Personal tools

nist-dss-clipper-testimony.txt

STATEMENT OF

RAYMOND G. KAMMER

ACTING DIRECTOR, NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY

BEFORE THE

SUBCOMMITTEE ON TELECOMMUNICATIONS AND FINANCE

COMMITTEE ON ENERGY AND COMMERCE

APRIL 29, 1993


Mr. Chairman and Members of the Subcommittee:


Good morning. Thank you for inviting me to testify. I am Raymond G.
Kammer, Acting Director of the National Institute of Standards and
Technology of the U.S. Department of Commerce. Under the Computer
Security Act of 1987, NIST is responsible for the development of
standards for protecting unclassified government computer systems,
except those commonly known as Warner Amendment systems (as defined
in Title 10 USC 2315).

NIST has a long-established program of developing computer security
guidelines and standards for federal agencies. Many of these are
also used, on a voluntary basis, by the private sector. We have
published guidance on computer security training and awareness,
identification and authentication, open systems security, incident
response, cryptographic standards, trusted systems, and many other
facets of computer security.

Today, however, I plan to address the following topics which I
believe are most directly germane to your invitation:

* The need for good information security technology to
protect computer and telecommunications systems and
networks;

* NIST's activities in telecommunications switch security;

* the planned recertification of the Data Encryption
Standard;

* NIST's proposed Digital Signature Standard;


* the recent White House announcement of a new encryption
technology, called the Clipper Chip; and

* the President's directive to review advanced
telecommunications and encryption technology.


Need for Computer Security

Strong security technology is required in modern communications
systems and networks to protect sensitive and valuable information.
Government agencies and private corporations depend upon the
integrity and availability of their communications system in order to
do business. Computer viruses, network worms, hackers, and other
threats against our systems emphasize the importance of
telecommunications security.

Additionally, I have grown convinced, through strong anecdotal
evidence, most of it shared on a proprietary basis, of the growing
threat to American business from "economic espionage." Much has been
reported in the press of the activities of foreign intelligence
services targeting American firms, and sharing their findings with
competing foreign firms. I am convinced that American firms need
strong security, and in particular, strong cryptography, to protect
against such threats.

More importantly, the Administration is committed to working with the
private sector to spur the development of a National Information
Infrastructure which will use new telecommunications and computer
technologies to give Americans unprecedented access to information.
This infrastructure of high-speed networks ("information
superhighways") will transmit video, images, HDTV programming, and
huge data files as easily as today's telephone system transmits
voice. Appropriate security techniques may at times be integrated
into such systems.


Telecommunications Security

Federal telephone and computer networks depend upon reliable and
secure telecommunications capabilities, both of long-distance
carriers and local private-branch exchanges (PBXs). To examine
security issues of telecommunications networks, including issues of
PBX security and telecommunications switch security, NIST is
currently setting up a Telecommunications Security Analysis Center.
This Center will expand on initial research we have conducted on the
vulnerability of telecommunications switches.

Telecommunications switches are an integral part of the security of
the public switched network. Security problems in switches can
result in serious problems such as toll fraud, unauthorized and
illegal eavesdropping, or the disabling of switches, which would
result in bringing down part of the public switched network.

NIST has been monitoring the growth of switch-related abuse and has
been analyzing switches to be able to address the types of crimes
that could be perpetrated in the future. This work includes studying
the growing ease of perpetrating these crimes.
There are several areas of concern:

* Toll fraud. Current research indicates that the problem is
well over $1 billion per year. While not all toll-fraud is
accomplished technically, telecommunications switches are
vulnerable to hackers who can gain unauthorized access to
the use of long-distance services. This is a particular
vulnerability to the owners of PBXs, who can lose
considerable sums if their systems are inadequately
protected. Good system configuration control is one good
security measure we are examining.

* Network Availability. There have been no cases of
intruders purposefully bringing down parts of the public
switched network. The President's National Security
Telecommunications Advisory Committee (NSTAC) concluded
that "Until there is confidence that strong comprehensive
computer security programs are in place, the industry
should assume that a motivated and resourceful adversary in
one concerted manipulation of the network software could
degrade at least portions of the PSN."

* Unauthorized Eavesdropping. If unauthorized access is
gained to telecommunications switches, which is really just
a computer that switches phone calls, a hacker can gain
access to the contents of phone conversations and other
information transmitted through a switch. This
unauthorized eavesdropping can be either "real-time," as
the conversations occur, or the intruders can arrange to
have the conversations and data electronically transmitted
to another telecommunications switch or computer for later
analysis.

The purpose of the Telecommunications Security Analysis Center will
be to:

* Develop tools and techniques to analyze very complex
systems such as switches;

* Provide informal security guidance and advice to federal
agencies on procurement of telecommunications switches;

* Perform security analyses of commercial switches in both
laboratory and real world environments; and

* Develop standards and guidance for use in securing switches
and in building more secure switches, while providing for
the legitimate needs of law enforcement, under proper court
order, to protect the American public.

As we pursue this research, we will be pleased to provide additional
information on our findings to the Committee.


The Data Encryption Standard

The current government standard for the encryption of data is known
as the Data Encryption Standard (DES), which was first approved as a
Federal Information Processing Standard in 1977. DES is widely used
within both the government and the private sector for the protection
of sensitive information, including financial information, medical
information, and Privacy Act data. DES represents a proven twenty
year old technology with DES products available in the marketplace
for the last 15 years.

Last year, NIST formally solicited comments on the recertification of
DES. After reviewing those comments, and the other technical inputs
that I have received, I plan to recommend to the Secretary of
Commerce that he recertify DES for another five years. I also plan
to suggest to the Secretary that when we announce the recertification
we state our intention to consider alternatives to it over the next
five years. By putting that announcement on the table, we hope to
give people an opportunity to comment on orderly technological
transitions. In the meantime, we need to consider the large
installed base of systems that rely upon this proven standard.


NIST's Proposed Digital Signature Standard

The majority of the cryptographic-based security requirements in
computer and network systems involve the need for strong
identification and authentication. One method which we believe holds
a capacity for significant improvements in security and also cost-
savings by automating paper processes is the use of digital
signatures.

A digital signature is a computer-based method of "sealing" an
electronic message in such a way that its contents cannot be changed
or forged without detection and that the identity of the originator
of the communication can be verified. The digital signature for a
message is simply a code, or large number, that is unique for each
message and each message originator (within a very high, known
probability). A digital signature is computed for a message by
computing a representation of the message (called a "hash" code) and
a cryptographic process that uses a key associated with the message
originator. Any party with access to the public key, message, and
signature can verify the signature. If the signature verifies
correctly, the receiver (or any other party) has confidence that the
message was signed by the owner of the public key and the message has
not been altered after it was signed.

In 1991, NIST proposed a draft Digital Signature Standard (DSS). We
received about 130 public comments. We have been reviewing these
comments and revising the standard as appropriate to respond to those
comments. Additionally, we have examined and are currently dealing
with two claims of patent infringement, which we believe will be
successfully resolved in the not-too-distant future. Once this
occurs, the Secretary of Commerce needs to decide to approve the DSS
as a Federal Information Processing Standard. It will then
complement the Secure Hash Standard which was recently approved by
the Secretary of Commerce as Federal Information Processing Standard
180.

We anticipate that the DSS will find many uses within government
computer systems and networks. For example, DSS could be employed in
electronic funds transfer systems. Suppose an electronic funds
transfer message is generated to request that $100.00 be transferred
from one account to another. If the message was passed over an
unprotected network, it may be possible for an adversary to alter the
message and request a transfer of $1000.00. Without additional
information, it would be difficult, if not impossible, for the
receiver to know the message had been altered. However if the DSS
was used to sign the message before it was sent, the receiver would
know the message had been altered because it would not verify
correctly. The transfer request could then be denied.

DSS could be employed in a variety of business applications requiring
a replacement of handwritten signatures. One example is Electronic
Data Interchange (EDI). EDI is the computer-to-computer interchange
of messages representing business documents. In the federal
government, this technology is being used to procure goods and
services. Digital signatures could be used to replace handwritten
signatures in these EDI transactions. For instance, contracts
between the government and its vendors could be negotiated
electronically. A government procurement official could post an
electronically signed message requesting bids for office supplies.
Vendors wishing to respond to the request may first verify the
message before they respond. This assures that the contents of the
message have not been altered and that the request was signed by a
legitimate procurement official. After verifying the bid request,
the vendor could generate and sign an electronic bid. Upon receiving
the bid, the procurement official could verify that the vendor's bid
was not altered after it was signed. If the bid is accepted, the
electronic message could be passed to a contracting office to
negotiate the final terms of the contract. The final contract could
be digitally signed by both the contracting office and the vendor.
If a dispute arose at some later time, the contents of contract and
the associated signatures could be verified by a third party.

DSS is also likely to find widespread applications in the health care
field. It might be used to sign digital images, for example, to
assure that they remain safe against unauthorized modifications.

DSS could also be useful in the distribution of software. A digital
signature could be applied to software after it has been validated
and approved for distribution. Before installing the software on a
computer, the signature could be verified to be sure no unauthorized
changes (such as the addition of a virus) have been made. The
digital signature could be verified periodically to ensure the
integrity of the software.

In database applications, the integrity of information stored in the
database is often essential. DSS could be employed in a variety of
database applications to provide integrity. For example, information
could be signed when it was entered into the database. To maintain
integrity, the system could also require that all updates or
modifications to the information be signed. Before signed
information was viewed by a user, the signature could be verified.
If the signature verified correctly, the user would know the
information was not altered by an unauthorized party. The system
could also include signatures in the audit information to provide a
record of users who modified the information.

The DSS can also be used in conjunction with more secure
identification and authentication systems, for the protection of
access to both computer and telecommunication systems.


A New Encryption Technology: The Clipper Chip

Approximately two weeks ago, the White House announced our intention,
based on a new encryption technology, the Clipper Chip, to initiate a
voluntary program to improve the security and privacy of telephone
communications while meeting the legitimate needs of law enforcement.

This initiative will involve the creation of new products to
accelerate the development and use of advanced and secure
telecommunications networks and wireless communications links - the
security of the very systems you are examining here today.

Sophisticated encryption technology, including the DES, has been used
for years to protect electronic funds transfer. It is now being used
to protect electronic mail and computer files. While encryption
technology can help Americans protect business secrets and the
unauthorized release of personal information, it also can be used by
terrorists, drug dealers, and other criminals.


A state-of-the-art microcircuit, the "Clipper Chip," has been
developed by government engineers. The chip represents a new
approach to encryption technology. It can be used in new, relatively
inexpensive encryption devices that can be attached to an ordinary
telephone. It scrambles telephone communications using an encryption
algorithm that is more powerful than many in commercial use today.
The Clipper algorithm with an 80 bit long cryptographic key is
approximately 16 million times stronger than DES. It would take a
CRAY YMP over 200 years to solve one DES key. It would take the same
machine over a billion years to solve one Clipper Chip key.

This new technology offers opportunities for companies to protect
proprietary information, protect the privacy of personal phone
conversations and prevent unauthorized release of data transmitted
electronically. At the same time this technology preserves the
ability of federal, state and local law enforcement agencies to
intercept lawfully the phone conversations of criminals.

Protection of confidentiality of information is of critical concern
to the nation. So too is the ability of law enforcement to provide
safe streets and neighborhoods. Americans demand the very best in
law enforcement - at the federal, state and local level. Citizens
insist upon a quick response to terrorist threats, organized crime,
and drug dealers, while preserving our Constitutional rights. Past
experience clearly shows that one critical technology successfully
used to prosecute organized crime is the use of court-authorized
wiretaps. Unquestionably, these lawful electronic intercepts have
saved lives and been critical to bringing criminals to justice. The
"Clipper Chip" is also a powerful tool which will be used by law
enforcement to protect its own sensitive communications from illicit
criminal monitoring.

A "key-escrow" system is envisioned that would ensure that the
"Clipper Chip" is used to protect the privacy of law-abiding
Americans. Each device containing the chip will have two unique
"keys," numbers that will be needed by authorized government agencies
to decode messages encoded by the device. When the device is
manufactured, the two keys would be deposited separately in two "key-
escrow" data bases established by the Attorney General. Access to
these keys would be limited to government officials with legal
authorization to conduct a wiretap.

The President has asked the Attorney General to make arrangements
with appropriate entities who would hold the keys for the key-escrow
microcircuits installed in communications equipment. I understand
that the Attorney General is currently studying these procedures and
options for who will serve as the key escrow holders.

Since the announcement from the White House, I have stressed that the
"Clipper Chip" technology provides law enforcement with no new
authorities to access the content of the private conversations of
Americans. Also, some have claimed that there is a hidden trapdoor
in the chip or the algorithm. I cannot state it more simply: no
trapdoor exists.

The chip is an important step in addressing the problem of
encryption's dual-edge sword: encryption helps to protect the
privacy of individuals and industry, but it also can shield criminals
and terrorists. We need the "Clipper Chip" and other approaches that
can both provide law-abiding citizens with access to the encryption
they need and prevent criminals from using it to hide their illegal
activities.


Presidential Directive for Advanced Telecommunications and Encryption
Review

In order to assess technology trends and explore new approaches and
technologies (like the key-escrow system), the President has directed
government agencies to develop a comprehensive policy on encryption
and advanced telecommunications technology that accommodates:

* the privacy of our citizens, including the need to employ
voice or data encryption for business purposes;

* the ability of authorized officials to access telephone
calls and data, under proper court or other legal order,
when necessary to protect our citizens;

* the effective and timely use of the most modern technology
to build the National Information Infrastructure needed to
promote economic growth and the competitiveness of American
industry in the global marketplace; and

* the need of U.S. companies to manufacture and export high
technology products.

The President has directed early and frequent consultations with
affected industries, the Congress and groups that advocate the
privacy rights of individuals as policy options are developed.

I anticipate being a member of the governmental review panel which
will study this issue.

I will again stress what we have stated previously. Encryption
technology will play an increasingly important role in future network
infrastructures and the Federal Government must act quickly to
develop consistent, comprehensive policies regarding its use. The
Administration is committed to policies that protect all Americans'
right to privacy while also protecting them from those who break the
law.

Thank you Mr. Chairman, I would be pleased to answer any questions.

Archived CPSR Information
Created before October 2004
Announcements

Sign up for CPSR announcements emails

Chapters

International Chapters -

> Canada
> Japan
> Peru
> Spain
          more...

USA Chapters -

> Chicago, IL
> Pittsburgh, PA
> San Francisco Bay Area
> Seattle, WA
more...
Why did you join CPSR?

The need for CPSR's activities has never been greater.