Clipper chip

Last updated

The Clipper chip was a chipset that was developed and promoted by the United States National Security Agency [1] (NSA) as an encryption device that secured "voice and data messages" [2] with a built-in backdoor that was intended to "allow Federal, State, and local law enforcement officials the ability to decode intercepted voice and data transmissions." [2] It was intended to be adopted by telecommunications companies for voice transmission. Introduced in 1993, it was entirely defunct by 1996.

Contents

MYK-78 "Clipper chip" MYK-78 Clipper chip markings.jpg
MYK-78 "Clipper chip"

Key escrow

The Clipper chip used a data encryption algorithm called Skipjack [1] to transmit information and the Diffie–Hellman key exchange-algorithm to distribute the public keys between peers. Skipjack was invented by the National Security Agency of the U.S. Government; this algorithm was initially classified SECRET, which prevented it from being subjected to peer review from the encryption research community. The government did state that it used an 80-bit key, that the algorithm was symmetric, and that it was similar to the DES algorithm. The Skipjack algorithm was declassified and published by the NSA on June 24, 1998. The initial cost of the chips was said to be $16 (unprogrammed) or $26 (programmed), with its logic designed by Mykotronx, and fabricated by VLSI Technology, Inc.

At the heart of the concept was key escrow. In the factory, any new telephone or other device with a Clipper chip would be given a cryptographic key, that would then be provided to the government in escrow. If government agencies "established their authority" to listen to a communication, then the key would be given to those government agencies, who could then decrypt all data transmitted by that particular telephone. The newly formed Electronic Frontier Foundation preferred the term "key surrender" to emphasize what they alleged was really occurring. [3]

Clinton Administration

The Clinton Administration argued that the Clipper chip was essential for law enforcement to keep up with the constantly progressing technology in the United States. [2] While many believed that the device would act as an additional way for terrorists to receive information, the Clinton Administration said it would actually increase national security. [4] They argued that because "terrorists would have to use it to communicate with outsiders — banks, suppliers, and contacts — the Government could listen in on those calls." [4]

Other proponents

There were several advocates of the Clipper chip who argued that the technology was safe to implement and effective for its intended purpose of providing law enforcement with the ability to intercept communications when necessary and with a warrant to do so. Howard S. Dakoff, writing in the John Marshall Law Review , stated that the technology was secure and the legal rationale for its implementation was sound. [5] Stewart Baker wrote an opinion piece in Wired magazine debunking a series of what he purported to be myths surrounding the technology. [6]

Backlash

RSA Security campaigned against the Clipper chip backdoor in the so-called Crypto Wars, with this poster being the most well-remembered icon of that debate. Sink Clipper campaign.gif
RSA Security campaigned against the Clipper chip backdoor in the so-called Crypto Wars, with this poster being the most well-remembered icon of that debate.
Wired magazine's anti-Clipper graphic Cyberright.png
Wired magazine's anti-Clipper graphic

Organizations such as the Electronic Privacy Information Center and the Electronic Frontier Foundation challenged the Clipper chip proposal, saying that it would have the effect not only of subjecting citizens to increased and possibly illegal government surveillance, but that the strength of the Clipper chip's encryption could not be evaluated by the public as its design was classified secret, and that therefore individuals and businesses might be hobbled with an insecure communications system. Further, it was pointed out that while American companies could be forced to use the Clipper chip in their encryption products, foreign companies could not, and presumably phones with strong data encryption would be manufactured abroad and spread throughout the world and into the United States, negating the point of the whole exercise, and, of course, materially damaging U.S. manufacturers en route. Senators John Ashcroft and John Kerry were opponents of the Clipper chip proposal, arguing in favor of the individual's right to encrypt messages and export encryption software. [7]

The release and development of several strong cryptographic software packages such as Nautilus, PGP [8] and PGPfone was in response to the government push for the Clipper chip. The thinking was that if strong cryptography was freely available on the Internet as an alternative, the government would be unable to stop its use.

Technical vulnerabilities

MYK-78 MYK-78 Clipper Chip.jpg
MYK-78

In 1994, Matt Blaze published the paper Protocol Failure in the Escrowed Encryption Standard. [9] It pointed out that the Clipper's escrow system had a serious vulnerability: the chip transmitted a 128-bit "Law Enforcement Access Field" (LEAF) that contained the information necessary to recover the encryption key. To prevent the software that transmitted the message from tampering with the LEAF, a 16-bit hash was included. The Clipper chip would not decode messages with an invalid hash; however, the 16-bit hash was too short to provide meaningful security. A brute-force attack would quickly produce another LEAF value that would give the same hash but not yield the correct keys after the escrow attempt. This would allow the Clipper chip to be used as an encryption device, while disabling the key escrow capability. [9] :63 In 1995 Yair Frankel and Moti Yung published another attack which is inherent to the design and which shows that the key escrow device tracking and authenticating capability (namely, the LEAF) of one device, can be attached to messages coming from another device and will nevertheless be received, thus bypassing the escrow in real time. [10] In 1997, a group of leading cryptographers published a paper, "The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption", analyzing the architectural vulnerabilities of implementing key escrow systems in general, including but not limited to the Clipper chip Skipjack protocol. [11]

Lack of adoption

The Clipper chip was not embraced by consumers or manufacturers and the chip itself was no longer relevant by 1996; the only significant purchaser of phones with the chip was the United States Department of Justice. [12] The U.S. government continued to press for key escrow by offering incentives to manufacturers, allowing more relaxed export controls if key escrow were part of cryptographic software that was exported. These attempts were largely made moot by the widespread use of strong cryptographic technologies, such as PGP, which were not under the control of the U.S. government.

As of 2013, strongly encrypted voice channels are still not the predominant mode for current cell phone communications. [13] [ needs update ] Secure cell phone devices and smartphone apps exist, but may require specialized hardware, and typically require that both ends of the connection employ the same encryption mechanism. Such apps usually communicate over secure Internet pathways (e.g. ZRTP) instead of through phone voice data networks.

Later debates

Following the Snowden disclosures from 2013, Apple and Google stated that they would lock down all data stored on their smartphones with encryption, in such a way that Apple and Google themselves could not break the encryption even if ordered to do so with a warrant. [14] This prompted a strong reaction from the authorities, including the chief of detectives for the Chicago Police Department stating that "Apple['s iPhone] will become the phone of choice for the pedophile". [15] An editorial in the Washington Post argued that "smartphone users must accept that they cannot be above the law if there is a valid search warrant", and after claiming to agree that backdoors would be undesirable, then suggested implementing a "golden key" backdoor which would unlock the data with a warrant. [16] [17] The members of "The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption" 1997 paper, as well as other researchers at MIT, wrote a follow-up article in response to the revival of this debate, arguing that mandated government access to private conversations would be an even worse problem than it would have been twenty years before. [18]

See also

Related Research Articles

In cryptography, key size, key length, or key space refer to the number of bits in a key used by a cryptographic algorithm.

<span class="mw-page-title-main">Encryption</span> Process of converting plaintext to ciphertext

In cryptography, encryption is the process of encoding information. This process converts the original representation of the information, known as plaintext, into an alternative form known as ciphertext. Ideally, only authorized parties can decipher a ciphertext back to plaintext and access the original information. Encryption does not itself prevent interference but denies the intelligible content to a would-be interceptor.

A cypherpunk is any individual advocating widespread use of strong cryptography and privacy-enhancing technologies as a route to social and political change. Originally communicating through the Cypherpunks electronic mailing list, informal groups aimed to achieve privacy and security through proactive use of cryptography. Cypherpunks have been engaged in an active movement since at least the late 1980s.

Articles related to cryptography include:

<span class="mw-page-title-main">RSA Security</span> American computer security company

RSA Security LLC, formerly RSA Security, Inc. and doing business as RSA, is an American computer and network security company with a focus on encryption and encryption standards. RSA was named after the initials of its co-founders, Ron Rivest, Adi Shamir and Leonard Adleman, after whom the RSA public key cryptography algorithm was also named. Among its products is the SecurID authentication token. The BSAFE cryptography libraries were also initially owned by RSA. RSA is known for incorporating backdoors developed by the NSA in its products. It also organizes the annual RSA Conference, an information security conference.

<span class="mw-page-title-main">Martin Hellman</span> American cryptologist (born 1945)

Martin Edward Hellman is an American cryptologist and mathematician, best known for his involvement with public key cryptography in cooperation with Whitfield Diffie and Ralph Merkle. Hellman is a longtime contributor to the computer privacy debate, and has applied risk analysis to a potential failure of nuclear deterrence.

<span class="mw-page-title-main">Whitfield Diffie</span> American cryptographer (born 1944)

Bailey Whitfield 'Whit' Diffie, ForMemRS, is an American cryptographer and mathematician and one of the pioneers of public-key cryptography along with Martin Hellman and Ralph Merkle. Diffie and Hellman's 1976 paper New Directions in Cryptography introduced a radically new method of distributing cryptographic keys, that helped solve key distribution—a fundamental problem in cryptography. Their technique became known as Diffie–Hellman key exchange. The article stimulated the almost immediate public development of a new class of encryption algorithms, the asymmetric key algorithms.

In cryptography, Skipjack is a block cipher—an algorithm for encryption—developed by the U.S. National Security Agency (NSA). Initially classified, it was originally intended for use in the controversial Clipper chip. Subsequently, the algorithm was declassified.

Cryptography, the use of codes and ciphers to protect secrets, began thousands of years ago. Until recent decades, it has been the story of what might be called classical cryptography — that is, of methods of encryption that use pen and paper, or perhaps simple mechanical aids. In the early 20th century, the invention of complex mechanical and electromechanical machines, such as the Enigma rotor machine, provided more sophisticated and efficient means of encryption; and the subsequent introduction of electronics and computing has allowed elaborate schemes of still greater complexity, most of which are entirely unsuited to pen and paper.

There are a number of standards related to cryptography. Standard algorithms and protocols provide a focus for study; standards for popular applications attract a large amount of cryptanalysis.

The National Security Agency took over responsibility for all U.S. Government encryption systems when it was formed in 1952. The technical details of most NSA-approved systems are still classified, but much more about its early systems have become known and its most modern systems share at least some features with commercial products.

End-to-end encryption (E2EE) is a private communication system, only communicating users can participate, no adversary nor eavesdropper can interfere, not the communication system provider, telecom providers, Internet providers, nor malicious actors, only communicating users can access the cryptographic keys needed to converse.

<span class="mw-page-title-main">Secure telephone</span> Telephone that provides encrypted calls

A secure telephone is a telephone that provides voice security in the form of end-to-end encryption for the telephone call, and in some cases also the mutual authentication of the call parties, protecting them against a man-in-the-middle attack. Concerns about massive growth of telephone tapping incidents led to growing demand for secure telephones.

Strong cryptography or cryptographically strong are general terms used to designate the cryptographic algorithms that, when used correctly, provide a very high level of protection against any eavesdropper, including the government agencies. There is no precise definition of the boundary line between the strong cryptography and (breakable) weak cryptography, as this border constantly shifts due to improvements in hardware and cryptanalysis techniques. These improvements eventually place the capabilities once available only to the NSA within the reach of a skilled individual, so in practice there are only two levels of cryptographic security, "cryptography that will stop your kid sister from reading your files, and cryptography that will stop major governments from reading your files".

Capstone is a United States government long-term project to develop cryptography standards for public and government use. Capstone was authorized by the Computer Security Act of 1987, driven by the National Institute of Standards and Technology (NIST) and the National Security Agency (NSA); the project began in 1993.

Cryptography is the practice and study of encrypting information, or in other words, securing information from unauthorized access. There are many different cryptography laws in different nations. Some countries prohibit export of cryptography software and/or encryption algorithms or cryptoanalysis methods. Some countries require decryption keys to be recoverable in case of a police investigation.

<span class="mw-page-title-main">Cryptography</span> Practice and study of secure communication techniques

Cryptography, or cryptology, is the practice and study of techniques for secure communication in the presence of adversarial behavior. More generally, cryptography is about constructing and analyzing protocols that prevent third parties or the public from reading private messages. Modern cryptography exists at the intersection of the disciplines of mathematics, computer science, information security, electrical engineering, digital signal processing, physics, and others. Core concepts related to information security are also central to cryptography. Practical applications of cryptography include electronic commerce, chip-based payment cards, digital currencies, computer passwords, and military communications.

The following outline is provided as an overview of and topical guide to cryptography:

<span class="mw-page-title-main">Bullrun (decryption program)</span> Code name of a decryption program run by the NSA

Bullrun is a clandestine, highly classified program to crack encryption of online communications and data, which is run by the United States National Security Agency (NSA). The British Government Communications Headquarters (GCHQ) has a similar program codenamed Edgehill. According to the Bullrun classification guide published by The Guardian, the program uses multiple methods including computer network exploitation, interdiction, industry relationships, collaboration with other intelligence community entities, and advanced mathematical techniques.

<span class="mw-page-title-main">Crypto Wars</span> Attempts to limit access to strong cryptography

Attempts, unofficially dubbed the "Crypto Wars", have been made by the United States (US) and allied governments to limit the public's and foreign nations' access to cryptography strong enough to thwart decryption by national intelligence agencies, especially the National Security Agency (NSA).

References

  1. 1 2 "Clipper Chip - Definition of Clipper Chip". computer.yourdictionary.com. Archived from the original on 2013-07-04. Retrieved 2014-01-11.
  2. 1 2 3 McLoughlin, Glenn J. (September 8, 1995). "The Clipper Chip A Fact Sheet Update". Congressional Proquest.
  3. "Clipper Chip". cryptomuseum.com. Archived from the original on 2020-06-15. Retrieved 2014-01-11.
  4. 1 2 Levy, Steven (June 12, 1994). "Battle of the Clipper Chip". The New York Times. Archived from the original on June 6, 2020. Retrieved August 25, 2017.
  5. "Howard S. Dakoff, The Clipper Chip Proposal: Deciphering the Unfounded Fears That Are Wrongfully Derailing Its Implementation,29 J. Marshall L. Rev. 475 (1996)". Archived from the original on 2020-10-17. Retrieved 2020-08-09.
  6. Baker, Stewart A. (1994-06-01). "Don't Worry Be Happy". Wired. ISSN   1059-1028 . Retrieved 2020-08-09.
  7. "Summary of Encryption Bills in the 106th Congress". Archived from the original on 2018-09-21. Retrieved 2008-08-22.
  8. "Philip Zimmermann - Why I Wrote PGP (Part of the Original 1991 PGP User's Guide (updated in 1999))". Archived from the original on 2011-03-04. Retrieved 2007-12-20.
  9. 1 2 Blaze, Matt (August 20, 1994). "Protocol Failure in the Escrowed Encryption Standard" (PDF). Proceedings of the 2nd ACM Conference on Computer and Communications Security: 59–67. Archived (PDF) from the original on March 6, 2020. Retrieved October 2, 2018.
  10. Y. Frankel and M. Yung. Escrow Encryption Systems Visited: Attacks, Analysis and Designs. Crypto 95 Proceedings, August 1995
  11. "The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption". Archived from the original on 2018-08-09. Retrieved 2015-02-19.
  12. "From Clipper Chip to Smartphones: Unlocking the Encryption Debate". Archived from the original on 2020-05-29. Retrieved 2019-11-10.
  13. Timberg, Craig; Soltani, Ashkan (December 13, 2013), "By cracking cellphone code, NSA has ability to decode private conversations", The Washington Post , archived from the original on May 7, 2014, retrieved August 18, 2015, More than 80 percent of cellphones worldwide use weak or no encryption for at least some of their calls.
  14. "Why can't Apple decrypt your iPhone?". 2014-10-04. Archived from the original on 2014-10-09. Retrieved 2014-10-06.
  15. Craig Timberg and Greg Miller (25 Sep 2014). "FBI blasts Apple, Google for locking police out of phones". The Washington Post. Archived from the original on 10 February 2020. Retrieved 1 Apr 2016.
  16. Editorial Board (3 Oct 2014). "Compromise needed on smartphone encryption". The Washington Post. Archived from the original on 21 February 2020. Retrieved 1 Apr 2016.
  17. Mike Masnick (6 Oct 2014). "Washington Post's Clueless Editorial On Phone Encryption: No Backdoors, But How About A Magical 'Golden Key'?". Tech Dirt. Archived from the original on 21 February 2020. Retrieved 1 Apr 2016.
  18. Abelson, Harold; et al. (July 6, 2015). Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications (Technical report). Massachusetts Institute of Technology. hdl:1721.1/97690.