Policy-Controlled Cryptographic Key Release


Dennis K. Branstad and David A. McGrew
Affiliation: Trusted Information Systems, Inc.
Abstract: In early 1995, Trusted Information Systems, in conjunction with four individuals from academia and industry, proposed to design and develop a language and system for use by individuals or their organizations to specify policies for controlling the release (temporary use or permanent transfer) of their cryptographic keys. Work has recently begun on a DARPA Policy-Controlled Cryptographic Key Release research contract for specifying and enforcing certain aspects of information protection and use in a range of commercial and unclassified military applications.

The Key-Release Policy (KRP: short title) project is developing a dynamic, policy-based automated system for cryptographic key release (distribution or use). Real and hypothetical requirements for specifying the conditions (i.e., events) under which a cryptographic key shall be released are currently being collected. A language is being defined to specify these conditions, with inputs from users, managers, and others having responsibility for the protection of information. The language will allow for the establishment, dis-establishment, and delegation of access permissions that can be assured by controlling an encryption or signature key.

Systems are being designed for automatically and accountably enforcing the policies, and analyzing the policies for completeness, consistency, and correctness. Formal methods will be used to the greatest feasible extent. Automated verification will be used where possible with requests for human resolution made when ambiguous, inconsistent, or mutually exclusive policy statements are made for the release of a key. Emphasis is being placed on simple user-system interfaces, with translations from human understandable language to machine enforceable language.

Burt Kaliski, Warwick Ford, Russ Housley, and Dorothy Denning are participating in the project. The works of Ford and Wiener on A Key Distribution Method for Object-Based Protection; Rivest and Lampson on SDSI; Blaze, Feigenbaum, and Lacy on Decentralized Trust Management; and Boneh and Lipton on A Revocable Backup System are being reviewed as relevant to the project. Other references, collaborators, and interested parties are being sought.

An experimental system is now being constructed in Secure Tcl, and PVS is being evaluated for analyzing key-release policies. Interfaces are being designed for use by individuals, managers, system administrators, and others who have responsibility or authority for information protection.

The presentation will outline the objectives of the project, current directions and status, and the anticipated schedule for the project.

For more information, see http://www.tis.com/docs/research/crypto/ckrpolicy.html"