Government and Cryptography Sandy Kutin CSPP 532 81401

Government and Cryptography Sandy Kutin CSPP 532 8/14/01

We, the people, . . . z. How, and why, does government get involved in cryptography? z. Role of government: y. Establish justice y. Ensure domestic tranquility y. Provide for the common defense y. Promote the general welfare y. Secure the blessings of liberty to ourselves and our posterity

in order to form. . . z. Provide for the common defense y. National Security: Import/export restrictions z. Ensure domestic tranquility y. Law enforcement: Key escrow z. Secure the blessings of liberty y. Encryption does this through confidentiality y. Government restrictions can be restrictive

a more perfect union z. Establish justice y. Contract law: what is a signature? y. Digital copyright laws, patent law x. Balance rights of software/hardware companies, content providers with rights of consumers y. Standard or approved algorithms x. Legal standards x. Also affects national security: infrastructure x. Promote the general welfare

Dan Bernstein vs. the Department of Justice z. In 1990, Dan Bernstein wrote a paper y. Showed how to use one-way hashes for encryption; included source code z 1992: tried to get permission to publish z 1995: with EFF, sued the government z. Case is still being appealed z. May be made irrelevant by changes to the export laws

Current Export Laws z. January, 2000: U. S. eased restrictions: y. Can’t export cryptanalytic materials y. Strong products exportable with a license y. Exports not allowed to Cuba, Iran, Iraq, Libya, North Korea, Syria, Sudan y. Posting on web sites could still be a problem z. Europe is less restrictive z. Wassenaar agreement: y. DES decontrolled, stronger systems controlled

Pros & Cons z Harder for terrorists to z Approval process get sensitive material complicated z NSA keeps its edge z “Bad guys will have crypto anyway” z Now, U. S. companies can compete z Infringes on free speech, academics

Key Escrow z. Technical issues: secret-sharing schemes z. Clipper (voice), Capstone (data) y. Algorithm is Skipjack, designed by NSA y. Each chip has a unit key, KU, held in escrow y. Law Enforcement Access Field (LEAF): xsession key encrypted with KU x. U encrypted with KF (fixed key) y 16 -bit checksum; invalid LEAFs disallowed z. Proposal never really caught on

American Standards z. Government standards: AES, SHA, HMAC y. Helps large companies choose secure systems, defend national infrastructure y. Bank doesn’t care whether NSA can break in y. If you don’t trust government, don’t use them z. What key length corresponds to “beyond reasonable doubt”? y. Expert witnesses, or government standards?

What’s your sign? z. What is a signature? z. Electronic Signatures in Global and National Commerce Act (E-Sign) y. Contract can’t be rejected because it’s digital y. Doesn’t apply to checks, wills, court filings, … z. Problem: as we’ve said, there are lots of ways to attack a digital signature scheme z. Courts will work this out, eventually

Divorce in Dubai z. Divorce in traditional Islamic law: y. Husband makes declaration to wife y. Let’s avoid religious argument; assume we live in a country in which this is the rule z. Dubai (in United Arab Emirates): y 16 recent divorces by cell phone text message z. Singapore, last week: y. Islamic authorities declared such divorces illegal y. Issues of authentication

©: All Rights Reserved? z. Can someone copyright encryption? z. Can you reverse-engineer your own hardware or software? z. What if encryption, digital watermarks interfere with fair use? z. Digital Millenium Copyright Act (DMCA) y 1998: Work which could be used for copyright violation is an illegal “circumvention device” z. We’ll look at a few cases

DVD encryption: theory z. Decryption key stored on DVD y. Not directly accessible by player y. But: piracy easy (copy DVD, key included) z 2 -way authentication with player’s key y. Each player uses one of 408 keys y. If one player is compromised, phase it out of future releases z. How secure is it? z. What if I want a Linux player?

DVD encryption: practice z 40 -bit keys z. One player was weak, key was broken y. Weakness just made attack even faster z. Scheme published; 216 attack found z. Can break encryption in 20 seconds z. MPAA prosecuting people who write, distribute tools to break encryption z. Last week: Pavlovich (lost jurisdiction battle)

Felten vs. SDMI z 1999: Secure Digital Music Initiative y. Record companies, RIAA, some techs y. Verance Corp. developed watermarking z 9/00: SDMI announces hack challenge z 11/00: Fentel et al. (Princeton, Rice) z. Broke the encryption; decided to publish z. Accepted for April conference, then pulled z. Slated for tomorrow at USENIX

e. Books ze. Books: convenient, easy to use, but easy to copy; publishers nervous z. Adobe provides a solution: locking y. Pro: can’t make illegal copies y. Con: fair use: extra copies, excerpts, resale z. You can resell or upgrade computers, but you have to contact the publisher z. What if the publisher no longer exists?

Adobe vs. Sklyarov z. Elcomsoft (Russian) broke encryption y. Legal in Russia; right to make backup y. Ph. D student Dmitry Sklyarov wrote code y. Elcomsoft sold 7 copies in US z 7/17: FBI arrested Sklyarov in Las Vegas z. Adobe has since dropped suit, but Sklyarov still charged with federal crime z. Sklyarov released on bail last week

Around the World z. European Software Directive (1993) y. User has right to make back-up y. Reverse-engineering permitted if it is “indispensable” for the purpose of achieving interoperability; may not be used to infringe copyright or conflict with the program owner’s “legitimate interests” z. Canada working on a DMCA-like law

Recommended Reading z. Discrete Logarithms, Diffie-Hellman y. Stallings, Section 6. 4 z. Elliptic Curves y. Stallings, Section 6. 5 z. Import/Export Laws yhttp: //www. rsa. com/rsalabs/faq/ z. DMCA cases yhttp: //www. eff. org/