[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Attacking GAK--team effort assembling



Given that the U.S. and E.U. governments seem to be moving toward a
policy of key escrow/recovery, 7Pillars Partners is starting a team
effort to demonstrate the practical problems in implementing such a
system.  The plan is to have the team block out the probable design
of the infrastructure, with as many of the options available outlined
and discussed (e.g., 'escrow' itself--will a copy of the secret key
need to be sent to the escrow agent, will it be created by the agent
and assigned to the device, will the method be the use of two receiver
keys (one packet to the intended party, one to the escrow agent), will
the method be to implement a 'back door' into the cryptosystem itself),
and then a thorough expansion on all possible methods of attack on the
various elements of the infrastructure (denial, flooding, espionage,
etc.).

The intent of this project is two-fold: it will provide a practical
guide that I hope will demonstrate that any key escrow/recovery system
and infrastructure, no matter how secure/safe, will fall to attack; if
such a system does end up being implemented and come into operation,
the analysis will serve as a first-approximation guide for resistance.

We could use a solid outside cryptographer, as well as an attorney
to work through the probable legal elements involved in the system.

Interest in being on the team should be indicated to:
Michael Wilson, [email protected] or [email protected]

MW
http://www.7pillars.com/