Abstract
The UK government is fielding an architecture for secure electronic mail based on the NSA’s Message Security Protocol, with a key escrow scheme inspired by Diffie-Hellman. Attempts have been made to have this protocol adopted by other governments and in various domestic applications. The declared policy goal is to entrench commercial key escrow while simultaneously creating a large enough market that software houses will support the protocol as a standard feature rather than charging extra for it.
We describe this protocol and show that, like the ‘Clipper’ proposal of a few years ago, it has a number of problems. It provides the worst of both secret and public key systems, without delivering the advantages of either; it does not support nonrepudiation; and there are serious problems with the replacement of compromised keys, the protection of security labels, and the support of complex or dynamic administrative structures.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
RJ Anderson, “Why Cryptosystems Fail”, in Communications of the ACM v 37 no 11 (Nov 94) pp 32–40
M Burmester, “On the Risk of Opening Distributed Keys”, in Advances in Cryptology — CRYPTO’ 94, Springer LNCS v 839 pp 308–317
M Burrows, M Abadi, RM Needham, “A Logic of Authentication”, in Proceedings of the Royal Society of London A v 426 (1989) pp 233–271
CESG, “Securing Electronic Mail within HMG — part 1: Infrastructure and Protocol” 21 March 1996, document T/3113TL/2776/11; available at URL http://www.rdg.opengroup.org/public/tech/security/pki/casm/casm.htm
W Diffie, ME Hellman, “New Directions in Cryptography”, in IEEE Transactions on Information Theory, IT-22 no 6 (November 1976) p 644–654
Electronic Privacy Information Center, 1996 EPIC Cryptography and Privacy Sourcebook, Washington, DC
US Department of Commerce, ‘Escrowed Encryption Standard’, FIPS PUB 185, February 1994
Y Frankel, M Yung, Escrow Encryption Systems Visited: Attacks, Analysis and Designs”, in Advances in Cryptology — CRYPTO 95, Springer LNCS v 963 pp 222–235
P Gutman, personal communication, July 96
D Herson, in interview with Kurt Westh Nielsen and Jérôme Thorel, 25 September 1996; Ingeniøren/Engineering Weekly 10/04/1996; available at http://www.ingenioeren.dk/redaktion/herson.htm
N Hickson, Department of Trade and Industry, speaking at ‘Information Security — Is IT Safe?’, IEE, Savoy Place, London, 27th June 1996
I Hollander, P Rajaram, C Tanno, “Kerberos on Wall Street”, in Usenix Security 96 pp 105–112
N Jefferies, C Mitchell, M Walker, “A Proposed Architecture for Trusted Third Party Services”, in proceedings of Cryptography Policy and Algorithms Conference, 3–5 July 1995, pp 67–81; published by Queensland University of Technology
N Jefferies, C Mitchell, M Walker, “A Proposed Architecture for Trusted Third Party Services”, in Cryptography: Policy and Algorithms, Springer LNCS v 1029 pp 98–104; also appeared at the Public Key Infrastructure Invitational Workshop at MITRE, Virginia, USA, in September 1995 and PKS’ 96 in Zürich on 1st October 1996
ID Jones, letter to R Anderson on behalf of GCHQ’s Communications Electronics Security Group; available at http://www.cs.berkeley.edu/~daw/GCHQ/
TMA Lomas, B Crispo, “A New Certification Scheme”, in Proceedings of the Fourth Cambridge Workshop on Cryptographic Protocols (1996), Springer LNCS series pp 19-32
TMA Lomas, MR Roe, “Forging a Clipper Message”, in Communications of the ACM v 37 no 12 (Dec 94) p 12
U.S. National Security Agency, ‘Secure Data Network System: Message Security Protocol (MSP)’, SDN.701, revision 4.0 (January 1996)
RM Needham, MD Schroder, “Using Encryption for Authentication in Large Networks of Computers”, in Communications of the ACM vol 21 no 12 (Dec 78) pp 993–999
BC Neuman, T Ts’o, “Kerberos: An Authentication Service for Computer Networks”, in IEEE Communications Magazine v 32 no 9 (Sep 94) pp 33–38
Press Association, “Move to Strengthen Information Security”, 06/10 1808
RL Rivest, “The RC5 Encryption Algorithm”, in Fast Software Encryption (1994), Springer LNCS v 1008 pp 86–96
Roßnagel A, “Institutionell-organisatorische Gestaltung informationstechnischer Sicherungsinfrostrukturen”, in Datenschutz und Datensicherung (5/95) pp 259–269
RL Rivest, B Lampson, “A Simple Distributed Security Infrastructure”, at http://theory.lcs.mit.edu/~rivest/publications.html
B Schneier, ‘Applied Cryptography — Protocols, Algorithms, and Source Code in C’ (second edition), John Wiley & Sons, New York, 1996
Zergo Ltd., ‘The use of encryption and related services with the NHSnet’, published by the NHS Executive Information Management Group 12/4/96, reference number E5254; available from the Department of Health, PO Box 410, Wetherby LS23 7LN; Fax +44 1937 845381
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1997 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Anderson, R., Roe, M. (1997). The GCHQ Protocol and Its Problems. In: Fumy, W. (eds) Advances in Cryptology — EUROCRYPT ’97. EUROCRYPT 1997. Lecture Notes in Computer Science, vol 1233. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-69053-0_11
Download citation
DOI: https://doi.org/10.1007/3-540-69053-0_11
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-62975-7
Online ISBN: 978-3-540-69053-5
eBook Packages: Springer Book Archive