National Academies Press: OpenBook
« Previous: N - Laws, Regulations, and Documents Relevant to Cryptography
Suggested Citation:"Index." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 677

Index

A

Access, 353

control, 26-27

defined, 55-56, 94n, 353

facilitators, 60-65

see also Back door access

inhibitors, 58-60

Advanced Research Projects Agency (ARPA), 237n

Memorandum of Agreement with Defense Information Systems Agency and National Security Agency (text of), 633-636

AECA, see Arms Export Control Act (AECA)

Algorithm, 378

and key length, 353

America Online, 42-43n, 148

American National Standards Institute (ANSI), 486

Anonymity, 43, 59, 480

ANSI, see American National Standards Institute (ANSI)

Applications programming interfaces, see Cryptographic applications programming interfaces (CAPI)

Arms Export Control Act (AECA), 114-116, 118, 255

text of, 558-573

ARPA, see Advanced Research Projects Agency (ARPA)

Assurance, 353

Asymmetric cryptography, 53-54, 63, 75, 313n, 353, 365-367, 375-377, 385-388

AT&T, 60, 70n, 419

Clipper phones, 174-175

Secure Telephone Unit (STU), 74-75, 235

Surity Telephone Device, 175

Attacks on cryptographic systems

for asymmetric cryptography, 63

brute-force search, 62-63, 124, 276, 287, 381

chosen plaintext, 381-382

ciphertext only, 287, 381

exploitation of design factors, 60-62

exploitation of operational errors, 383

known ciphertext, 390

known plaintext, 381

shortcuts, 63

for symmetric cryptography, 63

timing attacks, 63

work factor, 64n, 181, 214, 288

see also Information warfare (IW); Strong encryption

Audit trails, 3, 354, 370

Suggested Citation:"Index." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 678

Auditing, 354

Authentication

of an identity, 354, 367-370, 374, 450, 468

defined, 354

of digital cash tokens, 478-479

of a file, 354

infrastructure for, 338-339

of a message, 354, 367

uses of, 42-43, 47, 123-125

see also Audit trails

Authenticity, 354

Authorization, 354, 368n

Availability, 354

B

Back door

access, 56

defined, 354

hidden, 201-201n, 203, 277

open, 276-277

see also Escrowed encryption

Banking and finance services, vii, 23, 35-36n, 57, 123, 179, 312, 455-458, 470;

see also Credit cards; Digital cash

Binary digit, 354

Biometric identifiers, 368-369

Bit, 354

Bit stream, 355

Bollinger, Lee, 344

Bush, President George, 100

see also National Security Directive 42

C

CALEA, see Communications Assistance for Law Enforcement Act of 1995 (CALEA)

Cantwell bill, 254-255

CAPI, see Cryptographic applications programming interfaces (CAPI)

Capstone chip, 176, 355

Capstone/Fortezza initiative, 10, 176-177, 179, 355

Caracristi, Ann, 344

CCL, see Commerce Control List (CCL)

Cellular phones, 11, 67, 217, 295, 327-328

Central Intelligence Agency (CIA), 91n, 95, 100, 403, 422-423, 428-429

see also Executive Order 12333 and Executive Order 12472

CERT, see Computer Emergency Response Team (CERT)

Certificate

authorities, 75-77, 355, 450-454

infrastructure, 232-234

Certification, 355

Certification authority, 355

Checksum, 367

CIA, see Central Intelligence Agency (CIA)

Ciphertext, 172n, 355, 374

Circumventing laws against unescrowed encryption, 269, 330

Civil liberties, viii, 44n, 44-46

Civiletti, Benjamin R., 344-345

CJ, see Commodity jurisdiction (CJ)

Cleartext, 355

Clinton, President William, 95, 100

Clinton Administration, 41, 170, 235, 265-266, 303, 376

Clipper

chip, xii, 171-174, 230, 355

initiative, 356, 376, 445n

see also Escrowed Encryption Standard (EES)

CMVP, see Cryptographic Module Validation Program (CMVP)

CoCom, see Coordinating Committee (CoCom) nations

Code grabbers, 42n

Collateral cryptography, 356

Commerce Control List (CCL), 8n, 115, 117, 122, 125n, 135, 160n, 260

see also Export controls

Commerce Department, see Department of Commerce

Commodity jurisdiction (CJ), 8n, 115, 165, 260, 638-640

Communications, xii, 20, 53-54

Communications Assistance for Law Enforcement Act of 1995 (CALEA), 216-221, 278, 281, 503, 510-511

text of, 540-550

Competitive access providers, 356

Compuserve, 148, 431-432n

Computer Emergency Response Team (CERT), 241-242

Computer Science and Telecommunications Board (CSTB), xviii-xix, 20n, 73n

Suggested Citation:"Index." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 679

Computer Security Act of 1987, 235-236

text of, 551-557

Computer System Security and Privacy Advisory Board (CSSPAB), 242

Conference on Computers, Freedom, and Privacy, xvii, 45n, 219n

Confidentiality, 17, 53-54, 123-125, 371-373

of communications, 356

of data, 356, 374

defined, 3, 79-81, 108

relative levels of, 181, 183, 254, 314

reliance upon authentication, 373

see also Cryptography; encryption

Congress, see U.S. Congress

Constitutional issues regarding laws on encryption, viii, 7, 85n, 160-161n, 271-273, 304

Coordinating Committee (CoCom) nations, 231, 251n, 310, 356, 434-436, 442, 639

Cordless phones, 218, 398n

Countermeasure, 356

Credit cards, 22, 76, 481

Crime prevention, xv, 10, 47, 323, 472-473, 480

Criminalizing use

of cryptography for criminal purposes, 12, 94, 273-274, 332-333

of unescrowed cryptography, 192, 265-273

Crook, Colin, 345

Cryptanalysis, 62, 379n, 380n

of 40-bit encryption algorithms, 8n, 63, 73n, 115-117, 120-124, 276, 314-317

of 56-bit encryption algorithms, 8, 63, 71n, 121, 172, 288-289, 312, 316-318

defined, 356

see also Data Encryption Standard (DES); Strong encryption

Cryptographic

algorithms, 62-64, 159

defined, 356

secret, 171, 201-204

applications programming interfaces (CAPI), 259-262, 311, 474-476

sockets, 66, 127

systems, 374-377

attacks on, 378-383

see also Modularity; Key

Cryptographic Module Validation Program (CMVP), 233

Cryptography

for authentication, 3-4, 10, 55-56, 176, 324-327,469-472

for confidentiality, 3-4, 8-9, 54, 176, 296, 470-472

for criminal purposes, 3-4, 10-11, 43-43n, 84,91,303-304

for data integrity, 3-4, 10, 55, 176, 324-327, 472-473

defined, 356

domestic availabilty of, 72-74, 135, 138, 299, 310

foreign availabilty of, 4, 214, 308

history of, xii-xiii, 52-54, 149-150, 202, 364-365

in information security products, 65-66, 476

foreign, 132-133

market for, xii, 66-72, 135-136, 145-152, 310

for nonrepudiation, 55

as one element of information security, 10, 296, 298

regulations relevant to (text of), 637-677

strength of, 63, 152-153, 250

see also Encryption

Cryptography policy, 16

adopting standards, 7, 222, 290, 316

committee recommendations on, viii-xvii, 1, 5-13, 303-339

current U.S. policies, xi, 6, 15, 111-112, 249, 298, 301

history of, 414-420

international dimensions of, 243-244, 430-431,438-449

process of formulating, viii, 226

public debate over, xvii, 4, 7, 297-298

urgency regarding, xv-xvi, 39-40, 151-152

proper objectives for, 57, 68, 297-303

role of executive and legislative branches, 7, 305

see also Executive branch; Legislative branch; Standards; U.S. Congress

CSSPAB, see Computer System Security and Privacy Advisory Board (CSSPAB)

CSTB, see Computer Science and Telecommunications Board (CSTB)

Suggested Citation:"Index." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 680

D

Dam, Kenneth W., Committee Chair, xv-xix, 343

DARPA, see Defense Advanced Research Projects Agency (DARPA)

Data

aggregation, 459-460

communications, 199, 441-442n

versus data storage, 323-324, 528-529

compression, 270-270n, 304

integrity, 365-367, 374

Data Encryption Standard (DES), 72, 207, 223, 228-232, 288, 314-318, 334, 357, 365, 388-389, 417-420

triple-DES, 178, 203n, 214-215

Date/time stamping, 57, 357, 371n

Decompiling, 204, 357

Decryption, 185, 357

see also Back door access; Cryptanalysis

Decryption algorithm, 374

Defense Advanced Research Projects Agency (DARPA), 241

Defense Department, see Department of Defense

Defense Information Systems Agency (DISA), 237-237n

Defense Intelligence Agency (DIA), see Executive Order 12333

Denial of service, 357

Department of Commerce, 73, 117, 128n, 173, 176

see also Executive Order 12472; Commerce Control List (CCL)

Department of Defense, 158, 187n, 237-238, 487n

see also Executive Order 12333; Executive Order 12472

Department of Energy, see Executive Order 12333

Department of Justice, 274

Department of State, 114-117, 121-122, 126, 142-144, 162, 321

see also Executive Order 12333; Executive Order 12472

Department of the Treasury, 173, 176, 190, 468

see also Executive Order 12333

DES, see Data Encryption Standard (DES)

Deutch, John, 97-98

DIA, see Defense Intelligence Agency (DIA)

Differential work factor cryptography, 264, 287-288; see also Attacks on cryptographic systems

Digests, 357

Digital

cash, 339,477-482

information, 220, 280

signatures, 57, 226-227, 261, 326, 357, 367, 370

stream, 355

Digital Signature Standard (DSS), 176, 222-223, 225n, 229-230, 259, 301, 357, 418, 488

Digital Telephony Act, 357

see also Communications Assistance for Law Enforcement Act (CALEA)

DISA, see Defense Information Systems Agency (DISA)

Disassembly, 156n, 204, 215, 357

Disclosure of data, 357

DNA computing, 393-394

DOD, see Department of Defense

Double encryption. See Multiple encryption

DSS, see Digital Signature Standard (DSS)

Dual-use system, 358

E

EAA, see Export Administration Act (EAA)

EAR, see Export Administration Regulations (EAR)

Economic

competitiveness

of U.S. industry and businesses, 1-2, 37-40, 99

of U.S. information technology industry, x, 38-39, 73, 128-129, 155-156

espionage, 3, 46, 98

ECPA, see Electronic Communications Privacy Act (ECPA)

EES, see Escrowed Encryption Standard (EES)

Electromagnetic emissions, monitoring, 64, 397-398

Electronic

commerce, vii, 24-26, 413, 478

surveillance

defined, 587

history of, 218, 410-413

Suggested Citation:"Index." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 681

legal requirements for, 84-88, 396-410

and minimization requirement, 218n, 219, 400-401,513

see also Foreign Intelligence Surveillance Act of 1978; U.S.Intelligence Activities; Wire and Electronic Communications Interception and Interception of Oral Communications Act

Electronic Communications Privacy Act (ECPA), 396-403, 412-413

Elliptic curve cryptographic systems, 394

E-mail, 403-403n, 469

Encryption, 15-16

defined, 53, 58-59, 90n, 372

technicalities in legal definitions of, 269-270, 273-274, 303, 332

see also Confidentiality

Encryption algorithm, 374

Error-correction, 366n

Escrow

agents, 77

affiliation of, 180, 189-193, 444

certification of, 175

liability of, 191, 197-198, 330, 452-454

number of, 180, 183n, 188n, 189-194, 212

responsibilities of, 180, 194-198, 330, 444-447, 452

trustworthiness of, 190

binding, 210-211,215

Escrowable encryption products, 182, 262

Escrowed encryption, 15-16, 61, 81, 298, 359

benefits of, 170

contract-based, 191-193, 263-264

defined, 167-169

economic implications, 177-182, 271, 330

government control of, 158, 266-268, 328-332

law enforcement benefits, 4, 9, 11, 184-187

liabilities, 184, 329

mandatory versus voluntary use, 185-188, 199, 265, 320-321

policy issues associated with, 170

proper escrowing, 177-178, 188, 213-214, 250n

and signals intelligence, 175, 202-203

versus strong encryption, 169

weaknesses of, 183

see also Unescrowed encryption

Escrowed Encryption Standard (EES), xvi, 9, 168-175, 181, 223, 301, 358, 419-420, 488

Evaluation, 358

Exceptional access, 16, 80-81, 109

business or corporate, 104-107

defined, 169n, 250, 358

end-user, 106-107, 320

government, 81-104, 297

time scale of operations, 94, 103

voice versus data communications, 281-284

Executive branch, role of, 7, 189-190, 231, 291-292, 305

Executive Order 12333 (U.S. Intelligence Activities), 573-589

Executive Order 12472 (Assignment of National Security and Emergency Preparedness Telecommunications Functions), 612-620

Executive Order 12958 (Classified National Security Information), 589-612

Export Administration Act (EAA), 114-115, 118, 255, 415

Export Administration Regulations (EAR), 115, 415-416

Part 779, Technical Data (text of), 656-677

Export controls, 7-9, 15, 249-251, 298, 307-322

circumvention of, 133

corporate perceptions of, 152-153

cryptography exemptions from, xi, 120-125, 144, 188, 256

description of, 114-122

dimensions of choice in, 252-253

of dual-use items, 8, 118, 162, 264, 310

economic impact of, 40, 153-154

effect on national security, 157-165

effect on sales, 145-153

effectiveness of, 127-134

elimination of, 251, 254

and end-use certification, 320

export defined, 142

foreign policy considerations, 162-163, 170

Suggested Citation:"Index." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 682

history of, 414-415

impact on authentication products, 123-125

international harmonization of, 8, 243-244, 256-257, 443, 447-449

and liberal consideration, 117, 256-262, 317-318

licensing practices, current, 117, 122-127, 249-250

licensing process for, 9, 114, 142-144, 647-653, 667-669

limiting domestic availability, 7, 12, 134-138

of other nations, 257, 434-436

providing technical data, 9, 159-161, 313-314

rationale for, 113-114

stimulating foreign competition, 8, 155n, 155-159, 309

threshold between CCL and USML, 118-121, 138, 141, 254-255, 310-312, 415

of transnational corporations, 126

uncertainty of, 138-144, 251, 321-322

see also Arms Export Control Act (AECA); Commerce Control List (CCL); Export Administration Regulations (EAR); Foreign ownership, control or interest (FOCI); International Traffic in Arms Regulations (ITAR)

Export defined, 641

F

Facsimile communications, 2, 149

FAR, see Federal Acquisition Regulations (FAR)

FBI, see Federal Bureau of Investigation (FBI)

FCC, see Federal Communications Commission (FCC)

Fear, uncertainty, doubt, 225-227

Federal Acquisition Regulations (FAR), 187n

Federal Bureau of Investigation (FBI), 82-83, 88-90, 138n, 184, 236-237, 334n, 399, 423

see also Executive Order 12333

Federal Communications Commission (FCC), 220-221, 493

see also Executive Order 12472

Federal Emergency Management Agency (FEMA), see Executive Order 12472

Federal government, information security for, 289-292, 328-332

see also Computer Security Act of 1987

Federal Information Processing Standards (FIPS), 485-488

defined, 358

development of, 222-224

NIST role in, 222, 289-290

related to cryptography, 173, 176, 223, 418

Federal Reserve Board, 290-291

FEMA, see Federal Emergency Management Agency (FEMA)

Fermat numbers, 386-387

FIPS, see Federal Information Processing Standards (FIPS)

Firmware, 358

First party, 358

FISA, see Foreign Intelligence Surveillance Act (FISA) of 1978

FOCI, see Foreign ownership, control or interest (FOCI), U.S. companies under

Foreign Intelligence Surveillance Act (FISA) of 1978, 87-88, 173, 189, 403-410,494

text of, 511-526

Foreign ownership, control or interest (FOCI), U.S. companies under, 126n

Fortezza cards, 176-177, 225, 259-260, 468

Freeh, Louis, 92n-93n, 93-94, 268, 281

Freeware, 129n, 272

see also Internet

Fuller, Samuel H., 345-346

Functionality, 358

G

Gelb, Leslie H., 346

General Services Administration (GSA), see Executive Order 12472

GII, see Global information infrastructure (GII)

Global information infrastructure (GII), 439-441n, 483

Globalization, 27-29, 38, 50, 188, 308, 430

GOSIP, see Government Open Systems Interconnect (OSI) Profile (GOSIP)

Suggested Citation:"Index." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 683

Government classification, xiii, 4, 238, 307

see also Executive Order 12958

Government Open Systems Interconnect (OSI) Profile (GOSIP), 224-225

Government procurement, 225, 487n

Graham, Ronald, xxxii, 346-347

GSA, see General Services Administration (GSA)

H

Hackers, 67n

Hardware

product implementations in, 65, 74, 205, 296, 369n

security advantages of, 130

security disadvantages of, 206-209

Hashes, 367

see also One-way hash function; Secure hash algorithm; Secure Hash Standard

Health care industry, 256, 457, 459-461

Hellman, Martin, 347

Hewlett-Packard, 261n

Homologation laws, 437

I

IBM, 228-229, 417-418

IDEA block cipher, 229

Identification, 358

Identification key, 358

IITF, see Information Infrastructure Task Force (IITF)

Implementation, 358

Import controls, 114-115, 436-438

Information

proprietary

potential value of, 153-154

security, 15, 66-68, 294-295

government needs for, 10, 12, 46-48, 157-159, 240, 267, 302

private sector needs for, vii-viii, 12-13, 30-31, 40-46, 152-153, 302, 335-338

threats to, xii, 2-3, 32-38, 153-154, 239, 299

technologies, viii, xii, 19-21

need for research and development, 12

speed of change in, xv, 5, 281, 300-302

technology industry

and economic security, 22-23, 46, 67-68

and national security, vii, xv, 3-4, 9-11, 47-48, 94-104, 157-159

U.S. leadership in, x, 38-39, 73, 128-129, 155-156, 299, 308-311

theory, 364

vulnerability, 15-50, 293-296

warfare (IW), 35, 49, 108

Information Infrastructure Task Force (IITF), 41, 242, 335, 483

Inman, Bobby, xiii, 267

Integrated product, 358

Integrity, 359

Integrity check, 359, 366

Intellectual property, protecting, 228-230, 465, 482-484

Intelligence community

and the intelligence cycle, 10, 425-429

mission of, 95, 423-425

regulation of, 87, 404-405n, 408, 423

see also Central Intelligence Agency (CIA); Executive Order 12333; Federal Bureau of Investigation (FBI); Foreign Intelligence Surveilllance Act (FISA) of 1978; National Security Agency (NSA); SIGINT

Interception, 286-289, 359, 399, 490, 492-510

Internal Revenue Service (IRS), 466-467

International aspects of cryptography policy, 243

similar and different national interests, viii-x, xiv-xv, 104, 431-434

U.S. cooperation with other nations, 102, 231-232, 331-332

see also Export controls; Import controls; Use controls

International Traffic in Arms Regulations (ITAR), 114-116, 120, 127, 133- 137, 142, 159-161, 256, 359, 415-416, 476

excerpts from Parts 120-123, 125, and 126 (text of), 637-655

Internet, 21, 34-35, 59, 64, 86n, 106n, 221, 282, 432n

growth of, 293

loan application by, 458

and networks, 52, 149

protocols, 224-225, 280-281

Suggested Citation:"Index." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 684

software distributed on, 129-132, 268

see also Netscape Navigator; World Wide Web

Interoperability, 150, 178, 439, 443

see also Standards

Interpretation of digital streams, 220

IRS, see Internal Revenue Service (IRS)

ITAR, see International Traffic in Arms Regulations (ITAR)

IW, see Information warfare (IW)

J

Judicial branch, role of, 190

Justice Department, see Department of Justice

K

Katz, Ambassador Julius L., 347

KEAs, see Escrow agents

Key

defined, 202, 359, 378

distribution, 359

distribution center (KDC), 377

escrow. See Escrowed encryption

escrow agents (KEAs). See Escrow agents

escrow encryption, 359

generation, 211-213, 454

length, 63, 214-215,287-288,319,353,380

management, 53, 74-75, 133, 173, 223, 280, 359, 376-377

retrieval, 284-285

revocation, 105n, 213, 452

Key Exchange Algorithm, 176

L

Latent demand, for cryptography products, 149-151

Law enforcement, 302

central decryption facility for, 285-286

impact of cryptography on, 3-4, 9-10, 90-94, 184-187, 322-335

impact of information technologies on, viii, 46-47, 333-335

infringing on civil liberties, viii, 45n, 93

requirements for escrowed encryption, 180, 194-197

and seizure of records, 81-83

technical center for, 334

wiretapping/electronic surveillance, see Electromagnetic emissions; Wiretapping

see also Communications Assistance for Law Enforcement Act of 1995 (CALEA); Federal Bureau of Investigation (FBI); Executive Order 12333

Law enforcement access field (LEAF), 171-173

Layered encryption, 277

see also Multiple encryption

LEAF, see Law enforcement access field (LEAF)

Legislative branch, role of, 7, 199

Link encryption, 11-11 n, 274-276, 279, 327-328

Lost sales, 146-148, 214

M

Manufacturing industry, 461-463, 469-470

see also Vendors

Market

development, 151-152

forces, xv, 7, 305-307

Master Card, see Credit cards

Microsoft Windows NT, 135, 259-260

Modularity, 140-142, 223

Monitoring, 359

Moore's law, 63, 276, 385n

Multiple encryption, 58-59, 178, 215, 383

Mutual Law Enforcement Assistance Treaties, 331, 446

N

NACIC, see National Counterintelligence Center (NACIC)

National Communications System (NCS), see Executive Order 12472

National Computer Security Center (NCSC), 232-233

National Counterintelligence Center (NACIC), 2, 242-243

National information infrastructure (NII), 235, 483

Suggested Citation:"Index." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 685

National Institute of Standards and Technology (NIST), 228, 235-238, 335-337, 365, 418-420, 485-488

public-key infrastructure requirements, 450-454

see also Federal Information Processing Standards (FIPS)

National Security Act of 1947, see Executive Order 12333

National Security Agency (NSA), xi, xiv, 158, 227-228, 235-241, 289, 335, 338, 416-420, 422-423

role in export licensing, 123n, 126, 128n, 141-144, 162, 256

role in Skipjack/Clipper, 173n, 174

see also Executive Order 12333

National Security Council (NSC), see National Security Directive 42; Executive Order 12333

National Security Directive 42 (text of), 620-628

National Security Telecommunications and Information Systems Security Committee (NSTISSC), see National Security Directive 42

NCS, see National Communications System (NCS)

NCSC, see National Computer Security Center (NCSC)

Netscape Navigator, 73n, 76, 124, 132n, 135, 208

Network Working Group, 280n

Network-based encryption, 199, 278-281

Networks, 149

applications of, 282-284

backward compatibility issues, 151n

vulnerabilities of, 52, 195, 274

Neumann, Peter G., 347-348

New Forum nations, 442;

see also CoCom nations

NII, see National information infrastructure (NII)

NIST, see National Institute of Standards and Technology (NIST)

Node, 359

Nonrepudiation, 359, 365, 370-371, 479

NSA, see National Security Agency (NSA)

NSTISSC, see National Security Telecommunications and Information Systems Security Committee (NSTISSC)

O

Object code, 360

Object linking and embedding (OLE), 360, 475

OECD, see Organization for Economic Cooperation and Development (OECD) nations

Office of Management and Budget (OMB), 335, 486-487

see also Executive Order 12958

OLE, see Object linking and embedding (OLE)

OMB, see Office of Management and Budget (OMB)

Omnibus Crime Control and Safe Streets Act, 396-397

One-way hash function, 360, 367

Online services, 217-218, 221

see also America Online; Compuserve; Netscape Navigator; Prodigy; World Wide Web

Operating system, 360

Oral communications, see Wire and Electronic Communications Interception and Interception of Oral Communications Act

Organization for Economic Cooperation and Development (OECD) nations, 244, 331, 442, 448

OSI, see Government Open Systems Interconnect (OSI) Profile (GOSIP)

Ozzie, Raymond, 348

P

Parallel processing, 63

Partial key escrow, 180

Password, 360

Patent and Trademark Office (PTO), 230

Patents, xii, 228-230

PCMCIA card (or PC-card), 176, 360, 468;

see also Fortezza cards

Pen Register and Traffic Analysis Act (text of), 526-540

Pen registers, 62, 84, 402

defined, 360, 540

Perry, William, 310

Personal identification number (PIN), 360

Petroleum industry, 463-465

Suggested Citation:"Index." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 686

PGP, see Pretty Good Privacy (PGP)

Pharmaceutical industry, 200, 465-466

PIN, see Personal identification number (PIN)

Plaintext, 9, 53, 270, 355, 360, 374

Plug-in cryptography, see Cryptographic sockets

Pretty Good Privacy (PGP), 76, 163-164, 182

Private-key cryptography, 360, 375

Prodigy, 148

Products

certification and evaluation of, 70

cryptography, 148, 201-208

defaults, 250, 258

integrated or general-purpose, 65-66

stand-alone or security-specific, 65, 149, 208-211

weaknesses in, 74

Proper escrowing, see Escrowed encryption

Proprietary algorithms, 70, 174, 203

verifying, 207n

Protocol, 73

analyzers, 62

negotiation, 71

Pseudorandom function, 367

PSTN, see Public switched telecommunications network (PSTN)

PTO, see Patent and Trademark Office (PTO)

Public Cryptography Study Group, 267-268

Public Law 103-160, ix, xiv

Public switched telecommunications network (PSTN), 11

counterintelligence access to, 534-535

national security/emergency preparedness (NS/EP) network, 35

vulnerability of, 34-37, 327-328

see also National Security Directive 42

Public-key certificate, 360-361

Public-key cryptography, 53, 70, 290, 296, 313, 353, 360, 375

see also NIST

Q

Quantum

computing, 392-393

cryptography, 394-395

R

RC2/RC4 algorithms, 361

Reagan, President Ronald, 99, 423

see also Executive Order 12333; Executive Order 12472

Real-time surveillance, 89-90, 103

Reliability, 361

Remailer, 361

Reverse engineering, 205, 210, 230, 361

Risks addressed by cryptography, 361, 469-473

RSA algorithm, 182, 227-229, 313n, 325, 361, 376

RSA Data Security Conference, 141n

S

Safety margins in key length, 361, 384-385

Satellite uplinks, 438

Schmults, Edward C., 348

Schneier, Bruce, 160n, 163-165

Second party, 361

Secrecy, xiii-xiv, 201-208, 307, 378

Secret-key

cryptography, 53, 171, 366, 375

cryptosystem, 361, 383-384

Secure hash algorithm, 361-362, 370n

Secure Hash Standard, 176, 223, 362

Secure Sockets Layer protocol, 124

Secure Telephone Unit (STU), 74-75, 235

Security, 362

Security Policy Board (SPB), 241

Security-specific cryptography product, 362

SED, see Shipper's Export Declaration (SED)

Shannon, Claude, 364

Shareware, 362

Shipper's Export Declaration (SED), 119

SIGINT (Signals intelligence)

and cryptography, 101-102, 114, 317, 335, 428

historical examples of, 96-99, 427

utility of, 87-88, 100-101, 174-175, 421-423, 470-471

Signaling System 7, 34

Skipjack algorithm, 171-172, 176, 201, 212n, 230, 362, 383, 391, 420

Slippery slope, 266

Smith, W.Y., Committee Vice Chair, 343-344

Suggested Citation:"Index." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 687

Software

advantages of, 191-192

backward compatibility, 151n, 151-152

disadvantages of, 62, 64, 130

integrated, 148

object-oriented, 137n, 140, 165

product implementations in, 20-21, 65, 204-205

Source code, 362

Sovereign immunity, 189, 199

SPB, see Security Policy Board (SPB)

Specification, 362

Spillover effect, 123-125

Spoofing, 362, 367

Stand-alone cryptography product, 362

Standards, 70-71, 197, 222, 232-234, 254, 306, 485-486n, 551-556

State Department, see Department of State

Steganography, 270n, 372-372n

Stone, Elliot M., 348-349

Strategic intelligence, 97-101

Strong encryption, 101-102, 114, 123, 170, 254, 296, 382-383

STU, see Secure Telephone Unit (STU)

STU-III, 362

Superencryption, 269, 438

Symmetric

cryptography, 53-54, 172n, 362, 375-376

cryptosystem, 362

System, 362

T

Tactical intelligence, 96-97

Taxation, 482

TCP/IP, 225

Telephony, see Facsimile communications; Voice communications

TEMPEST techniques, 64

Third party access, 362-363

see also Exceptional access

Threat, 363

Time stamping, 357

Title III intercept, see Wire and Electronic Communications Interception and Interception of Oral Communications Act

Token, 363

TPEP, see Trusted Product Evaluation Program (TPEP)

Traffic analysis, see Pen Register and Traffic Analysis Act

Translucent cryptography, 277-278

Transparency, 185

Trap-and-trace devices, 84, 402

defined, 363, 540

see also Pen Register and Traffic Analysis Act

Treasury Department, see Department of the Treasury

Trojan horses, 56n, 64-65n, 363

Trust, 363, 480-482

Trusted Product Evaluation Program (TPEP), 233

Trustworthiness, 363, 379

Turner, Stansfield, 98

U

Unescrowed encryption, 7, 181-183, 186-187, 199, 268-273, 303-304

United States Postal Service (USPS), 468

U.S. Code, Title 18, Chapter 119, see Wire and Electronic Communications Interception and Interception of Oral Communications Act (text of)

U.S. Code, Title 18, Chapter 121 and 206, see Pen Register and Traffic Analysis Act (text of)

U.S. Code, Title 22, Chapter 39, see Arms Export Control Act (AECA)

U.S. Code, Title 50, Chapter 36, see Foreign Intelligence Surveillance Act of 1978 (text of)

U.S. Congress, viii, 162, 187, 231, 305, 332-333

oversight by, 587

reports to, 508, 524-525, 539, 550, 561

see also Legislative branch, role of

U.S. Munitions List (USML), 114-117, 125-127, 135-137, 140, 162-163, 389, 644-646

separating cryptography products on, 264

Use controls on cryptography, 436-438

USML, see U.S. Munitions List (USML)

USPS, see United States Postal Service (USPS)

Suggested Citation:"Index." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×

Page 688

V

Vendors, role of, 140, 149-153, 191, 206, 274

VeriSign, 76

Viruses, 64, 206

Visa, see Credit cards

Voice communications, secure, 174, 278-280

vs data communications, 199, 221, 280-281

Vulnerabilities, 24, 57, 293-296, 363

W

Ware, Willis H., 349

Weak encryption, 29, 61-62, 101, 257-258, 276

Web of trust, 75-76

Windows NT, see Microsoft Windows NT

Wire and Electronic Communications Interception and Interception of Oral Communications Act (text of), 489-511

Wireless communications, vii-viii, 61, 275, 279-280; see also Cellular phones; Cordless phones

Wiretapping, 62, 103, 218-220, 439

legal framework governing, 84-88, 170

and protection of civil liberties, 44n, 285n, 285-286

utility of, 82-84

see also Electronic surveillance

Work factor, 64n, 363

World Wide Web, 65n

Z

Zimmerman, Philip, 163-164

Suggested Citation:"Index." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 677
Suggested Citation:"Index." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 678
Suggested Citation:"Index." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 679
Suggested Citation:"Index." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 680
Suggested Citation:"Index." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 681
Suggested Citation:"Index." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 682
Suggested Citation:"Index." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 683
Suggested Citation:"Index." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 684
Suggested Citation:"Index." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 685
Suggested Citation:"Index." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 686
Suggested Citation:"Index." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 687
Suggested Citation:"Index." National Research Council. 1996. Cryptography's Role in Securing the Information Society. Washington, DC: The National Academies Press. doi: 10.17226/5131.
×
Page 688
Cryptography's Role in Securing the Information Society Get This Book
×
Buy Hardback | $80.00 Buy Ebook | $64.99
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

For every opportunity presented by the information age, there is an opening to invade the privacy and threaten the security of the nation, U.S. businesses, and citizens in their private lives. The more information that is transmitted in computer-readable form, the more vulnerable we become to automated spying. It's been estimated that some 10 billion words of computer-readable data can be searched for as little as $1. Rival companies can glean proprietary secrets . . . anti-U.S. terrorists can research targets . . . network hackers can do anything from charging purchases on someone else's credit card to accessing military installations. With patience and persistence, numerous pieces of data can be assembled into a revealing mosaic.

Cryptography's Role in Securing the Information Society addresses the urgent need for a strong national policy on cryptography that promotes and encourages the widespread use of this powerful tool for protecting of the information interests of individuals, businesses, and the nation as a whole, while respecting legitimate national needs of law enforcement and intelligence for national security and foreign policy purposes. This book presents a comprehensive examination of cryptography—the representation of messages in code—and its transformation from a national security tool to a key component of the global information superhighway. The committee enlarges the scope of policy options and offers specific conclusions and recommendations for decision makers.

Cryptography's Role in Securing the Information Society explores how all of us are affected by information security issues: private companies and businesses; law enforcement and other agencies; people in their private lives. This volume takes a realistic look at what cryptography can and cannot do and how its development has been shaped by the forces of supply and demand. How can a business ensure that employees use encryption to protect proprietary data but not to conceal illegal actions? Is encryption of voice traffic a serious threat to legitimate law enforcement wiretaps? What is the systemic threat to the nation's information infrastructure? These and other thought-provoking questions are explored.

Cryptography's Role in Securing the Information Society provides a detailed review of the Escrowed Encryption Standard (known informally as the Clipper chip proposal), a federal cryptography standard for telephony promulgated in 1994 that raised nationwide controversy over its "Big Brother" implications. The committee examines the strategy of export control over cryptography: although this tool has been used for years in support of national security, it is increasingly criticized by the vendors who are subject to federal export regulation.

The book also examines other less well known but nevertheless critical issues in national cryptography policy such as digital telephony and the interplay between international and national issues. The themes of Cryptography's Role in Securing the Information Society are illustrated throughout with many examples—some alarming and all instructive—from the worlds of government and business as well as the international network of hackers. This book will be of critical importance to everyone concerned about electronic security: policymakers, regulators, attorneys, security officials, law enforcement agents, business leaders, information managers, program developers, privacy advocates, and Internet users.

  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    Switch between the Original Pages, where you can read the report as it appeared in print, and Text Pages for the web version, where you can highlight and search the text.

    « Back Next »
  6. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  7. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  8. ×

    View our suggested citation for this chapter.

    « Back Next »
  9. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!