generation in FIPS 171.  Input from the keyboard as well as
	keystroke timing are used as input to the Secure Hash
	Algorithm.  After hashing, the result is fed to the PRNG.

	Compromise of the Random Seed values could not give away an
	entire production run since the Unique Keys are also a function
	of arbitrary input from the keyboard.  In addition, the
	algorithm for generating the KU values, being classified, is
	not generally available.

3.	How is the serial number generated?  Randomly?  With only
	32 bits, the probability of a collision is moderately high.

	The serial numbers are generated in sequence.

4.	How are the seeds destroyed after generation?

	The Escrow Officers bring the seeds on floppy disks.  These
	disks are to be destroyed or stored in the double-locked safe
	inside the programming facility (SCIF) until they can be 
        destroyed.

	The seeds and all other key data is erased from the memory and
	hard disk of the computer used for key generation at the end of
	a programming session.  The disk is then stored in the safe.

5.	How is the session key encrypted within the LEAF?

	The details of the LEAF creation method, including the exact
	modes of encryption used, are classified in order to make it
	more difficult to build an interoperable rogue product that
	produced fake LEAFs in the event the Family Key should be
	compromised, and also to avoid revealing cryptographic
	principles.

6.	How is the entire LEAF encrypted?  The LEAF/IV package use
	in Tessera?  In particular, is the family key used for
	session-level cryptographic protection of the IV?

        The IV is passed in the clear.  See 5 about how the LEAF is
        encrypted.

7.	How is the checksum in the LEAF calculated?

	See 5.

9.	What is the nature of the key exchange and key negotiation
	protocol?

	The key exchange protocol on the Capstone chip is classified to
	avoid revealing cryptographic principles of key generation and
	exchange.  However, it is not a requirement to use this
	algorithm.  Other techniques can be used instead.  The Escrowed
	Encryption Standard (EES) does not specify a key exchange
	method and the Clipper chip does not implement one.

10.	How does the Tessera card generate its random keys and IVs?
	A true random number generator?  A pseudo-random number generator?
	How is it seeded?  From a true random source?  Why not use that
	all the time?

	There is a true random number generator on the Capstone chip.
	This can be used to generate all random values including the
	IV.  The target programming device may use this random number
	generator in the generation of Device Unique Keys, but it would
	not replace the entire algorithm.

11.	How are escrowed keys protected during transport and storage?
	What about backup?
 
	Escrowed Key Components are stored in encrypted form on floppy
	disks inside double locked safes. It takes 2 Escrow Officers at
	each Escrow Agent site to open a safe, and it takes an Escrow
	Officer from each Escrow Agent to form the Key Enciphering Key
	(KCK) needed to decrypt the Encrypted Key Components.  KCK is a
	function of two Key Numbers, KN1 and KN2, each of which is held
	by one of the Escrow Agents in its safe.

	For backup, there are two copies of key escrow data in each
	safe.  In addition, each Escrow Agent has a backup safe, which
	contains an additional two copies.

	Encrypted Key Components are transported on floppy disks inside
	tamper-detecting packages.  A number is written on each
	package.  Upon arrival, the packages are checked for tampering and
	the numbers are checked.  In the target system, key escrow data
	will be transmitted electronically using cryptography for
	protection.

12.	What mechanisms will protect the key halves during transmission
	to authorized wiretap agents?

	The same methods as for 11.

13.	How will an audit trail be maintained of unit key requests
	and usage?

	Audit records are written for the following events: generation
	of keying material, storage of and access to keying material,
	request for Key Components, confirmation of a key release
	certification, and notification that a Unique Key was deleted
	in the Decrypt Processor.  These records are kept in the double
	locked safes under two person control.

14.	How will wiretap keys expire?

	When the Escrow Officers load the Key Components into the
	Decrypt Processor, they also type in the expiration date.  The
	date is stored with the Unique Key, but the person operating
	the Decrypt Processor must issue a command to delete the key.
	When that happens, the Escrow Agents are to be notified of the
	key deletion.  In the target system, the key will be deleted
	automatically when the court order expires, and the
	notification will be sent automatically from the Decrypt
	Processor.



------- End of Forwarded Message