• About ISSO
• Research Areas
• Projects
• Finished Projects and Archive
• Opensource Projects

Finished Projects

Cryptographic Technologies

International Cryptography Experiment (ICE)

Update on the International Cryptography Experiment
Trusted Information Systems, Inc.
by Dennis Branstad and David Balenson

Introduction
As the world moves into the information age, there is a growing need by individuals, corporations, and governments for improved protection of their sensitive information. At the same time, the availability of ubiquitous, high-security devices and information systems may threaten certain national security and law enforcement functions of a modern government.

The dilemma posed by these conflicting interests is causing emotional debates within many countries today. The lack of an acceptable solution is frustrating both government and business interests. Business groups within many western countries continue trying to convince their governments that the growing worldwide availability of cryptography makes further control of cryptographic export both futile and highly detrimental to the countries' economic interests.

In early 1994, Trusted Information Systems (TIS) first proposed an International Cryptography Experiment (ICE) to explore solutions to several problems in making cryptography internationally available while meeting various needs of users, the information systems industry, and national governments. The ICE project was described in the March 1994 issue of the DSL. Since then, TIS has widely publicized ICE and ARPA has funded us to coordinate ICE. And, while we have several participants, we continue to solicit participation in ICE. We are also learning about cryptographic interface efforts throughout the world.

This article briefly reviews the motivation for and goals and objectives of ICE and describes the progress to date and general plans for the next few years.

Goals and Approach
ICE is intended to promote the international use of cryptography in common computer software applications (i.e., word processors, spreadsheets, electronic mail systems) while honoring the controls on the use and export of cryptography found in the participating nations. The general approach being advocated by international organizations is to separate the performance of cryptographic operations from software applications that call for encryption of messages or files.

The use of Cryptographic Application Programming Interfaces (CAPIs) between a software application and the hardware or software actually performing the cryptography provides the best approach to establishing the needed separation. CAPIs also allow for cost-effective use of multi- application cryptography implementations as well as multi-cryptography applications.

ICE seeks to understand the many efforts underway in several countries to advance the general understanding of CAPIs and have their use coordinated in order to achieve acceptable international cryptographic- based security. ICE is not a standardization program, but standards could be derived from the results of ICE activities in a manner similar to that by which Internet standards evolve.

An International Solution
The solution proposed in the ICE project offers the advantages of freeing major software vendors to call upon specified security services in their products without specifying the required cryptographic operations while still allowing governments to retain control over the export, import, and use of cryptography. A program to define and use CAPIs internationally can be adopted through industrywide cooperation drawing from already available CAPI activities.

ICE calls for consortia of interested parties in industry and government to select existing or emerging CAPIs, incorporate these into software applications, and use them in experiments to analyze the effectiveness of the concept of separating an application from the specific cryptography used by the application. ICE consists of three phases:

1. CAPI Definition;
2. Product/Device Development; and
3. Experimental Use.

The definition phase is to identify an initial set of CAPIs for use in the experiment. These interfaces are under development by various organizations in the US, UK, Canada, and elsewhere. Various software applications built according to the CAPIs in addition to various security devices (tokens, software modules) providing the cryptographic-based security will be developed during Phase 2. As soon as applications and device implementations are available, Phase 3 will commence. Successful CAPIs may be proposed to International standards organizations for adoption as international standards either during or following the experimental phase.

Status of CAPI Development
There are a number of CAPIs that are being defined and planned for use at this time. In December 1994, the US National Institute of Standards and Technology (NIST) held a meeting to explore and facilitate the sharing of information regarding CAPI development in several countries. The meeting was attended by over 50 representatives of industry and government organizations. Government organizations represented at the meeting included NIST, NSA, NASA, ARPA, Defense Information Systems Agency (DISA), the UK MoD and Defense Research Agency (DRA), and the Canadian Communications Security Establishment (CSE). Industrial representatives included TIS, RSA Labs, Bell-Northern Research, Spyrus, IBM, Hewlett-Packard, National Semiconductor, Novell, Microsoft, Datakey, Litronic, Racal-Guardata, Uptronics, Anagram Labs, Bankers Trust, Fischer International, ICL, and PC Security Ltd. Public standards organizations represented at the meeting included X/Open, ANSI, and IEEE.

The meeting included presentations on:

• International Cryptography Experiment (ICE): one objective of ICE is to identify available CAPIs for integration into software applications on an international basis.
• UK MoD Security In Open Systems Technology Demonstration Programme: an objective of the SOS-TDP is to develop common cryptographic protection mechanisms and attempt to get them widely adopted by industry and government throughout the world. Supporters of the program are encouraging ICE as a potential means to establish a mass market for secure applications using strong cryptography.
• X/Open Security Working Group: currently developing a Cryptographic Service Model that includes the definition of APIs to enable development of secure applications using numerous security services. X/Open has adopted GSS-API as a preliminary specification and is now focusing on definition of a Generic Crypto Service API (GCS-API) for publication as a preliminary specification in early 1996.
• ANSI X9F1 Working Group: recently initiated an effort to define cryptographic interfaces for secure banking applications. The group has developed its requirements and a layered cryptographic service model and is looking to align its standards with other CAPI standards.
• IEEE Portable Application Standards Committee (PASC) Encryption API Study Group: the recently formed study group is exploring the feasibility of defining IEEE standard cryptographic service interfaces that enhance application portability.
• Generic Security Service API (GSS-API): initially developed in the early 90's, GSS-API has been adopted and used by numerous organizations and is currently under consideration as an Internet Standard. GSS-API defines a session-oriented service interface to distributed security technologies, implemented on top of multiple authentication and encryption technologies and enabling application portability.
• NIST Proposed Federal Information Processing Standard (FIPS) for Cryptographic Service Calls: NIST distributed a draft proposed CAPI standard for public comment in 1994. NIST is actively participating in several CAPI standardization efforts, including the X/Open and ANSI efforts, and is exploring convergence of the X/Open standards with their needs.
• NSA CAPI Goals, Architecture, and Requirements: the Network Security Group at NSA supports the development of APIs to implement comprehensive security services that use Fortezza.
• UK MoD Cryptographic Interface Study: a study, performed by Royal Holloway, University of London, for the UK MoD, analyzed existing CAPIs and recommended characteristics of a cryptographic interface considered acceptable to vendors for use in commercial products.
• RSA Labs Cryptoki - A Cryptographic Token Interface: this interface, recently completed, is designed to provide a device-level API to support the use of portable cryptographic devices in application programs. Cryptoki is an addition to the RSA Labs' series of Public- Key Cryptography Standards (PKCS).
• IBM Generic Crypto Services API (GCS-API): this proposed interface is modeled after GSS-API and is designed to be a high-level, algorithm-independent, application- independent API supporting secure applications. It was used in the X/Open GCS-API work.
• Northern-Telecom ENTRUST APIs: NT's family of ENTRUST products provides a comprehensive set of tools and services for secure distributed applications. The ENTRUST APIs use the GSS-API, built on a simple public-key authentication mechanism, to provide session- oriented protection. The APIs also define an extension, Independent Object Protection (IOP GSS-API), to provide off-line protection for data objects.
• Spyrus Extensions for Algorithm Agility (SPEX/aa): this low-level interface, based on the Fortezza interface, is designed to support a rich set of cryptographic functions and hardware/software implementations.

The initial phase of ICE will continue to review these efforts to identify practical CAPIs and attempt to coordinate their use in experiments with commonly available software applications.

While many of these activities are independent, there is emerging a layered CAPI framework into which the results of the activities may be effectively placed. ICE will utilize this framework as much as feasible.

Government Interactions
A major goal of ICE is the ability to export applications easily that call upon CAPIs but do not themselves contain any cryptographic functions. Currently, export of an application from the United States is not allowed if the application developer merely removes the cryptographic algorithm (e.g., DES) from a software application that provides data communication encryption in a manner such that the encryption algorithm could be added later with relative ease.

But application programs that use a CAPI are not the same as programs for which the specific cryptographic code has been deleted. In this case, the actual cryptography used is bound to the application not by the software vendor but by the user at the actual time of use. The choice of which cryptography to use is made at the time a message is sent or a file is saved, not at the time of manufacture of the program. The cryptographic interface may include some provisions for verifying that the algorithm being used conforms to the requirements of the country in which it is used and the country in which the device was produced.

The ICE project goals continue to be discussed with appropriate officials in the US government. While a blanket approval for the export of applications that use a CAPI is not assured, we are encouraged with the level of interest and cooperation of government officials in the past year, and we will continue to address the needs of all interested parties within the ICE project.

Current Plans
A second workshop of the ICE project is planned for September 18-19, 1995, in The Hague, The Netherlands. The ICE workshop is being hosted by Dr. Brian Gladman, the Deputy Director of the SHAPE Technical Centre. The specific aims of this ICE workshop are to review the progress in development of CAPIs, identify appropriate CAPIs for immediate international demonstration, nominate participants in cooperative international demonstrations, and set an agenda for the demonstrations. The international scope of the experiment will be stressed during the deliberations of the workshop.

Semi-annual international ICE workshops are planned, alternating between a US location and a foreign location. Information on these workshops and other ICE activities will be available from TIS via E-mail or the Web.

The proposal that TIS submitted to the US Advanced Research Projects Agency (ARPA) to support the ICE project was accepted and recently funded. TIS is to participate in CAPI standards activities. TIS is also to ensure that at least one publicly available application program is interfaced with the available CAPIs.

Discussions have begun with a number of software application developers with the intent of including them in ICE experiments. Sufficient suites of CAPIs and security device implementations are available, and there is now a need to consider application support. We are ready to aggressively pursue interactions with software applications developers and solicit parties interested in developing or using software applications that provide cryptographic functions using CAPIs. This will be proposed to the steering committee of CommerceNet for consideration as an official pilot project for its members. CommerceNet is a consortium of industry members working closely with government organizations seeking to utilize electronic commerce transactions. The results of this pilot could be used as a showcase for CAPIs in real electronic commerce applications.

TIS plans to work with many organizations internationally to acquire and implement a variety of cryptographic modules in several applications. A near-term plan is to integrate several modules into the TIS MIME Object Security Services (TIS/MOSS -- an enhancement of TIS/PEM) software. TIS is acquiring modules from several vendors and integrating them into TIS/MOSS using several CAPIs that are currently available. TIS/MOSS will be used for demonstrations of the CAPIs and the modules. Software developers and module manufacturers will be encouraged to view the demonstrations and join the ICE program with their products.

Additional Information
Individuals and organizations wishing to observe or participate in the ICE activities are encouraged to contact Trusted Information Systems, 3060 Rt. 97, Glenwood, MD, 21738 USA, 301-854-6889, send e-mail to ice@tis.com, or visit the ICE Web page by clicking here. If you would like to participate in ICE, please indicate if you are interested in application development, CAPI development, cryptographic service development, or secure application evaluation.