Building in Big Brother

The Escrowed Encryption Standard (EES) defines a US Government family of cryptographic processors, popularly known as "Clipper" chips, intended to protect unclassified government and private-sector communications and data. A basic feature of key setup between pairs of EES processors involves the exchange of a "Law Enforcement Access Field" (LEAF) that contains an encrypted copy of the current session key. The LEAF is intended to facilitate government access to the cleartext of data encrypted under the system. Several aspects of the design of the EES, which employs a classified cipher algorithm and tamper-resistant hardware, attempt to make it infeasible to deploy the system without transmitting the LEAF. We evaluated the publicly released aspects of the EES protocols as well as a prototype version of a PCMCIA-based EES device. This paper outlines various techniques that enable cryptographic communication among EES processors without transmission of the valid LEAF. We identify two classes of techniques. The simplest allow communication only between pairs of "rogue" parties. The second, more complex methods permit rogue applications to take unilateral action to interoperate with legal EES users. We conclude with techniques that could make the fielded EES architecture more robust against these failures. INTRODUCTION AND BACKGROUND In April 1993, the Clinton Administration announced a proposed new federal standard symmetric key encryption system for the protection of sensitive-but-unclassified government and civilian data [Mar93]. The proposal, called the Escrowed Encryption Standard (EES) [NIST94], includes several unusual features that have been the subject of consid* 2nd ACM Conference on Computer and Communications Security, Fairfax, VA, November 1994. Copyright 1994, Association for Computing Machinery, Inc. Reprinted by permission. 132 KEY ESCROW CRYPTOSYSTEMS erable debate and controversy. The EES cipher algorithm, called "Skipjack", is itself classified, and implementations of the cipher are available to the private sector only within tamper-resistant modules supplied by government-approved vendors. Software implementations of the cipher will not be possible. Although Skipjack, which was designed by the US National Security Agency (NSA), was reviewed by a small panel of civilian experts who were granted access to the algorithm, the cipher cannot be subjected to the degree of civilian scrutiny ordinarily given to new encryption systems. By far the most controversial aspect of the EES system, however, is key escrow. As part of the crypto-synchronization process, EES devices generate and exchange a "Law Enforcement Access Field" (LEAF). This field contains a copy of the current session key and is intended to enable a government eavesdropper to recover the cleartext. The LEAF copy of the session key is encrypted with a device-unique key called the "unit key", assigned at the time the EES device is manufactured. Copies of the unit keys for all EES devices are to be held in "escrow" jointly by two federal agencies that will be charged with releasing the keys to law enforcement under certain conditions. At present, two EES devices are being produced. The simplest, the Clipper chip (also known as the MYK-7S), is essentially a drop-in replacement for a conventional DES [NBS77] chip and relies on key negotiation being handled off the chip. The other EES device, the Capstone chip (MYK-SO), adds built-in support for public-key negotiation and digital signatures, with modular arithmetic functions, random number generation, and other such features. [See p. 147-14S-Ed.] The interface to the Skipjack cipher is similar to that of DES, based on a 64 bit codebook block cipher and supporting FIPS-Sl [NBSSO] standard modes of operation. Keys are SO bits in length, as opposed to DES's 56 bits. The initial application of EES is in stand-alone voice encryption telephone units, such as the AT&T Model 3600 Telephone Security Device. To facilitate computer applications such as electronic mail and file encryption, a version of the Capstone chip will also be available packaged in a standard PCMCIA card. EES PCMCIA cards can be installed easily in many commercially available laptop computers, and SCSI-based PCMCIA card readers can connect EES cards to most other computers. The government has specified a standard application interface library for communicating with the cards. Clipper and Capstone chips are, at present, available only for use in approved products that comply with LEAF handling requirements. EES PCMCIA cards, on the other hand, are themselves a stand-alone product, and are to be made generally available "off the shelf" in the