The GCHQ Protocol and Its Problems

The UK government is fielding an architecture for secure electronic mail based on the NSA's Message Security Protocol, with a key escrow scheme inspired by Diffie-Hellman. Attempts have been made to have this protocol adopted by other governments and in various domestic applications. The declared policy goal is to entrench commercial key escrow while simultaneously creating a large enough market that software houses will support the protocol as a standard feature rather than charging extra for it. We describe this protocol and show that, like the 'Clipper' proposal of a few years ago, it has a number of problems. It provides the worst of both secret and public key systems, without delivering the advantages of either; it does not support nonrepudiation; and there are serious problems with the replacement of compromised keys, the protection of security labels, and the support of complex or dynamic administrative structures.

[1]  Moti Yung,et al.  Escrow Encryption Systems Visited: Attacks, Analysis and Designs , 1995, CRYPTO.

[2]  Ronald L. Rivest,et al.  The RC5 Encryption Algorithm , 1994, FSE.

[3]  Theodore Y. Ts'o,et al.  Kerberos: an authentication service for computer networks , 1994, IEEE Communications Magazine.

[4]  Bruce Schneier,et al.  Applied cryptography (2nd ed.): protocols, algorithms, and source code in C , 1995 .

[5]  Ed Dawson,et al.  Cryptography: Policy and Algorithms , 1996, Lecture Notes in Computer Science.

[6]  Jerome Thorel EC plans encryption rules in bid to police information superhighway , 1995, Nature.

[7]  Steve Orlowski Encryption and the Gloval Information Infrastructure: An Australian Perspective , 1995, Cryptography: Policy and Algorithms.

[8]  Michael Ganley,et al.  Encryption algorithms , 1992 .

[9]  Roger M. Needham,et al.  Using encryption for authentication in large networks of computers , 1978, CACM.

[10]  Martín Abadi,et al.  A logic of authentication , 1989, Proceedings of the Royal Society of London. A. Mathematical and Physical Sciences.

[11]  Isaac Hollander,et al.  Kerberos on wall street , 1996 .

[12]  Mike Burmester,et al.  On the Risk of Opening Distributed Keys , 1994, CRYPTO.

[13]  Ross J. Anderson Why cryptosystems fail , 1994, CACM.

[14]  Chris J. Mitchell,et al.  A Proposed Architecture for Trusted Third Party Services , 1995, Cryptography: Policy and Algorithms.

[15]  Bruce Schneier,et al.  Applied cryptography : protocols, algorithms, and source codein C , 1996 .

[16]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.