 |
 |
|||||||
Read
more than 3,000 books online FREE! More than 900 PDFs now available
for sale |
||||||||
|
||||||||
|
Questions? Call 888-624-8373
| ||||||||
|
||||||||||||||
| Cryptography's Role in Securing the Information Society
(1996) Computer Science and Telecommunications Board (CSTB) |
|
| |||||||||||
|
|
|
|||||||||
|
The following HTML text is provided to enhance online readability. Many aspects of typography translate only awkwardly to HTML. Please use the page image as the authoritative form to ensure accuracy. Page 677
IndexAAccess, 353 control, 26-27 facilitators, 60-65 see also Back door access inhibitors, 58-60 Advanced Research Projects Agency (ARPA), 237n Memorandum of Agreement with Defense Information Systems Agency and National Security Agency (text of), 633-636 AECA, see Arms Export Control Act (AECA) Algorithm, 378 and key length, 353 American National Standards Institute (ANSI), 486 ANSI, see American National Standards Institute (ANSI) Applications programming interfaces, see Cryptographic applications programming interfaces (CAPI) Arms Export Control Act (AECA), 114-116, 118, 255 text of, 558-573 ARPA, see Advanced Research Projects Agency (ARPA) Assurance, 353 Asymmetric cryptography, 53-54, 63, 75, 313n, 353, 365-367, 375-377, 385-388 Clipper phones, 174-175 Secure Telephone Unit (STU), 74-75, 235 Surity Telephone Device, 175 Attacks on cryptographic systems for asymmetric cryptography, 63 brute-force search, 62-63, 124, 276, 287, 381 chosen plaintext, 381-382 exploitation of design factors, 60-62 exploitation of operational errors, 383 known ciphertext, 390 known plaintext, 381 shortcuts, 63 for symmetric cryptography, 63 timing attacks, 63 work factor, 64n, 181, 214, 288 see also Information warfare (IW); Strong encryption |
| ||||||||||
| |||||||||||||||||||
The Open Book page image presentation framework is not designed to replace printed books. Rather, it is a free, browsable, nonproprietary, fully and deeply searchable version of the publication which we can inexpensively and quickly produce to make the material available worldwide.
For most effective printing, use the "printable PDF page" link available on each OpenBook page's tool block. The 300 x 150 dpi PDF linked to it is printable on your local printer.
More information on the Open Book is available.
| [ Top of Page ] [ Home ] [ Contact Us ] [ Help ] [ The National Academies Home ] | ||
Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter.
Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.
OCR for page 677
Page 677
Index A Access, 353
control, 26-27
defined, 55-56, 94n, 353
facilitators, 60-65
see also Back door access
inhibitors, 58-60
Advanced Research Projects Agency (ARPA), 237n
Memorandum of Agreement with Defense Information Systems Agency and National Security Agency (text of), 633-636
AECA, see Arms Export Control Act (AECA)
Algorithm, 378
and key length, 353
America Online, 42-43n, 148
American National Standards Institute (ANSI), 486
Anonymity, 43, 59, 480
ANSI, see American National Standards Institute (ANSI)
Applications programming interfaces, see Cryptographic applications programming interfaces (CAPI)
Arms Export Control Act (AECA), 114-116, 118, 255
text of, 558-573
ARPA, see Advanced Research Projects Agency (ARPA)
Assurance, 353
Asymmetric cryptography, 53-54, 63, 75, 313n, 353, 365-367, 375-377, 385-388
AT&T, 60, 70n, 419
Clipper phones, 174-175
Secure Telephone Unit (STU), 74-75, 235
Surity Telephone Device, 175
Attacks on cryptographic systems
for asymmetric cryptography, 63
brute-force search, 62-63, 124, 276, 287, 381
chosen plaintext, 381-382
ciphertext only, 287, 381
exploitation of design factors, 60-62
exploitation of operational errors, 383
known ciphertext, 390
known plaintext, 381
shortcuts, 63
for symmetric cryptography, 63
timing attacks, 63
work factor, 64n, 181, 214, 288
see also Information warfare (IW); Strong encryption
Audit trails, 3, 354, 370
OCR for page 678
Page 678
Auditing, 354
Authentication
of an identity, 354, 367-370, 374, 450, 468
defined, 354
of digital cash tokens, 478-479
of a file, 354
infrastructure for, 338-339
of a message, 354, 367
uses of, 42-43, 47, 123-125
see also Audit trails
Authenticity, 354
Authorization, 354, 368n
Availability, 354
B Back door
access, 56
defined, 354
hidden, 201-201n, 203, 277
open, 276-277
see also Escrowed encryption
Banking and finance services, vii, 23, 35-36n, 57, 123, 179, 312, 455-458, 470;
see also Credit cards; Digital cash
Binary digit, 354
Biometric identifiers, 368-369
Bit, 354
Bit stream, 355
Bollinger, Lee, 344
Bush, President George, 100
see also National Security Directive 42
C CALEA, see Communications Assistance for Law Enforcement Act of 1995 (CALEA)
Cantwell bill, 254-255
CAPI, see Cryptographic applications programming interfaces (CAPI)
Capstone chip, 176, 355
Capstone/Fortezza initiative, 10, 176-177, 179, 355
Caracristi, Ann, 344
CCL, see Commerce Control List (CCL)
Cellular phones, 11, 67, 217, 295, 327-328
Central Intelligence Agency (CIA), 91n, 95, 100, 403, 422-423, 428-429
see also Executive Order 12333 and Executive Order 12472
CERT, see Computer Emergency Response Team (CERT)
Certificate
authorities, 75-77, 355, 450-454
infrastructure, 232-234
Certification, 355
Certification authority, 355
Checksum, 367
CIA, see Central Intelligence Agency (CIA)
Ciphertext, 172n, 355, 374
Circumventing laws against unescrowed encryption, 269, 330
Civil liberties, viii, 44n, 44-46
Civiletti, Benjamin R., 344-345
CJ, see Commodity jurisdiction (CJ)
Cleartext, 355
Clinton, President William, 95, 100
Clinton Administration, 41, 170, 235, 265-266, 303, 376
Clipper
chip, xii, 171-174, 230, 355
initiative, 356, 376, 445n
see also Escrowed Encryption Standard (EES)
CMVP, see Cryptographic Module Validation Program (CMVP)
CoCom, see Coordinating Committee (CoCom) nations
Code grabbers, 42n
Collateral cryptography, 356
Commerce Control List (CCL), 8n, 115, 117, 122, 125n, 135, 160n, 260
see also Export controls
Commerce Department, see Department of Commerce
Commodity jurisdiction (CJ), 8n, 115, 165, 260, 638-640
Communications, xii, 20, 53-54
Communications Assistance for Law Enforcement Act of 1995 (CALEA), 216-221, 278, 281, 503, 510-511
text of, 540-550
Competitive access providers, 356
Compuserve, 148, 431-432n
Computer Emergency Response Team (CERT), 241-242
Computer Science and Telecommunications Board (CSTB), xviii-xix, 20n, 73n
OCR for page 679
Page 679
Computer Security Act of 1987, 235-236
text of, 551-557
Computer System Security and Privacy Advisory Board (CSSPAB), 242
Conference on Computers, Freedom, and Privacy, xvii, 45n, 219n
Confidentiality, 17, 53-54, 123-125, 371-373
of communications, 356
of data, 356, 374
defined, 3, 79-81, 108
relative levels of, 181, 183, 254, 314
reliance upon authentication, 373
see also Cryptography; encryption
Congress, see U.S. Congress
Constitutional issues regarding laws on encryption, viii, 7, 85n, 160-161n, 271-273, 304
Coordinating Committee (CoCom) nations, 231, 251n, 310, 356, 434-436, 442, 639
Cordless phones, 218, 398n
Countermeasure, 356
Credit cards, 22, 76, 481
Crime prevention, xv, 10, 47, 323, 472-473, 480
Criminalizing use
of cryptography for criminal purposes, 12, 94, 273-274, 332-333
of unescrowed cryptography, 192, 265-273
Crook, Colin, 345
Cryptanalysis, 62, 379n, 380n
of 40-bit encryption algorithms, 8n, 63, 73n, 115-117, 120-124, 276, 314-317
of 56-bit encryption algorithms, 8, 63, 71n, 121, 172, 288-289, 312, 316-318
defined, 356
see also Data Encryption Standard (DES); Strong encryption
Cryptographic
algorithms, 62-64, 159
defined, 356
secret, 171, 201-204
applications programming interfaces (CAPI), 259-262, 311, 474-476
sockets, 66, 127
systems, 374-377
attacks on, 378-383
see also Modularity; Key
Cryptographic Module Validation Program (CMVP), 233
Cryptography
for authentication, 3-4, 10, 55-56, 176, 324-327,469-472
for confidentiality, 3-4, 8-9, 54, 176, 296, 470-472
for criminal purposes, 3-4, 10-11, 43-43n, 84,91,303-304
for data integrity, 3-4, 10, 55, 176, 324-327, 472-473
defined, 356
domestic availabilty of, 72-74, 135, 138, 299, 310
foreign availabilty of, 4, 214, 308
history of, xii-xiii, 52-54, 149-150, 202, 364-365
in information security products, 65-66, 476
foreign, 132-133
market for, xii, 66-72, 135-136, 145-152, 310
for nonrepudiation, 55
as one element of information security, 10, 296, 298
regulations relevant to (text of), 637-677
strength of, 63, 152-153, 250
see also Encryption
Cryptography policy, 16
adopting standards, 7, 222, 290, 316
committee recommendations on, viii-xvii, 1, 5-13, 303-339
current U.S. policies, xi, 6, 15, 111-112, 249, 298, 301
history of, 414-420
international dimensions of, 243-244, 430-431,438-449
process of formulating, viii, 226
public debate over, xvii, 4, 7, 297-298
urgency regarding, xv-xvi, 39-40, 151-152
proper objectives for, 57, 68, 297-303
role of executive and legislative branches, 7, 305
see also Executive branch; Legislative branch; Standards; U.S. Congress
CSSPAB, see Computer System Security and Privacy Advisory Board (CSSPAB)
CSTB, see Computer Science and Telecommunications Board (CSTB)
OCR for page 680
Page 680
D Dam, Kenneth W., Committee Chair, xv-xix, 343
DARPA, see Defense Advanced Research Projects Agency (DARPA)
Data
aggregation, 459-460
communications, 199, 441-442n
versus data storage, 323-324, 528-529
compression, 270-270n, 304
integrity, 365-367, 374
Data Encryption Standard (DES), 72, 207, 223, 228-232, 288, 314-318, 334, 357, 365, 388-389, 417-420
triple-DES, 178, 203n, 214-215
Date/time stamping, 57, 357, 371n
Decompiling, 204, 357
Decryption, 185, 357
see also Back door access; Cryptanalysis
Decryption algorithm, 374
Defense Advanced Research Projects Agency (DARPA), 241
Defense Department, see Department of Defense
Defense Information Systems Agency (DISA), 237-237n
Defense Intelligence Agency (DIA), see Executive Order 12333
Denial of service, 357
Department of Commerce, 73, 117, 128n, 173, 176
see also Executive Order 12472; Commerce Control List (CCL)
Department of Defense, 158, 187n, 237-238, 487n
see also Executive Order 12333; Executive Order 12472
Department of Energy, see Executive Order 12333
Department of Justice, 274
Department of State, 114-117, 121-122, 126, 142-144, 162, 321
see also Executive Order 12333; Executive Order 12472
Department of the Treasury, 173, 176, 190, 468
see also Executive Order 12333
DES, see Data Encryption Standard (DES)
Deutch, John, 97-98
DIA, see Defense Intelligence Agency (DIA)
Differential work factor cryptography, 264, 287-288; see also Attacks on cryptographic systems
Digests, 357
Digital
cash, 339,477-482
information, 220, 280
signatures, 57, 226-227, 261, 326, 357, 367, 370
stream, 355
Digital Signature Standard (DSS), 176, 222-223, 225n, 229-230, 259, 301, 357, 418, 488
Digital Telephony Act, 357
see also Communications Assistance for Law Enforcement Act (CALEA)
DISA, see Defense Information Systems Agency (DISA)
Disassembly, 156n, 204, 215, 357
Disclosure of data, 357
DNA computing, 393-394
DOD, see Department of Defense
Double encryption. See Multiple encryption
DSS, see Digital Signature Standard (DSS)
Dual-use system, 358
E EAA, see Export Administration Act (EAA)
EAR, see Export Administration Regulations (EAR)
Economic
competitiveness
of U.S. industry and businesses, 1-2, 37-40, 99
of U.S. information technology industry, x, 38-39, 73, 128-129, 155-156
espionage, 3, 46, 98
ECPA, see Electronic Communications Privacy Act (ECPA)
EES, see Escrowed Encryption Standard (EES)
Electromagnetic emissions, monitoring, 64, 397-398
Electronic
commerce, vii, 24-26, 413, 478
surveillance
defined, 587
history of, 218, 410-413
OCR for page 681
Page 681
legal requirements for, 84-88, 396-410
and minimization requirement, 218n, 219, 400-401,513
see also Foreign Intelligence Surveillance Act of 1978; U.S.Intelligence Activities; Wire and Electronic Communications Interception and Interception of Oral Communications Act
Electronic Communications Privacy Act (ECPA), 396-403, 412-413
Elliptic curve cryptographic systems, 394
E-mail, 403-403n, 469
Encryption, 15-16
defined, 53, 58-59, 90n, 372
technicalities in legal definitions of, 269-270, 273-274, 303, 332
see also Confidentiality
Encryption algorithm, 374
Error-correction, 366n
Escrow
agents, 77
affiliation of, 180, 189-193, 444
certification of, 175
liability of, 191, 197-198, 330, 452-454
number of, 180, 183n, 188n, 189-194, 212
responsibilities of, 180, 194-198, 330, 444-447, 452
trustworthiness of, 190
binding, 210-211,215
Escrowable encryption products, 182, 262
Escrowed encryption, 15-16, 61, 81, 298, 359
benefits of, 170
contract-based, 191-193, 263-264
defined, 167-169
economic implications, 177-182, 271, 330
government control of, 158, 266-268, 328-332
law enforcement benefits, 4, 9, 11, 184-187
liabilities, 184, 329
mandatory versus voluntary use, 185-188, 199, 265, 320-321
policy issues associated with, 170
proper escrowing, 177-178, 188, 213-214, 250n
and signals intelligence, 175, 202-203
versus strong encryption, 169
weaknesses of, 183
see also Unescrowed encryption
Escrowed Encryption Standard (EES), xvi, 9, 168-175, 181, 223, 301, 358, 419-420, 488
Evaluation, 358
Exceptional access, 16, 80-81, 109
business or corporate, 104-107
defined, 169n, 250, 358
end-user, 106-107, 320
government, 81-104, 297
time scale of operations, 94, 103
voice versus data communications, 281-284
Executive branch, role of, 7, 189-190, 231, 291-292, 305
Executive Order 12333 (U.S. Intelligence Activities), 573-589
Executive Order 12472 (Assignment of National Security and Emergency Preparedness Telecommunications Functions), 612-620
Executive Order 12958 (Classified National Security Information), 589-612
Export Administration Act (EAA), 114-115, 118, 255, 415
Export Administration Regulations (EAR), 115, 415-416
Part 779, Technical Data (text of), 656-677
Export controls, 7-9, 15, 249-251, 298, 307-322
circumvention of, 133
corporate perceptions of, 152-153
cryptography exemptions from, xi, 120-125, 144, 188, 256
description of, 114-122
dimensions of choice in, 252-253
of dual-use items, 8, 118, 162, 264, 310
economic impact of, 40, 153-154
effect on national security, 157-165
effect on sales, 145-153
effectiveness of, 127-134
elimination of, 251, 254
and end-use certification, 320
export defined, 142
foreign policy considerations, 162-163, 170
OCR for page 682
Page 682
history of, 414-415
impact on authentication products, 123-125
international harmonization of, 8, 243-244, 256-257, 443, 447-449
and liberal consideration, 117, 256-262, 317-318
licensing practices, current, 117, 122-127, 249-250
licensing process for, 9, 114, 142-144, 647-653, 667-669
limiting domestic availability, 7, 12, 134-138
of other nations, 257, 434-436
providing technical data, 9, 159-161, 313-314
rationale for, 113-114
stimulating foreign competition, 8, 155n, 155-159, 309
threshold between CCL and USML, 118-121, 138, 141, 254-255, 310-312, 415
of transnational corporations, 126
uncertainty of, 138-144, 251, 321-322
see also Arms Export Control Act (AECA); Commerce Control List (CCL); Export Administration Regulations (EAR); Foreign ownership, control or interest (FOCI); International Traffic in Arms Regulations (ITAR)
Export defined, 641
F Facsimile communications, 2, 149
FAR, see Federal Acquisition Regulations (FAR)
FBI, see Federal Bureau of Investigation (FBI)
FCC, see Federal Communications Commission (FCC)
Fear, uncertainty, doubt, 225-227
Federal Acquisition Regulations (FAR), 187n
Federal Bureau of Investigation (FBI), 82-83, 88-90, 138n, 184, 236-237, 334n, 399, 423
see also Executive Order 12333
Federal Communications Commission (FCC), 220-221, 493
see also Executive Order 12472
Federal Emergency Management Agency (FEMA), see Executive Order 12472
Federal government, information security for, 289-292, 328-332
see also Computer Security Act of 1987
Federal Information Processing Standards (FIPS), 485-488
defined, 358
development of, 222-224
NIST role in, 222, 289-290
related to cryptography, 173, 176, 223, 418
Federal Reserve Board, 290-291
FEMA, see Federal Emergency Management Agency (FEMA)
Fermat numbers, 386-387
FIPS, see Federal Information Processing Standards (FIPS)
Firmware, 358
First party, 358
FISA, see Foreign Intelligence Surveillance Act (FISA) of 1978
FOCI, see Foreign ownership, control or interest (FOCI), U.S. companies under
Foreign Intelligence Surveillance Act (FISA) of 1978, 87-88, 173, 189, 403-410,494
text of, 511-526
Foreign ownership, control or interest (FOCI), U.S. companies under, 126n
Fortezza cards, 176-177, 225, 259-260, 468
Freeh, Louis, 92n-93n, 93-94, 268, 281
Freeware, 129n, 272
see also Internet
Fuller, Samuel H., 345-346
Functionality, 358
G Gelb, Leslie H., 346
General Services Administration (GSA), see Executive Order 12472
GII, see Global information infrastructure (GII)
Global information infrastructure (GII), 439-441n, 483
Globalization, 27-29, 38, 50, 188, 308, 430
GOSIP, see Government Open Systems Interconnect (OSI) Profile (GOSIP)
OCR for page 683
Page 683
Government classification, xiii, 4, 238, 307
see also Executive Order 12958
Government Open Systems Interconnect (OSI) Profile (GOSIP), 224-225
Government procurement, 225, 487n
Graham, Ronald, xxxii, 346-347
GSA, see General Services Administration (GSA)
H Hackers, 67n
Hardware
product implementations in, 65, 74, 205, 296, 369n
security advantages of, 130
security disadvantages of, 206-209
Hashes, 367
see also One-way hash function; Secure hash algorithm; Secure Hash Standard
Health care industry, 256, 457, 459-461
Hellman, Martin, 347
Hewlett-Packard, 261n
Homologation laws, 437
I IBM, 228-229, 417-418
IDEA block cipher, 229
Identification, 358
Identification key, 358
IITF, see Information Infrastructure Task Force (IITF)
Implementation, 358
Import controls, 114-115, 436-438
Information
proprietary
potential value of, 153-154
security, 15, 66-68, 294-295
government needs for, 10, 12, 46-48, 157-159, 240, 267, 302
private sector needs for, vii-viii, 12-13, 30-31, 40-46, 152-153, 302, 335-338
threats to, xii, 2-3, 32-38, 153-154, 239, 299
technologies, viii, xii, 19-21
need for research and development, 12
speed of change in, xv, 5, 281, 300-302
technology industry
and economic security, 22-23, 46, 67-68
and national security, vii, xv, 3-4, 9-11, 47-48, 94-104, 157-159
U.S. leadership in, x, 38-39, 73, 128-129, 155-156, 299, 308-311
theory, 364
vulnerability, 15-50, 293-296
warfare (IW), 35, 49, 108
Information Infrastructure Task Force (IITF), 41, 242, 335, 483
Inman, Bobby, xiii, 267
Integrated product, 358
Integrity, 359
Integrity check, 359, 366
Intellectual property, protecting, 228-230, 465, 482-484
Intelligence community
and the intelligence cycle, 10, 425-429
mission of, 95, 423-425
regulation of, 87, 404-405n, 408, 423
see also Central Intelligence Agency (CIA); Executive Order 12333; Federal Bureau of Investigation (FBI); Foreign Intelligence Surveilllance Act (FISA) of 1978; National Security Agency (NSA); SIGINT
Interception, 286-289, 359, 399, 490, 492-510
Internal Revenue Service (IRS), 466-467
International aspects of cryptography policy, 243
similar and different national interests, viii-x, xiv-xv, 104, 431-434
U.S. cooperation with other nations, 102, 231-232, 331-332
see also Export controls; Import controls; Use controls
International Traffic in Arms Regulations (ITAR), 114-116, 120, 127, 133- 137, 142, 159-161, 256, 359, 415-416, 476
excerpts from Parts 120-123, 125, and 126 (text of), 637-655
Internet, 21, 34-35, 59, 64, 86n, 106n, 221, 282, 432n
growth of, 293
loan application by, 458
and networks, 52, 149
protocols, 224-225, 280-281
OCR for page 684
Page 684
software distributed on, 129-132, 268
see also Netscape Navigator; World Wide Web
Interoperability, 150, 178, 439, 443
see also Standards
Interpretation of digital streams, 220
IRS, see Internal Revenue Service (IRS)
ITAR, see International Traffic in Arms Regulations (ITAR)
IW, see Information warfare (IW)
J Judicial branch, role of, 190
Justice Department, see Department of Justice
K Katz, Ambassador Julius L., 347
KEAs, see Escrow agents
Key
defined, 202, 359, 378
distribution, 359
distribution center (KDC), 377
escrow. See Escrowed encryption
escrow agents (KEAs). See Escrow agents
escrow encryption, 359
generation, 211-213, 454
length, 63, 214-215,287-288,319,353,380
management, 53, 74-75, 133, 173, 223, 280, 359, 376-377
retrieval, 284-285
revocation, 105n, 213, 452
Key Exchange Algorithm, 176
L Latent demand, for cryptography products, 149-151
Law enforcement, 302
central decryption facility for, 285-286
impact of cryptography on, 3-4, 9-10, 90-94, 184-187, 322-335
impact of information technologies on, viii, 46-47, 333-335
infringing on civil liberties, viii, 45n, 93
requirements for escrowed encryption, 180, 194-197
and seizure of records, 81-83
technical center for, 334
wiretapping/electronic surveillance, see Electromagnetic emissions; Wiretapping
see also Communications Assistance for Law Enforcement Act of 1995 (CALEA); Federal Bureau of Investigation (FBI); Executive Order 12333
Law enforcement access field (LEAF), 171-173
Layered encryption, 277
see also Multiple encryption
LEAF, see Law enforcement access field (LEAF)
Legislative branch, role of, 7, 199
Link encryption, 11-11 n, 274-276, 279, 327-328
Lost sales, 146-148, 214
M Manufacturing industry, 461-463, 469-470
see also Vendors
Market
development, 151-152
forces, xv, 7, 305-307
Master Card, see Credit cards
Microsoft Windows NT, 135, 259-260
Modularity, 140-142, 223
Monitoring, 359
Moore's law, 63, 276, 385n
Multiple encryption, 58-59, 178, 215, 383
Mutual Law Enforcement Assistance Treaties, 331, 446
N NACIC, see National Counterintelligence Center (NACIC)
National Communications System (NCS), see Executive Order 12472
National Computer Security Center (NCSC), 232-233
National Counterintelligence Center (NACIC), 2, 242-243
National information infrastructure (NII), 235, 483
OCR for page 685
Page 685
National Institute of Standards and Technology (NIST), 228, 235-238, 335-337, 365, 418-420, 485-488
public-key infrastructure requirements, 450-454
see also Federal Information Processing Standards (FIPS)
National Security Act of 1947, see Executive Order 12333
National Security Agency (NSA), xi, xiv, 158, 227-228, 235-241, 289, 335, 338, 416-420, 422-423
role in export licensing, 123n, 126, 128n, 141-144, 162, 256
role in Skipjack/Clipper, 173n, 174
see also Executive Order 12333
National Security Council (NSC), see National Security Directive 42; Executive Order 12333
National Security Directive 42 (text of), 620-628
National Security Telecommunications and Information Systems Security Committee (NSTISSC), see National Security Directive 42
NCS, see National Communications System (NCS)
NCSC, see National Computer Security Center (NCSC)
Netscape Navigator, 73n, 76, 124, 132n, 135, 208
Network Working Group, 280n
Network-based encryption, 199, 278-281
Networks, 149
applications of, 282-284
backward compatibility issues, 151n
vulnerabilities of, 52, 195, 274
Neumann, Peter G., 347-348
New Forum nations, 442;
see also CoCom nations
NII, see National information infrastructure (NII)
NIST, see National Institute of Standards and Technology (NIST)
Node, 359
Nonrepudiation, 359, 365, 370-371, 479
NSA, see National Security Agency (NSA)
NSTISSC, see National Security Telecommunications and Information Systems Security Committee (NSTISSC)
O Object code, 360
Object linking and embedding (OLE), 360, 475
OECD, see Organization for Economic Cooperation and Development (OECD) nations
Office of Management and Budget (OMB), 335, 486-487
see also Executive Order 12958
OLE, see Object linking and embedding (OLE)
OMB, see Office of Management and Budget (OMB)
Omnibus Crime Control and Safe Streets Act, 396-397
One-way hash function, 360, 367
Online services, 217-218, 221
see also America Online; Compuserve; Netscape Navigator; Prodigy; World Wide Web
Operating system, 360
Oral communications, see Wire and Electronic Communications Interception and Interception of Oral Communications Act
Organization for Economic Cooperation and Development (OECD) nations, 244, 331, 442, 448
OSI, see Government Open Systems Interconnect (OSI) Profile (GOSIP)
Ozzie, Raymond, 348
P Parallel processing, 63
Partial key escrow, 180
Password, 360
Patent and Trademark Office (PTO), 230
Patents, xii, 228-230
PCMCIA card (or PC-card), 176, 360, 468;
see also Fortezza cards
Pen Register and Traffic Analysis Act (text of), 526-540
Pen registers, 62, 84, 402
defined, 360, 540
Perry, William, 310
Personal identification number (PIN), 360
Petroleum industry, 463-465
OCR for page 686
Page 686
PGP, see Pretty Good Privacy (PGP)
Pharmaceutical industry, 200, 465-466
PIN, see Personal identification number (PIN)
Plaintext, 9, 53, 270, 355, 360, 374
Plug-in cryptography, see Cryptographic sockets
Pretty Good Privacy (PGP), 76, 163-164, 182
Private-key cryptography, 360, 375
Prodigy, 148
Products
certification and evaluation of, 70
cryptography, 148, 201-208
defaults, 250, 258
integrated or general-purpose, 65-66
stand-alone or security-specific, 65, 149, 208-211
weaknesses in, 74
Proper escrowing, see Escrowed encryption
Proprietary algorithms, 70, 174, 203
verifying, 207n
Protocol, 73
analyzers, 62
negotiation, 71
Pseudorandom function, 367
PSTN, see Public switched telecommunications network (PSTN)
PTO, see Patent and Trademark Office (PTO)
Public Cryptography Study Group, 267-268
Public Law 103-160, ix, xiv
Public switched telecommunications network (PSTN), 11
counterintelligence access to, 534-535
national security/emergency preparedness (NS/EP) network, 35
vulnerability of, 34-37, 327-328
see also National Security Directive 42
Public-key certificate, 360-361
Public-key cryptography, 53, 70, 290, 296, 313, 353, 360, 375
see also NIST
Q Quantum
computing, 392-393
cryptography, 394-395
R RC2/RC4 algorithms, 361
Reagan, President Ronald, 99, 423
see also Executive Order 12333; Executive Order 12472
Real-time surveillance, 89-90, 103
Reliability, 361
Remailer, 361
Reverse engineering, 205, 210, 230, 361
Risks addressed by cryptography, 361, 469-473
RSA algorithm, 182, 227-229, 313n, 325, 361, 376
RSA Data Security Conference, 141n
S Safety margins in key length, 361, 384-385
Satellite uplinks, 438
Schmults, Edward C., 348
Schneier, Bruce, 160n, 163-165
Second party, 361
Secrecy, xiii-xiv, 201-208, 307, 378
Secret-key
cryptography, 53, 171, 366, 375
cryptosystem, 361, 383-384
Secure hash algorithm, 361-362, 370n
Secure Hash Standard, 176, 223, 362
Secure Sockets Layer protocol, 124
Secure Telephone Unit (STU), 74-75, 235
Security, 362
Security Policy Board (SPB), 241
Security-specific cryptography product, 362
SED, see Shipper's Export Declaration (SED)
Shannon, Claude, 364
Shareware, 362
Shipper's Export Declaration (SED), 119
SIGINT (Signals intelligence)
and cryptography, 101-102, 114, 317, 335, 428
historical examples of, 96-99, 427
utility of, 87-88, 100-101, 174-175, 421-423, 470-471
Signaling System 7, 34
Skipjack algorithm, 171-172, 176, 201, 212n, 230, 362, 383, 391, 420
Slippery slope, 266
Smith, W.Y., Committee Vice Chair, 343-344
OCR for page 687
Page 687
Software
advantages of, 191-192
backward compatibility, 151n, 151-152
disadvantages of, 62, 64, 130
integrated, 148
object-oriented, 137n, 140, 165
product implementations in, 20-21, 65, 204-205
Source code, 362
Sovereign immunity, 189, 199
SPB, see Security Policy Board (SPB)
Specification, 362
Spillover effect, 123-125
Spoofing, 362, 367
Stand-alone cryptography product, 362
Standards, 70-71, 197, 222, 232-234, 254, 306, 485-486n, 551-556
State Department, see Department of State
Steganography, 270n, 372-372n
Stone, Elliot M., 348-349
Strategic intelligence, 97-101
Strong encryption, 101-102, 114, 123, 170, 254, 296, 382-383
STU, see Secure Telephone Unit (STU)
STU-III, 362
Superencryption, 269, 438
Symmetric
cryptography, 53-54, 172n, 362, 375-376
cryptosystem, 362
System, 362
T Tactical intelligence, 96-97
Taxation, 482
TCP/IP, 225
Telephony, see Facsimile communications; Voice communications
TEMPEST techniques, 64
Third party access, 362-363
see also Exceptional access
Threat, 363
Time stamping, 357
Title III intercept, see Wire and Electronic Communications Interception and Interception of Oral Communications Act
Token, 363
TPEP, see Trusted Product Evaluation Program (TPEP)
Traffic analysis, see Pen Register and Traffic Analysis Act
Translucent cryptography, 277-278
Transparency, 185
Trap-and-trace devices, 84, 402
defined, 363, 540
see also Pen Register and Traffic Analysis Act
Treasury Department, see Department of the Treasury
Trojan horses, 56n, 64-65n, 363
Trust, 363, 480-482
Trusted Product Evaluation Program (TPEP), 233
Trustworthiness, 363, 379
Turner, Stansfield, 98
U Unescrowed encryption, 7, 181-183, 186-187, 199, 268-273, 303-304
United States Postal Service (USPS), 468
U.S. Code, Title 18, Chapter 119, see Wire and Electronic Communications Interception and Interception of Oral Communications Act (text of)
U.S. Code, Title 18, Chapter 121 and 206, see Pen Register and Traffic Analysis Act (text of)
U.S. Code, Title 22, Chapter 39, see Arms Export Control Act (AECA)
U.S. Code, Title 50, Chapter 36, see Foreign Intelligence Surveillance Act of 1978 (text of)
U.S. Congress, viii, 162, 187, 231, 305, 332-333
oversight by, 587
reports to, 508, 524-525, 539, 550, 561
see also Legislative branch, role of
U.S. Munitions List (USML), 114-117, 125-127, 135-137, 140, 162-163, 389, 644-646
separating cryptography products on, 264
Use controls on cryptography, 436-438
USML, see U.S. Munitions List (USML)
USPS, see United States Postal Service (USPS)
OCR for page 688
Page 688
V Vendors, role of, 140, 149-153, 191, 206, 274
VeriSign, 76
Viruses, 64, 206
Visa, see Credit cards
Voice communications, secure, 174, 278-280
vs data communications, 199, 221, 280-281
Vulnerabilities, 24, 57, 293-296, 363
W Ware, Willis H., 349
Weak encryption, 29, 61-62, 101, 257-258, 276
Web of trust, 75-76
Windows NT, see Microsoft Windows NT
Wire and Electronic Communications Interception and Interception of Oral Communications Act (text of), 489-511
Wireless communications, vii-viii, 61, 275, 279-280; see also Cellular phones; Cordless phones
Wiretapping, 62, 103, 218-220, 439
legal framework governing, 84-88, 170
and protection of civil liberties, 44n, 285n, 285-286
utility of, 82-84
see also Electronic surveillance
Work factor, 64n, 363
World Wide Web, 65n
Z Zimmerman, Philip, 163-164
Representative terms from entire chapter:
executive order, national security directive, national security agency, national security telecommunications, escrowed encryption standard, electronic communications interception, law enforcement act, oral communications act, law enforcement access, data encryption standard, electronic communications privacy, intelligence surveillance act, export control act, traffic analysis act, arms export control, foreign intelligence surveillance, information infrastructure task, law enforcement, central intelligence agency, applications programming interfaces, computer security act, escrowed encryption, electronic communications, encryption standard, information processing standards, computer security center, security directive, communications act, oral communications, federal information processing
Items in cart [0]
