[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
(Fwd) key recovery report, information hiding, and fire ants
------- Forwarded Message Follows -------
Date: Wed, 21 May 1997 09:45:53 -0700 (PDT)
From: Phil Agre <[email protected]>
To: [email protected]
Subject: key recovery report, information hiding, and fire ants
Reply-to: [email protected]
[I trust Matt and Ross, but the fire ants story is too good to be true.]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
This message was forwarded through the Red Rock Eater News Service (RRE).
Send any replies to the original author, listed in the From: field below.
You are welcome to send the message along to others but please do not use
the "redirect" command. For information on RRE, including instructions
for (un)subscribing, send an empty message to [email protected]
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Date: Wed, 21 May 1997 07:05:53 -0700 (PDT)
From: [email protected]
Subject: RISKS DIGEST 19.17
RISKS-LIST: Risks-Forum Digest Wednesday 21 May 1997 Volume 19 : Issue 17
----------------------------------------------------------------------
Date: Tue, 20 May 1997 20:27:08 -0400
From: Matt Blaze <[email protected]>
Subject: RISKS of Key-Recovery Encryption
In January 1997, an ad-hoc group of cryptographers and computer scientists
met to explore the technical implications, risks, and costs of the ``key
recovery'', ``key escrow'' and ``trusted third party'' encryption systems
being promoted by various governments. We have just completed a preliminary
report of our findings.
We have specifically chosen not to endorse, condemn, or draw conclusions
about any particular regulatory or legislative proposal or commercial
product. Rather, it is our hope that our findings will shed further light
on the debate over key recovery and provide a long-needed baseline analysis
of the costs of key recovery as policymakers consider embracing one of the
most ambitious and far-reaching technical deployments of the information
age.
Our preliminary report is available as follows:
On the web at:
http://www.crypto.com/key_study
In PostScript format via ftp:
ftp://research.att.com/dist/mab/key_study.ps
In plain ASCII text format via ftp:
ftp://research.att.com/dist/mab/key_study.txt
=======================================================================
THE RISKS OF KEY RECOVERY, KEY ESCROW, AND
TRUSTED THIRD-PARTY ENCRYPTION
Hal Abelson
Ross Anderson
Steven M. Bellovin
Josh Benaloh
Matt Blaze
Whitfield Diffie
John Gilmore
Peter G. Neumann
Ronald L. Rivest
Jeffery I. Schiller
Bruce Schneier
21 May 1997
Executive Summary:
A variety of ``key recovery,''``key escrow,'' and ``trusted third party''
encryption requirements have been suggested in recent years by government
agencies seeking to conduct covert surveillance within the changing
environments brought about by new technologies. This report examines the
fundamental properties of these requirements and attempts to outline the
technical risks, costs, and implications of widely deploying systems that
provide government access to encryption keys.
The deployment of a global key-recovery-based encryption infrastructure to
meet law enforcement's stated specifications will result in substantial
sacrifices in security and greatly increased costs to the end-user.
Building the secure infrastructure of the breathtaking scale and complexity
demanded by these requirements is far beyond the experience and current
competency of the field. Even if such an infrastructure could be built, the
risks and costs of such a system may ultimately prove unacceptable.
These difficulties are a function of the basic law enforcement requirements
proposed for key-recovery encryption systems. They exist regardless of the
design of the recovery system -- whether the system uses private-key
cryptography or public-key cryptography; whether the database is split with
secret sharing techniques or maintained in a single hardened secure
facility; and whether the recovery service provides private keys, session
keys, or merely decrypts specific data as needed.
All key-recovery systems require the existence of a highly sensitive and
highly available secret key or collection of keys that must be maintained in
a secure manner over an extended time period. These systems must make
decryption information quickly accessible to law enforcement agencies
without notice to the key owners. These basic requirements make the problem
of general key recovery difficult and expensive -- and potentially too
insecure and too costly for many applications and many users.
Attempts to force the widespread adoption of key-recovery encryption through
export controls, import or domestic use regulations, or international
standards should be considered in light of these factors. The public must
carefully consider the costs and benefits of embracing government-access key
recovery before imposing the new security risks and spending the huge
investment required (potentially many billions of dollars, in direct and
indirect costs) to deploy a global key recovery infrastructure.
------------------------------
Date: Sat, 17 May 1997 13:59:48 +0100
From: Ross Anderson <[email protected]>
Subject: Information-Hiding Workshop
Call for Papers, WORKSHOP ON INFORMATION HIDING (pruned for RISKS)
15 - 17 April 1998, Portland, Oregon
Many researchers are interested in hiding information or in stopping other
people doing this. Current research themes include copyright marking of
igital objects, covert channels in computer systems, subliminal channels in
cryptographic protocols, low-probability-of-intercept communications,
broadcast encryption schemes, and various kinds of anonymity services
ranging from steganography through location security to digital elections.
These closely linked areas of study were brought together in 1996 by a
workshop on information hiding held at the Isaac Newton Institute in
Cambridge. This was felt to be very worthwhile by the research community,
and it was decided to hold a second workshop in 1998.
This second international workshop on information hiding will be held in
Portland, Oregon from the 15th to the 17th April 1998.
See http://www.cl.cam.ac.uk/users/rja14/ihws.html for the call for papers.
Papers should be submitted by 31 Dec 1997 to [email protected]
(Program Chairman David Aucsmith, Intel Architecture Labs, 5200 N. E. Elam
Young Parkway, Hillsboro, OR 97124-6497, USA). The program committee also
includes Ross Anderson, Steve Low, Ira Moskowitz, Andreas Pfitzmann,
Jean-Jacques Quisquater, Gus Simmons, and Michael Waidner.
Details of the first (1996) information-hiding workshop are at
http://www.cl.cam.ac.uk/users/fapp2/steganography/bibliography/workshop.html
[Watch out for the invisible steganosauruses. PGN]
------------------------------
Date: Tue, 20 May 1997 12:33:20 -0400
From: "Mich Kabay [NCSA]" <[email protected]>
Subject: Another Computer Bug: Ants in the Machine
>From WIRED via PointCast:
> Another Computer Bug: Ants in the Machine
> by Ashley Craddock, 19 May 1997
> Stephanie Upps watched in horror as one of her final papers disappeared
> off her PowerBook at 2 a.m. one night during her last semester as a
> University of Texas graduate student. Her friends couldn't find the bug,
> so she called the 1-800 support line in desperation. "They told me to
> pull out the battery and give them the serial number," she says. "When I
> did, it was just crawling with ants." Far from a fluke, Upps' encounter
> with ants in the machine is happening to others with greater
> frequency. "The problem's endemic across Texas," she said.
The author makes the following key points:
* Major problem is fire ants, an exotic introduced to the Southern US in
the 1920s.
* Fire ants seem to like living in and eating electrical equipment.
* The critters may be attracted by electrical fields; Craddock writes,`
"They have some short-range attraction to electricity," says Dr. Harlan
Thorvilson of Texas Tech's Department of Plant and Soil Sciences. . . .
"They become almost mesmerized and behave oddly, piling dirt against the
wires and signaling to other members of their communities who come and
join them." '
[MK: I don't want to make a mountain out of an ant-hill, but this looks like
a case of form(icidae) over function. I expect further creepy puns from our
moderator, perhaps about how the victims are engaged in formication and
should ant-icipate trouble.]
M.E. Kabay, PhD, CISSP (Kirkland, QC), Director of Education
National Computer Security Association (Carlisle, PA) http://www.ncsa.com
[Turn on the fire-hider-ants; someone is in for a shock. PGN]
------------------------------
End of RISKS-FORUM Digest 19.17
************************