|
Cryptome DVDs are offered by Cryptome. Donate $25 for two DVDs of the Cryptome 12-years collection of 46,000 files from June 1996 to June 2008 (~6.7 GB). Click Paypal or mail check/MO made out to John Young, 251 West 89th Street, New York, NY 10024. The collection includes all files of cryptome.org, jya.com, cartome.org, eyeball-series.org and iraq-kill-maim.org, and 23,000 (updated) pages of counter-intelligence dossiers declassified by the US Army Information and Security Command, dating from 1945 to 1985.The DVDs will be sent anywhere worldwide without extra cost. |
25 February 1998
Date: Wed, 25 Feb 1998 13:53:33 -0500 From: nospam[at]synernet.com (Ed Stone) Subject: Re: Another Network Associates U-Turn on Key Recovery To: jy[at]jya.com PGP Inc's new owner, Network Associates, has announced it is acquiring Trusted Informations Systems, Inc. On the TIS web site, the following project is detailed, in which Dr. Dorothy Denning was a subcontractor, and in which policy-based crypto key release systems were explored, in collaboration with the NSA, FBI, etc.: Source: http://www.tis.com/research/crypto/crypt_krp_projsum.html Policy-Based Cryptographic Key Release Systems Cryptographic Key Release Language Design and Specification View the quad chart graphic for the Policy-Based Cryptographic Key Release System Project Summary ARPA Order Number: 8685 Contractor: Trusted Information Systems, Inc. 3060 Washington Road Glenwood, Maryland 21738 Phone: (301) 854-6889 FAX: (301) 854-5363 Subcontractors: Dr. Dorothy Denning Dr. Burton Kaliski Dr. Warwick Ford Russel Housley Principle Investigators: Dennis Branstad dbranstad[at]tis.com Title of Effort: Policy-Based Cryptographic Key Release System Objective: The objective of this task is to develop an automated system that will release cryptographic keys in accordance with a specified policy. The dynamic relationships established among nations, military groups, industrial consortia, business partnerships, and people require that information protection policies be specific and dynamic. The key release system to be developed will support policy specifications from all parties having jurisdiction over the information and then enforce security in accordance with this policy. The policy may be different for each user, application, or cryptographic key. The cryptographic key release system provides dynamic and flexible authorization rules for releasing the key. The system will allow a set of authorization rules, collectively called a key release policy, to be created to control the release of a key. Approach: This task is to identify the requirements for key release of potential users, their managers (for organizational users), the law enforcement organizations having jurisdiction in the location of use, and the national security organizations having jurisdiction in the location of use. A broad set of real and hypothetical requirements will be identified. Real requirements will be used whenever possible (e.g., by talking with users, their managers, and law enforcement personnel) and hypothetical requirements will be used when required (i.e., when real requirements are classified). The goal is to build a representative set of requirements to be included in the release system without attempting to be comprehensive or complete. Using a set of real and theoretical requirements for key release, a release authorization language will be developed. Various hypothetical scenarios will be defined (e.g., a multi-national military communication system, a government agency's archival system, an individual's personal records management system, a family's financial system, a corporation's vital records system, an international electronic commerce trading system) for which various key release policies could be specified. An optional automated key release prototype system will be developed during the second year to demonstrate the feasibility and effectiveness of dynamic cryptographic key release. Recent Accomplishments: The KRP project achieved several major accomplishments this year. They can be categorized as requirements identification, language specification, policy administration system, and project design review. A Key Release Requirements document was prepared and reviewed by the KRP review team. This document presented the general requirements of individuals and organizations for specifying the acceptable conditions under which a cryptographic key could be released and to whom it could be released under those conditions. The syntax and semantics of an initial KRP language for specifying these conditions (automated events such as time and human events such as death) were specified. Syntax defines the structure (i.e., acceptable sentences) of a language and semantics defines the meaning of the components (i.e., words, sentences) of the language. Additional components needed for the language were identified. A prototype (demonstration) system was developed for administering the creation of cryptographic keys and release policies. It also protected the keys, enforced the policies, and administered the roles of users authorized to perform the roles. A design review meeting (TIS staff and KRP consultants) was held for DARPA sponsors and NSA , NIST, and MITRE guests The responses to the KRP language and system design as well as the demonstrations were all positive. Current Plan: (Option 1) Implement an automated system which enforces the rules for releasing cryptographic keys. The system shall consist of key-release policy (KRP) creation modules, storage modules, and enforcement modules. User roles to be supported include: policy domain originator, policy component creator, key requester, policy event poster, policy event verifier, policy administration system (PAL) manager, and PAL auditor. Different interfaces may be provided for the different user roles. KRP and PAL language specifications and system descriptions shall be provided. Demonstrations and a final report shall be provided at the end of the project. Technology Transition: Demonstrations of the KRP prototype system and presentations of the KRP specification language have been made available to DARPA sponsors, NSA coordinators, NIST interested parties, and FBI staff. Informal presentations have been given to TIS visitors and formal presentations have been made to several technical workshops. Research cooperation meetings were held with several other DARPA researchers interested in the language and system. Broader coverage and technology transfer await funding of the second year of development of the language and system." -- ------------------------------- Ed Stone estone[at]synernet-robin.com remove "-birdname" spam avoider -------------------------------