I need help understanding my homework assignment this week. The assignment is as

Question

I need help understanding my homework assignment this week. The assignment is as follows;

Key recovery, or key escrow, is a recovery mechanism that stores copies of encrypted keys in separate, often centralized, locations. The term encompasses many different ways of permitting forced access to encrypted data.

The basic purpose of key recovery is to allow authorized third-party users to access encrypted data. However, to ensure that only the intended recipients are allowed access to the keys, the data log must be strictly monitored, and access must be granted only under restricted conditions.

In a 2- to 3-page paper, discuss the purpose of one implementation of key recovery. Address the following questions:

1. What makes this key recovery mechanism useful?

2. How is the mechanism implemented?

3. What are its benefits and risks?

4. What are its theoretical and practical applications?

Remember to properly cite your sources according to APA guidelines.

I've read the reading for this week in our book, and can't find what they mean by key recovery mechanism.

Here are the requirements;

The submission describes practical as well as theoretical applications of key recovery.

Can you help me get started?

The paper identifies a key recovery mechanism and describes why it is useful. The paper describes the implementation of at least 2 key recovery methods. The submission provides a rational explanation of the risks and benefits of the mechanism.

The submission describes practical as well as theoretical applications of key recovery.

Can you help me get started?

Explanation / Answer

Key recovery systems are designed to enable encrypted communications to be read by an authorized third party.Key recovery systems require vendors of encryption software to add a "key recovery" mechanism that maintains normal security in usual use, but can be turned onto decrypt your communications through a back door when authorized.

Key recovery systems use a "third key", in addition to the public and private keys usually employed by Public Key Cryptography. This third key is typically kept with a third-party organization and can be used to decrypt your communications when released to the authorities.

Key recovery for stored data

When cryptography is used for stored data there is a clear risk that key loss or damage might lead to a loss of the data itself. Such difficulties are very real and this means that the benefits of backing up encryption keys will almost always outweigh the additional risks that this will involve. It will thus be normal in a business environment to provide for emergency key recovery when encryption is used for stored data.

National electronic intelligence agencies such as NSA and GCHQ are primarily involved in capturing and decoding electronic communications and this means that they have little interest in stored data.

Key recovery for communications

When cryptography is used for protecting communications channels there is no end user interest in key recovery since the unencrypted data streams will be available to all the parties involved. If an encryption key is lost or damaged it does not need to be recovered since the data can be sent again using a new encryption key.

An important aspect of key recovery systems is the method used to ensure that correct recovery information is provided. If the recovery information provided is not correct, either through unintentional error, or deliberate attempt to conceal, the functionality of the key recovery system can be thwarted. Validation can be provided in several ways, including direct checking by the participants, checking by the trustees, and checking by the recovery entity.Correctness can also be ensured by redundant calculation and disclosure of the recovery information by more than one of the communicating parties.

Risks of Key Recovery

Key recovery systems are inherently less secure, more costly, and more difficult to use than similar systems without a recovery feature. Key recovery degrades many of the protections available from encryption, such as absolute control by the user over the means to decrypt data.

1.y key recovery infrastructure, by its very nature, introduces a new and vulnerable path to the unauthorized recovery of data where one did not otherwise exist. This introduces at least two harmful effects:

2. Regardless of the implementation, if key recovery systems must provide timely law enforcement access to a whole key or to plaintext, they present a new and fast path to the recovery of data that never existed before.The key recovery access path is completely out of the control of the user.

3. Like any other security system with a human element, key recovery systems are particularly vulnerable to compromise by authorized individuals who abuse or misuse their positions. Users of a key recovery system must trust that the individuals designing, implementing, and running the key recovery operation are indeed trustworthy. An individual, or set of individuals, motivated by ideology, greed, or the threat of blackmail, may abuse the authority given to them.

4.The nature of key recovery creates new high-value targets for attack of encryption systems. Key recovery agents will maintain databases that hold, in centralized collections, the keys to the information and communications their customers most value. In many key recovery systems, the theft of a single private key held by a recovery agent could unlock much or all of the data of a company or individual.

The key recovery infrastructure will tend to create extremely valuable targets, more likely to be worth the cost and risk of attack. The identity of these new rich targets will be highlighted by the key recovery systems themselves. Every encrypted communication or stored file will be required to include information about the location of its key retrieval information.

5. Key recovery is especially problematic in communications systems, such as encrypted cellular telephone calls, because it destroys the property of forward secrecy. A system with forward secrecy is one in which compromising the keys for decrypting one communication does not reduce the security of other communications. For example, in an encrypted telephone call, the keys for encrypting a call can be established as the call is set up. If these keys are destroyed when the call is over, the participants can be assured that no one can later decrypt that conversation--even if the keys to some subsequent conversation are compromised.

Key Recovery, as originally proposed, could have provided the basis for a compromise solution in which businesses obtained strong cryptographic data protection whilst also supporting important needs. In reality, however, key recovery has been taken over as a mechanism for preventing the widespread use of strong cryptography.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.