Page 677

Index

A

Access, 353

control, 26-27

defined, 55-56, 94n, 353

facilitators, 60-65

see also Back door access

inhibitors, 58-60

Advanced Research Projects Agency (ARPA), 237n

Memorandum of Agreement with Defense Information Systems Agency and National Security Agency (text of), 633-636

AECA, see Arms Export Control Act (AECA)

Algorithm, 378

and key length, 353

America Online, 42-43n, 148

American National Standards Institute (ANSI), 486

Anonymity, 43, 59, 480

ANSI, see American National Standards Institute (ANSI)

Applications programming interfaces, see Cryptographic applications programming interfaces (CAPI)

Arms Export Control Act (AECA), 114-116, 118, 255

text of, 558-573

ARPA, see Advanced Research Projects Agency (ARPA)

Assurance, 353

Asymmetric cryptography, 53-54, 63, 75, 313n, 353, 365-367, 375-377, 385-388

AT&T, 60, 70n, 419

Clipper phones, 174-175

Secure Telephone Unit (STU), 74-75, 235

Surity Telephone Device, 175

Attacks on cryptographic systems

for asymmetric cryptography, 63

brute-force search, 62-63, 124, 276, 287, 381

chosen plaintext, 381-382

ciphertext only, 287, 381

exploitation of design factors, 60-62

exploitation of operational errors, 383

known ciphertext, 390

known plaintext, 381

shortcuts, 63

for symmetric cryptography, 63

timing attacks, 63

work factor, 64n, 181, 214, 288

see also Information warfare (IW); Strong encryption

Audit trails, 3, 354, 370



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 677
Page 677 Index A Access, 353 control, 26-27 defined, 55-56, 94n, 353 facilitators, 60-65 see also Back door access inhibitors, 58-60 Advanced Research Projects Agency (ARPA), 237n Memorandum of Agreement with Defense Information Systems Agency and National Security Agency (text of), 633-636 AECA, see Arms Export Control Act (AECA) Algorithm, 378 and key length, 353 America Online, 42-43n, 148 American National Standards Institute (ANSI), 486 Anonymity, 43, 59, 480 ANSI, see American National Standards Institute (ANSI) Applications programming interfaces, see Cryptographic applications programming interfaces (CAPI) Arms Export Control Act (AECA), 114-116, 118, 255 text of, 558-573 ARPA, see Advanced Research Projects Agency (ARPA) Assurance, 353 Asymmetric cryptography, 53-54, 63, 75, 313n, 353, 365-367, 375-377, 385-388 AT&T, 60, 70n, 419 Clipper phones, 174-175 Secure Telephone Unit (STU), 74-75, 235 Surity Telephone Device, 175 Attacks on cryptographic systems for asymmetric cryptography, 63 brute-force search, 62-63, 124, 276, 287, 381 chosen plaintext, 381-382 ciphertext only, 287, 381 exploitation of design factors, 60-62 exploitation of operational errors, 383 known ciphertext, 390 known plaintext, 381 shortcuts, 63 for symmetric cryptography, 63 timing attacks, 63 work factor, 64n, 181, 214, 288 see also Information warfare (IW); Strong encryption Audit trails, 3, 354, 370

OCR for page 677
Page 678 Auditing, 354 Authentication of an identity, 354, 367-370, 374, 450, 468 defined, 354 of digital cash tokens, 478-479 of a file, 354 infrastructure for, 338-339 of a message, 354, 367 uses of, 42-43, 47, 123-125 see also Audit trails Authenticity, 354 Authorization, 354, 368n Availability, 354 B Back door access, 56 defined, 354 hidden, 201-201n, 203, 277 open, 276-277 see also Escrowed encryption Banking and finance services, vii, 23, 35-36n, 57, 123, 179, 312, 455-458, 470; see also Credit cards; Digital cash Binary digit, 354 Biometric identifiers, 368-369 Bit, 354 Bit stream, 355 Bollinger, Lee, 344 Bush, President George, 100 see also National Security Directive 42 C CALEA, see Communications Assistance for Law Enforcement Act of 1995 (CALEA) Cantwell bill, 254-255 CAPI, see Cryptographic applications programming interfaces (CAPI) Capstone chip, 176, 355 Capstone/Fortezza initiative, 10, 176-177, 179, 355 Caracristi, Ann, 344 CCL, see Commerce Control List (CCL) Cellular phones, 11, 67, 217, 295, 327-328 Central Intelligence Agency (CIA), 91n, 95, 100, 403, 422-423, 428-429 see also Executive Order 12333 and Executive Order 12472 CERT, see Computer Emergency Response Team (CERT) Certificate authorities, 75-77, 355, 450-454 infrastructure, 232-234 Certification, 355 Certification authority, 355 Checksum, 367 CIA, see Central Intelligence Agency (CIA) Ciphertext, 172n, 355, 374 Circumventing laws against unescrowed encryption, 269, 330 Civil liberties, viii, 44n, 44-46 Civiletti, Benjamin R., 344-345 CJ, see Commodity jurisdiction (CJ) Cleartext, 355 Clinton, President William, 95, 100 Clinton Administration, 41, 170, 235, 265-266, 303, 376 Clipper chip, xii, 171-174, 230, 355 initiative, 356, 376, 445n see also Escrowed Encryption Standard (EES) CMVP, see Cryptographic Module Validation Program (CMVP) CoCom, see Coordinating Committee (CoCom) nations Code grabbers, 42n Collateral cryptography, 356 Commerce Control List (CCL), 8n, 115, 117, 122, 125n, 135, 160n, 260 see also Export controls Commerce Department, see Department of Commerce Commodity jurisdiction (CJ), 8n, 115, 165, 260, 638-640 Communications, xii, 20, 53-54 Communications Assistance for Law Enforcement Act of 1995 (CALEA), 216-221, 278, 281, 503, 510-511 text of, 540-550 Competitive access providers, 356 Compuserve, 148, 431-432n Computer Emergency Response Team (CERT), 241-242 Computer Science and Telecommunications Board (CSTB), xviii-xix, 20n, 73n

OCR for page 677
Page 679 Computer Security Act of 1987, 235-236 text of, 551-557 Computer System Security and Privacy Advisory Board (CSSPAB), 242 Conference on Computers, Freedom, and Privacy, xvii, 45n, 219n Confidentiality, 17, 53-54, 123-125, 371-373 of communications, 356 of data, 356, 374 defined, 3, 79-81, 108 relative levels of, 181, 183, 254, 314 reliance upon authentication, 373 see also Cryptography; encryption Congress, see U.S. Congress Constitutional issues regarding laws on encryption, viii, 7, 85n, 160-161n, 271-273, 304 Coordinating Committee (CoCom) nations, 231, 251n, 310, 356, 434-436, 442, 639 Cordless phones, 218, 398n Countermeasure, 356 Credit cards, 22, 76, 481 Crime prevention, xv, 10, 47, 323, 472-473, 480 Criminalizing use of cryptography for criminal purposes, 12, 94, 273-274, 332-333 of unescrowed cryptography, 192, 265-273 Crook, Colin, 345 Cryptanalysis, 62, 379n, 380n of 40-bit encryption algorithms, 8n, 63, 73n, 115-117, 120-124, 276, 314-317 of 56-bit encryption algorithms, 8, 63, 71n, 121, 172, 288-289, 312, 316-318 defined, 356 see also Data Encryption Standard (DES); Strong encryption Cryptographic algorithms, 62-64, 159 defined, 356 secret, 171, 201-204 applications programming interfaces (CAPI), 259-262, 311, 474-476 sockets, 66, 127 systems, 374-377 attacks on, 378-383 see also Modularity; Key Cryptographic Module Validation Program (CMVP), 233 Cryptography for authentication, 3-4, 10, 55-56, 176, 324-327,469-472 for confidentiality, 3-4, 8-9, 54, 176, 296, 470-472 for criminal purposes, 3-4, 10-11, 43-43n, 84,91,303-304 for data integrity, 3-4, 10, 55, 176, 324-327, 472-473 defined, 356 domestic availabilty of, 72-74, 135, 138, 299, 310 foreign availabilty of, 4, 214, 308 history of, xii-xiii, 52-54, 149-150, 202, 364-365 in information security products, 65-66, 476 foreign, 132-133 market for, xii, 66-72, 135-136, 145-152, 310 for nonrepudiation, 55 as one element of information security, 10, 296, 298 regulations relevant to (text of), 637-677 strength of, 63, 152-153, 250 see also Encryption Cryptography policy, 16 adopting standards, 7, 222, 290, 316 committee recommendations on, viii-xvii, 1, 5-13, 303-339 current U.S. policies, xi, 6, 15, 111-112, 249, 298, 301 history of, 414-420 international dimensions of, 243-244, 430-431,438-449 process of formulating, viii, 226 public debate over, xvii, 4, 7, 297-298 urgency regarding, xv-xvi, 39-40, 151-152 proper objectives for, 57, 68, 297-303 role of executive and legislative branches, 7, 305 see also Executive branch; Legislative branch; Standards; U.S. Congress CSSPAB, see Computer System Security and Privacy Advisory Board (CSSPAB) CSTB, see Computer Science and Telecommunications Board (CSTB)

OCR for page 677
Page 680 D Dam, Kenneth W., Committee Chair, xv-xix, 343 DARPA, see Defense Advanced Research Projects Agency (DARPA) Data aggregation, 459-460 communications, 199, 441-442n versus data storage, 323-324, 528-529 compression, 270-270n, 304 integrity, 365-367, 374 Data Encryption Standard (DES), 72, 207, 223, 228-232, 288, 314-318, 334, 357, 365, 388-389, 417-420 triple-DES, 178, 203n, 214-215 Date/time stamping, 57, 357, 371n Decompiling, 204, 357 Decryption, 185, 357 see also Back door access; Cryptanalysis Decryption algorithm, 374 Defense Advanced Research Projects Agency (DARPA), 241 Defense Department, see Department of Defense Defense Information Systems Agency (DISA), 237-237n Defense Intelligence Agency (DIA), see Executive Order 12333 Denial of service, 357 Department of Commerce, 73, 117, 128n, 173, 176 see also Executive Order 12472; Commerce Control List (CCL) Department of Defense, 158, 187n, 237-238, 487n see also Executive Order 12333; Executive Order 12472 Department of Energy, see Executive Order 12333 Department of Justice, 274 Department of State, 114-117, 121-122, 126, 142-144, 162, 321 see also Executive Order 12333; Executive Order 12472 Department of the Treasury, 173, 176, 190, 468 see also Executive Order 12333 DES, see Data Encryption Standard (DES) Deutch, John, 97-98 DIA, see Defense Intelligence Agency (DIA) Differential work factor cryptography, 264, 287-288; see also Attacks on cryptographic systems Digests, 357 Digital cash, 339,477-482 information, 220, 280 signatures, 57, 226-227, 261, 326, 357, 367, 370 stream, 355 Digital Signature Standard (DSS), 176, 222-223, 225n, 229-230, 259, 301, 357, 418, 488 Digital Telephony Act, 357 see also Communications Assistance for Law Enforcement Act (CALEA) DISA, see Defense Information Systems Agency (DISA) Disassembly, 156n, 204, 215, 357 Disclosure of data, 357 DNA computing, 393-394 DOD, see Department of Defense Double encryption. See Multiple encryption DSS, see Digital Signature Standard (DSS) Dual-use system, 358 E EAA, see Export Administration Act (EAA) EAR, see Export Administration Regulations (EAR) Economic competitiveness of U.S. industry and businesses, 1-2, 37-40, 99 of U.S. information technology industry, x, 38-39, 73, 128-129, 155-156 espionage, 3, 46, 98 ECPA, see Electronic Communications Privacy Act (ECPA) EES, see Escrowed Encryption Standard (EES) Electromagnetic emissions, monitoring, 64, 397-398 Electronic commerce, vii, 24-26, 413, 478 surveillance defined, 587 history of, 218, 410-413

OCR for page 677
Page 681 legal requirements for, 84-88, 396-410 and minimization requirement, 218n, 219, 400-401,513 see also Foreign Intelligence Surveillance Act of 1978; U.S.Intelligence Activities; Wire and Electronic Communications Interception and Interception of Oral Communications Act Electronic Communications Privacy Act (ECPA), 396-403, 412-413 Elliptic curve cryptographic systems, 394 E-mail, 403-403n, 469 Encryption, 15-16 defined, 53, 58-59, 90n, 372 technicalities in legal definitions of, 269-270, 273-274, 303, 332 see also Confidentiality Encryption algorithm, 374 Error-correction, 366n Escrow agents, 77 affiliation of, 180, 189-193, 444 certification of, 175 liability of, 191, 197-198, 330, 452-454 number of, 180, 183n, 188n, 189-194, 212 responsibilities of, 180, 194-198, 330, 444-447, 452 trustworthiness of, 190 binding, 210-211,215 Escrowable encryption products, 182, 262 Escrowed encryption, 15-16, 61, 81, 298, 359 benefits of, 170 contract-based, 191-193, 263-264 defined, 167-169 economic implications, 177-182, 271, 330 government control of, 158, 266-268, 328-332 law enforcement benefits, 4, 9, 11, 184-187 liabilities, 184, 329 mandatory versus voluntary use, 185-188, 199, 265, 320-321 policy issues associated with, 170 proper escrowing, 177-178, 188, 213-214, 250n and signals intelligence, 175, 202-203 versus strong encryption, 169 weaknesses of, 183 see also Unescrowed encryption Escrowed Encryption Standard (EES), xvi, 9, 168-175, 181, 223, 301, 358, 419-420, 488 Evaluation, 358 Exceptional access, 16, 80-81, 109 business or corporate, 104-107 defined, 169n, 250, 358 end-user, 106-107, 320 government, 81-104, 297 time scale of operations, 94, 103 voice versus data communications, 281-284 Executive branch, role of, 7, 189-190, 231, 291-292, 305 Executive Order 12333 (U.S. Intelligence Activities), 573-589 Executive Order 12472 (Assignment of National Security and Emergency Preparedness Telecommunications Functions), 612-620 Executive Order 12958 (Classified National Security Information), 589-612 Export Administration Act (EAA), 114-115, 118, 255, 415 Export Administration Regulations (EAR), 115, 415-416 Part 779, Technical Data (text of), 656-677 Export controls, 7-9, 15, 249-251, 298, 307-322 circumvention of, 133 corporate perceptions of, 152-153 cryptography exemptions from, xi, 120-125, 144, 188, 256 description of, 114-122 dimensions of choice in, 252-253 of dual-use items, 8, 118, 162, 264, 310 economic impact of, 40, 153-154 effect on national security, 157-165 effect on sales, 145-153 effectiveness of, 127-134 elimination of, 251, 254 and end-use certification, 320 export defined, 142 foreign policy considerations, 162-163, 170

OCR for page 677
Page 682 history of, 414-415 impact on authentication products, 123-125 international harmonization of, 8, 243-244, 256-257, 443, 447-449 and liberal consideration, 117, 256-262, 317-318 licensing practices, current, 117, 122-127, 249-250 licensing process for, 9, 114, 142-144, 647-653, 667-669 limiting domestic availability, 7, 12, 134-138 of other nations, 257, 434-436 providing technical data, 9, 159-161, 313-314 rationale for, 113-114 stimulating foreign competition, 8, 155n, 155-159, 309 threshold between CCL and USML, 118-121, 138, 141, 254-255, 310-312, 415 of transnational corporations, 126 uncertainty of, 138-144, 251, 321-322 see also Arms Export Control Act (AECA); Commerce Control List (CCL); Export Administration Regulations (EAR); Foreign ownership, control or interest (FOCI); International Traffic in Arms Regulations (ITAR) Export defined, 641 F Facsimile communications, 2, 149 FAR, see Federal Acquisition Regulations (FAR) FBI, see Federal Bureau of Investigation (FBI) FCC, see Federal Communications Commission (FCC) Fear, uncertainty, doubt, 225-227 Federal Acquisition Regulations (FAR), 187n Federal Bureau of Investigation (FBI), 82-83, 88-90, 138n, 184, 236-237, 334n, 399, 423 see also Executive Order 12333 Federal Communications Commission (FCC), 220-221, 493 see also Executive Order 12472 Federal Emergency Management Agency (FEMA), see Executive Order 12472 Federal government, information security for, 289-292, 328-332 see also Computer Security Act of 1987 Federal Information Processing Standards (FIPS), 485-488 defined, 358 development of, 222-224 NIST role in, 222, 289-290 related to cryptography, 173, 176, 223, 418 Federal Reserve Board, 290-291 FEMA, see Federal Emergency Management Agency (FEMA) Fermat numbers, 386-387 FIPS, see Federal Information Processing Standards (FIPS) Firmware, 358 First party, 358 FISA, see Foreign Intelligence Surveillance Act (FISA) of 1978 FOCI, see Foreign ownership, control or interest (FOCI), U.S. companies under Foreign Intelligence Surveillance Act (FISA) of 1978, 87-88, 173, 189, 403-410,494 text of, 511-526 Foreign ownership, control or interest (FOCI), U.S. companies under, 126n Fortezza cards, 176-177, 225, 259-260, 468 Freeh, Louis, 92n-93n, 93-94, 268, 281 Freeware, 129n, 272 see also Internet Fuller, Samuel H., 345-346 Functionality, 358 G Gelb, Leslie H., 346 General Services Administration (GSA), see Executive Order 12472 GII, see Global information infrastructure (GII) Global information infrastructure (GII), 439-441n, 483 Globalization, 27-29, 38, 50, 188, 308, 430 GOSIP, see Government Open Systems Interconnect (OSI) Profile (GOSIP)

OCR for page 677
Page 683 Government classification, xiii, 4, 238, 307 see also Executive Order 12958 Government Open Systems Interconnect (OSI) Profile (GOSIP), 224-225 Government procurement, 225, 487n Graham, Ronald, xxxii, 346-347 GSA, see General Services Administration (GSA) H Hackers, 67n Hardware product implementations in, 65, 74, 205, 296, 369n security advantages of, 130 security disadvantages of, 206-209 Hashes, 367 see also One-way hash function; Secure hash algorithm; Secure Hash Standard Health care industry, 256, 457, 459-461 Hellman, Martin, 347 Hewlett-Packard, 261n Homologation laws, 437 I IBM, 228-229, 417-418 IDEA block cipher, 229 Identification, 358 Identification key, 358 IITF, see Information Infrastructure Task Force (IITF) Implementation, 358 Import controls, 114-115, 436-438 Information proprietary potential value of, 153-154 security, 15, 66-68, 294-295 government needs for, 10, 12, 46-48, 157-159, 240, 267, 302 private sector needs for, vii-viii, 12-13, 30-31, 40-46, 152-153, 302, 335-338 threats to, xii, 2-3, 32-38, 153-154, 239, 299 technologies, viii, xii, 19-21 need for research and development, 12 speed of change in, xv, 5, 281, 300-302 technology industry and economic security, 22-23, 46, 67-68 and national security, vii, xv, 3-4, 9-11, 47-48, 94-104, 157-159 U.S. leadership in, x, 38-39, 73, 128-129, 155-156, 299, 308-311 theory, 364 vulnerability, 15-50, 293-296 warfare (IW), 35, 49, 108 Information Infrastructure Task Force (IITF), 41, 242, 335, 483 Inman, Bobby, xiii, 267 Integrated product, 358 Integrity, 359 Integrity check, 359, 366 Intellectual property, protecting, 228-230, 465, 482-484 Intelligence community and the intelligence cycle, 10, 425-429 mission of, 95, 423-425 regulation of, 87, 404-405n, 408, 423 see also Central Intelligence Agency (CIA); Executive Order 12333; Federal Bureau of Investigation (FBI); Foreign Intelligence Surveilllance Act (FISA) of 1978; National Security Agency (NSA); SIGINT Interception, 286-289, 359, 399, 490, 492-510 Internal Revenue Service (IRS), 466-467 International aspects of cryptography policy, 243 similar and different national interests, viii-x, xiv-xv, 104, 431-434 U.S. cooperation with other nations, 102, 231-232, 331-332 see also Export controls; Import controls; Use controls International Traffic in Arms Regulations (ITAR), 114-116, 120, 127, 133- 137, 142, 159-161, 256, 359, 415-416, 476 excerpts from Parts 120-123, 125, and 126 (text of), 637-655 Internet, 21, 34-35, 59, 64, 86n, 106n, 221, 282, 432n growth of, 293 loan application by, 458 and networks, 52, 149 protocols, 224-225, 280-281

OCR for page 677
Page 684 software distributed on, 129-132, 268 see also Netscape Navigator; World Wide Web Interoperability, 150, 178, 439, 443 see also Standards Interpretation of digital streams, 220 IRS, see Internal Revenue Service (IRS) ITAR, see International Traffic in Arms Regulations (ITAR) IW, see Information warfare (IW) J Judicial branch, role of, 190 Justice Department, see Department of Justice K Katz, Ambassador Julius L., 347 KEAs, see Escrow agents Key defined, 202, 359, 378 distribution, 359 distribution center (KDC), 377 escrow. See Escrowed encryption escrow agents (KEAs). See Escrow agents escrow encryption, 359 generation, 211-213, 454 length, 63, 214-215,287-288,319,353,380 management, 53, 74-75, 133, 173, 223, 280, 359, 376-377 retrieval, 284-285 revocation, 105n, 213, 452 Key Exchange Algorithm, 176 L Latent demand, for cryptography products, 149-151 Law enforcement, 302 central decryption facility for, 285-286 impact of cryptography on, 3-4, 9-10, 90-94, 184-187, 322-335 impact of information technologies on, viii, 46-47, 333-335 infringing on civil liberties, viii, 45n, 93 requirements for escrowed encryption, 180, 194-197 and seizure of records, 81-83 technical center for, 334 wiretapping/electronic surveillance, see Electromagnetic emissions; Wiretapping see also Communications Assistance for Law Enforcement Act of 1995 (CALEA); Federal Bureau of Investigation (FBI); Executive Order 12333 Law enforcement access field (LEAF), 171-173 Layered encryption, 277 see also Multiple encryption LEAF, see Law enforcement access field (LEAF) Legislative branch, role of, 7, 199 Link encryption, 11-11 n, 274-276, 279, 327-328 Lost sales, 146-148, 214 M Manufacturing industry, 461-463, 469-470 see also Vendors Market development, 151-152 forces, xv, 7, 305-307 Master Card, see Credit cards Microsoft Windows NT, 135, 259-260 Modularity, 140-142, 223 Monitoring, 359 Moore's law, 63, 276, 385n Multiple encryption, 58-59, 178, 215, 383 Mutual Law Enforcement Assistance Treaties, 331, 446 N NACIC, see National Counterintelligence Center (NACIC) National Communications System (NCS), see Executive Order 12472 National Computer Security Center (NCSC), 232-233 National Counterintelligence Center (NACIC), 2, 242-243 National information infrastructure (NII), 235, 483

OCR for page 677
Page 685 National Institute of Standards and Technology (NIST), 228, 235-238, 335-337, 365, 418-420, 485-488 public-key infrastructure requirements, 450-454 see also Federal Information Processing Standards (FIPS) National Security Act of 1947, see Executive Order 12333 National Security Agency (NSA), xi, xiv, 158, 227-228, 235-241, 289, 335, 338, 416-420, 422-423 role in export licensing, 123n, 126, 128n, 141-144, 162, 256 role in Skipjack/Clipper, 173n, 174 see also Executive Order 12333 National Security Council (NSC), see National Security Directive 42; Executive Order 12333 National Security Directive 42 (text of), 620-628 National Security Telecommunications and Information Systems Security Committee (NSTISSC), see National Security Directive 42 NCS, see National Communications System (NCS) NCSC, see National Computer Security Center (NCSC) Netscape Navigator, 73n, 76, 124, 132n, 135, 208 Network Working Group, 280n Network-based encryption, 199, 278-281 Networks, 149 applications of, 282-284 backward compatibility issues, 151n vulnerabilities of, 52, 195, 274 Neumann, Peter G., 347-348 New Forum nations, 442; see also CoCom nations NII, see National information infrastructure (NII) NIST, see National Institute of Standards and Technology (NIST) Node, 359 Nonrepudiation, 359, 365, 370-371, 479 NSA, see National Security Agency (NSA) NSTISSC, see National Security Telecommunications and Information Systems Security Committee (NSTISSC) O Object code, 360 Object linking and embedding (OLE), 360, 475 OECD, see Organization for Economic Cooperation and Development (OECD) nations Office of Management and Budget (OMB), 335, 486-487 see also Executive Order 12958 OLE, see Object linking and embedding (OLE) OMB, see Office of Management and Budget (OMB) Omnibus Crime Control and Safe Streets Act, 396-397 One-way hash function, 360, 367 Online services, 217-218, 221 see also America Online; Compuserve; Netscape Navigator; Prodigy; World Wide Web Operating system, 360 Oral communications, see Wire and Electronic Communications Interception and Interception of Oral Communications Act Organization for Economic Cooperation and Development (OECD) nations, 244, 331, 442, 448 OSI, see Government Open Systems Interconnect (OSI) Profile (GOSIP) Ozzie, Raymond, 348 P Parallel processing, 63 Partial key escrow, 180 Password, 360 Patent and Trademark Office (PTO), 230 Patents, xii, 228-230 PCMCIA card (or PC-card), 176, 360, 468; see also Fortezza cards Pen Register and Traffic Analysis Act (text of), 526-540 Pen registers, 62, 84, 402 defined, 360, 540 Perry, William, 310 Personal identification number (PIN), 360 Petroleum industry, 463-465

OCR for page 677
Page 686 PGP, see Pretty Good Privacy (PGP) Pharmaceutical industry, 200, 465-466 PIN, see Personal identification number (PIN) Plaintext, 9, 53, 270, 355, 360, 374 Plug-in cryptography, see Cryptographic sockets Pretty Good Privacy (PGP), 76, 163-164, 182 Private-key cryptography, 360, 375 Prodigy, 148 Products certification and evaluation of, 70 cryptography, 148, 201-208 defaults, 250, 258 integrated or general-purpose, 65-66 stand-alone or security-specific, 65, 149, 208-211 weaknesses in, 74 Proper escrowing, see Escrowed encryption Proprietary algorithms, 70, 174, 203 verifying, 207n Protocol, 73 analyzers, 62 negotiation, 71 Pseudorandom function, 367 PSTN, see Public switched telecommunications network (PSTN) PTO, see Patent and Trademark Office (PTO) Public Cryptography Study Group, 267-268 Public Law 103-160, ix, xiv Public switched telecommunications network (PSTN), 11 counterintelligence access to, 534-535 national security/emergency preparedness (NS/EP) network, 35 vulnerability of, 34-37, 327-328 see also National Security Directive 42 Public-key certificate, 360-361 Public-key cryptography, 53, 70, 290, 296, 313, 353, 360, 375 see also NIST Q Quantum computing, 392-393 cryptography, 394-395 R RC2/RC4 algorithms, 361 Reagan, President Ronald, 99, 423 see also Executive Order 12333; Executive Order 12472 Real-time surveillance, 89-90, 103 Reliability, 361 Remailer, 361 Reverse engineering, 205, 210, 230, 361 Risks addressed by cryptography, 361, 469-473 RSA algorithm, 182, 227-229, 313n, 325, 361, 376 RSA Data Security Conference, 141n S Safety margins in key length, 361, 384-385 Satellite uplinks, 438 Schmults, Edward C., 348 Schneier, Bruce, 160n, 163-165 Second party, 361 Secrecy, xiii-xiv, 201-208, 307, 378 Secret-key cryptography, 53, 171, 366, 375 cryptosystem, 361, 383-384 Secure hash algorithm, 361-362, 370n Secure Hash Standard, 176, 223, 362 Secure Sockets Layer protocol, 124 Secure Telephone Unit (STU), 74-75, 235 Security, 362 Security Policy Board (SPB), 241 Security-specific cryptography product, 362 SED, see Shipper's Export Declaration (SED) Shannon, Claude, 364 Shareware, 362 Shipper's Export Declaration (SED), 119 SIGINT (Signals intelligence) and cryptography, 101-102, 114, 317, 335, 428 historical examples of, 96-99, 427 utility of, 87-88, 100-101, 174-175, 421-423, 470-471 Signaling System 7, 34 Skipjack algorithm, 171-172, 176, 201, 212n, 230, 362, 383, 391, 420 Slippery slope, 266 Smith, W.Y., Committee Vice Chair, 343-344

OCR for page 677
Page 687 Software advantages of, 191-192 backward compatibility, 151n, 151-152 disadvantages of, 62, 64, 130 integrated, 148 object-oriented, 137n, 140, 165 product implementations in, 20-21, 65, 204-205 Source code, 362 Sovereign immunity, 189, 199 SPB, see Security Policy Board (SPB) Specification, 362 Spillover effect, 123-125 Spoofing, 362, 367 Stand-alone cryptography product, 362 Standards, 70-71, 197, 222, 232-234, 254, 306, 485-486n, 551-556 State Department, see Department of State Steganography, 270n, 372-372n Stone, Elliot M., 348-349 Strategic intelligence, 97-101 Strong encryption, 101-102, 114, 123, 170, 254, 296, 382-383 STU, see Secure Telephone Unit (STU) STU-III, 362 Superencryption, 269, 438 Symmetric cryptography, 53-54, 172n, 362, 375-376 cryptosystem, 362 System, 362 T Tactical intelligence, 96-97 Taxation, 482 TCP/IP, 225 Telephony, see Facsimile communications; Voice communications TEMPEST techniques, 64 Third party access, 362-363 see also Exceptional access Threat, 363 Time stamping, 357 Title III intercept, see Wire and Electronic Communications Interception and Interception of Oral Communications Act Token, 363 TPEP, see Trusted Product Evaluation Program (TPEP) Traffic analysis, see Pen Register and Traffic Analysis Act Translucent cryptography, 277-278 Transparency, 185 Trap-and-trace devices, 84, 402 defined, 363, 540 see also Pen Register and Traffic Analysis Act Treasury Department, see Department of the Treasury Trojan horses, 56n, 64-65n, 363 Trust, 363, 480-482 Trusted Product Evaluation Program (TPEP), 233 Trustworthiness, 363, 379 Turner, Stansfield, 98 U Unescrowed encryption, 7, 181-183, 186-187, 199, 268-273, 303-304 United States Postal Service (USPS), 468 U.S. Code, Title 18, Chapter 119, see Wire and Electronic Communications Interception and Interception of Oral Communications Act (text of) U.S. Code, Title 18, Chapter 121 and 206, see Pen Register and Traffic Analysis Act (text of) U.S. Code, Title 22, Chapter 39, see Arms Export Control Act (AECA) U.S. Code, Title 50, Chapter 36, see Foreign Intelligence Surveillance Act of 1978 (text of) U.S. Congress, viii, 162, 187, 231, 305, 332-333 oversight by, 587 reports to, 508, 524-525, 539, 550, 561 see also Legislative branch, role of U.S. Munitions List (USML), 114-117, 125-127, 135-137, 140, 162-163, 389, 644-646 separating cryptography products on, 264 Use controls on cryptography, 436-438 USML, see U.S. Munitions List (USML) USPS, see United States Postal Service (USPS)

OCR for page 677
Page 688 V Vendors, role of, 140, 149-153, 191, 206, 274 VeriSign, 76 Viruses, 64, 206 Visa, see Credit cards Voice communications, secure, 174, 278-280 vs data communications, 199, 221, 280-281 Vulnerabilities, 24, 57, 293-296, 363 W Ware, Willis H., 349 Weak encryption, 29, 61-62, 101, 257-258, 276 Web of trust, 75-76 Windows NT, see Microsoft Windows NT Wire and Electronic Communications Interception and Interception of Oral Communications Act (text of), 489-511 Wireless communications, vii-viii, 61, 275, 279-280; see also Cellular phones; Cordless phones Wiretapping, 62, 103, 218-220, 439 legal framework governing, 84-88, 170 and protection of civil liberties, 44n, 285n, 285-286 utility of, 82-84 see also Electronic surveillance Work factor, 64n, 363 World Wide Web, 65n Z Zimmerman, Philip, 163-164