Finished Projects
Cryptographic Technologies
Policy-Based Cryptographic Key Release Systems
Cryptographic Key Release Language Design and Specification
Overview
TIS has completed the initial design and prototype implementation of a
Policy-Based Cryptographic Key Release system that meets a broad set of
requirements. The goal was to develop an automated system that unifies
and enforces the rules for key release specified by the owner of
encrypted information and by all organizations having jurisdiction over
the information. The key release policy (KRP) specification language
provides a flexible vehicle for users and organizations to
describe/select an appropriate policy for releasing each key that is
protecting information under their control. Emphasis was placed on
specifying a language that is easy to use and is understandable by users
as well as computers. The language design incorporates several policy
specification concepts developed in the research community and extends
these results in a cohesive security structure supporting multiple
security domains.
A prototype cryptographic key release system was developed and demonstrated which enforced dynamic and flexible authorization rules controlling key release. The system allows a set of authorization rules, collectively called a key release policy, to be created to control the release of a key. Provisions are included for: specifying who (by identity or role) can establish rules; specifying the precedence of rules established by different people or different organizations for the same data; and combining the rules provided by all these people and organizations into a single policy.
Generic requirements of various interests (e.g., individuals, corporations, jurisdictional organizations) in commercial cryptographic systems and for military organizations in unclassified applications were identified. Requirements for international computer network applications, such as international trade or commerce, were considered in the design model.
1.1 Background
All users of modern computer networks want to control and protect their
information with high assurance. Military commanders require the ability
to share vital and sensitive information with one group of allies one
day and a different group the next day. Federal users need to
disseminate public information about their programs widely but must be
able to control and protect the information obtained in response to
these programs. Corporations want control over their valuable, sensitive
information, including that created by employees working on independent
projects. Individual computer users want assurance that they can access
their archived personal or financial information, including in times of
crises such as the death of the creator of the information.
Click Here to view a graphical explanation.
1.2 Scope
The initial task was to design and develop a prototype key release
language that meets the requirements of private users, commercial
organizations, and a variety of government users, including military
personnel for unclassified applications. The second part of this task is
to design a flexible system that can be built easily but that provides
appropriate assurance (in a quantified manner) that the rules
established for the release of a cryptographic key will be followed. The
term "key release" as used in this statement means to provide the key or
a copy of a key to a person (identified by a specific identity or role)
in accordance with a specific and auditable set of policy rules. The
goal was to support both normal and emergency distribution of
cryptographic keys.
Key release, a subset of a larger topic termed key management, includes rules covering special requirements such as long-term key archiving and emergency key recovery. A key management policy may be as simple as generating one's own key, keeping it in a personal data storage encryption that the "owner" specifies, and never releasing to anyone but the owner. It may be as complex as specifying all the individuals and roles having authorization to access all the categories of sensitive information of an organization.
A key release policy may be easy to articulate at a "high" level but may be complex to specify in sufficient detail for a computer to enforce. The key release system needs to encompass individual-based policies, group-based policies, role-based policies, context- or environment-based policies, and authorization-based policies. The initial key release policy specification language includes both the syntax and semantics of the language. A prototype key release administration system implemented the initial key release policy language developed in this project. It included security support services such as user authentication and simple key release audit for demonstration purposes.
1.3 Technical Rationale and Plan for Achieving Goals
The first phase of the project included identifying generic requirements
for key release by potential users, their managers (for organizational
users), and organizations having jurisdiction in the location of use. A
set of real and hypothetical requirements was identified. A
representative set of requirements were defined for designing the
initial release system without attempting to be comprehensive or
complete.
Release Language using the set of real and theoretical requirements for key release, an initial release authorization language, was developed. Exemplary scenarios were defined (e.g.; a multinational military communication system, an individual's personal-records management system, a family's financial system, a corporate vital records system) for which key release policies were created. An initial set of release rules was developed, and a specification language was designed in which the rules were expressed. The system did not impose constraints on who could get access to encrypted data or what justified the authorized access but focused on establishing a rich syntactic language in which diverse requirements (i.e., rules) for key release could be expressed. The prototype system focused on automated methods of meeting the requirements (i.e., enforcing the rules). Emphasis was on developing mathematical, logical, and computational tools that provided controlled key release in accordance with a specific policy.
A formal language was designed that includes sets (e.g., keys, persons, groups, roles, organizations), relationships (e.g., MEMBER_OF, PRIORITY_N, SUBORTINATE_TO), constraints (e.g., BEFORE, AFTER), events (e.g., TIME, RELEASED), and conditions (e.g., DEFCON, CLOSED). Various key release policies were then specified for releasing the keys used to encrypt various data objects in various scenarios.
1.4 Government Coordination
Activities of this task were coordinated with the staffs of DARPA, NSA,
NIST, and FBI. Points of contact were established within each
organization that provided policy guidance and technical assistance and
reviewed the results of the task.\
1.5 Personnel
The personnel selected to perform this task provide technical expertise,
security experience, and organizational representation for this topic.
Robert Rosenthal was the DARPA program manager responsible for
overseeing the project. Dennis Branstad was the principal investigator
(PI) on the task. David McGrew, Jeff Cook, and Sue Rho are TIS staff
that provided policy administration system design, policy specification
language, and formal policy analysis expertise and support. Dorothy
Denning has done extensive work with law enforcement organizations in
seeking to devise cryptographic systems in accordance with the laws of
the U.S. Burt Kaliski has worked extensively with numerous commercial
organizations in designing cryptographic algorithms for commercial
applications. Russ Housley and Warwick Ford provided input on military
and international security issues, respectively.
2.0 Deliverables
The primary deliverable of Part 1 of this task was the Key Release
Language design. A set of requirement specifications was used in
designing the language. PVS was used as a computer-based language
verifier. The language was developed using formal methods as much as was
feasible.
3.0. Status
The initial language design and prototype system implementation were
completed in 1997. A design review and initial system demonstration were
conducted in March 1997. TIS staff, the DARPA program manager,
government coordinators, and several project consultants participated.
The initial key release security requirements, language design, system
architecture, and policy examples were reviewed. Demonstrations of the
prototype policy administration system and initial formal policy
analysis system were given. Feedback from the project consultants,
government coordinators, and program manager was positive with specific
suggestions for refinement provided. Final reports of the initial task
are being prepared.
The DARPA/ITO Project Summary provides more information on recent accomplishments and plans.