1 / 7

Key Escrow as a Security and Recovery Device

Key Escrow as a Security and Recovery Device. Presented by: Kevin Ji, Maura Tresch, Eyan Townsend, Whitney Anderson, Turner Rooney, Dan Tulley. What is a Key Escrow System. Key Escrow is the use of a third party (the escrow service) to save and catalog private keys of encrypted e-mails.

bikita
Download Presentation

Key Escrow as a Security and Recovery Device

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Key Escrow as a Security and Recovery Device Presented by: Kevin Ji, Maura Tresch, Eyan Townsend, Whitney Anderson, Turner Rooney, Dan Tulley

  2. What is a Key Escrow System Key Escrow is the use of a third party (the escrow service) to save and catalog private keys of encrypted e-mails. Escrows will help government and law enforcement agencies access potentially dangerous messages.

  3. Necessity of Key Escrow for Law Enforcement • Frank Quattrone-Credit Suisse First Boston 2004 • Congressional Public Law Statement (Sec 801P.L. 90-351) • “Organized Criminals make extensive use of wire (and electronic) communications…and the interception of such communications …is an indispensable aid to law enforcement”

  4. Feasibility and Cost-Effectiveness • Senate Bill 909 of the 105th Congress (1997) proposed a key escrow system for government entities • Certificate Authorities (CAs) which already manage public keys, can manage private keys • Databases are more secure than transmissions

  5. Legitimacy of Implementing Key Escrow • US Code Art. 18 Sec. 2708(a) • “A governmental entity may require the disclosure by (an ISP) of the contents of a wire or electronic communication” • As long as a warrant has been issued, no notice to the subscriber/customer. • ISPs cannot uphold this article of the law without a Key Escrow System. • Grand Central Station Lockbox Example

  6. Possibly Counter-arguments and Why They Do Not Apply • Access by corrupt administrators • Key Escrows (and CAs) are only in business because of their integrity, they will not compromise this. (Banks will not give out your account numbers, etc.) • Access of Database by Intruders • Database more secure than transmission • Useless without the e-mail (normal hackers have nothing to gain).

  7. Conclusion • Key Escrow is necessary • Key Escrow is possible • Key Escrow is legal

More Related