Pros and Cons of

Key Escrow
Agreements
Mhd Raja Abou Harb
(Student ID: 21COMP9001)

1
  Explanation of Key Escrow
 Explanation of Key Escrow Agreements
 Pros of Key Escrow Agreements
Agenda  Cons of Key Escrow Agreements
 Risks Related to Key Escrow
 Conclusion

2
  Case Scenario: we have valuable information, and we
need to protect them from unauthorized access. How
can we do that?
 Encryption: Public/ Private Key Cryptography.
 After applying encryption techniques: keys had been
generated for accessing the encrypted files. The
Introduction generated keys were managed manually, which leaded
to the risk of loosing the access to the encrypted data
because of
 Human errors
 Terminated key held person
 Loss of the person who holds the keys
 There shall be a systematic way to manage the keys.

3
  Key escrow is a method of
storing important
cryptographic keys.
 Each key stored in an escrow
system is tied to the original
What is Key user and subsequently
encrypted for security
Escrow? purposes.
 Similar to the valet or coat
check function
 each key is stored in relation to
the user that leverages it, and
then returned once queried.

4
 Key escrow
systems are
like leaving
your home
keys with
your
neighbour in
case of
emergencies.

5
  deposit of the private key of a subscriber and other pertinent
information pursuant to an escrow agreement or similar contract
Legal binding upon the subscriber, the terms of which require one or
more agents to hold the subscriber's private key for the benefit of
Definition of the subscriber, an employer, or other party, upon provisions set
forth in the agreement.
key Escrow  (NIST Special Publication 800-32)

6
  Organizations’ critical keys are safe from different risks:
 Catastrophe
 security breach
 lost or forgotten keys

Benefits From natural disasters…
 Manual managing for the keys in organizations is not
Key Escrow in recommended.
cloud  Compliance with regulations
 Escrowed Encryption Standard (Clipper initiative )
 the Capstone/Fortezza initiative
 proposal to liberalize export controls on products using
escrowed encryption.

7
 Normal Encryption Encryption with Key Escrow
 Encryption  Encryption

 Decryption  Decryption

How it works?
E: Encryption process
D: Decryption process
P: Plaintext
C: Ciphertext
K: Encryption/Decryption Key
E: Encryption process
D: Decryption process
P: Plaintext
C: Ciphertext
K: Encryption/Decryption Key
: Key to be escrewed
8
  It is an arrangement between the companies (who can be refered
to customers) and a trusted third party which can offer solution for
Key Escrew securely storing their keys.

Agreements  Can be called (sometimes) SaaS Escrow Services

 ensure that cryptographic keys remain protected, not only in storage,
but also while in use. 

9
  Encryption is very important for using the cloud services.
 We can see the encryption based on the stages of the data
 Data in transit
 is fairly simple
Encryption In  Information is almost always encrypted as it travels (between
datacenters, or between servers and user devices) using TLS or other
Cloud reliable methods.
 Data at use and rest
 Cloud providers can encrypt data on their servers, but in order to
facilitate indexing, online viewing, online collaboration, or other
services, the cloud providers need to maintain control over the keys
used to encrypt and decrypt the data.

10
  Cloud-Based Encryption:
 The cloud provider generates, manages, and stores the keys used to
encrypt and decrypt data.
Options for  Bring Your Own Key (BYOK):
Key  The customer generates and manages encryption keys, but the
cloud provider has access to the keys and can use them to encrypt
Management and decrypt data.

on Cloud  Hold Your Own Key (HYOK):

 The customer generates, manages, and stores encryption keys in its
own environment. The cloud provider does not have access to the
keys and is blind to the contents of encrypted files.

11
  Some organizations take the HYOK approach to all sensitive data.
For these companies, the Cloud is simply a storage location.
Sensitive data resides on cloud servers, but is only decrypted and
Options for used inside the company network, or by external partners under
controlled circumstances.
Key  Most organizations, need to take advantage of additional cloud
Management capabilities (online collaboration, online search, and cloud DLP
scanning) for at least some of their sensitive data.
on Cloud  HYOK encryption can be implemented with cloud security.
 Data that an organization considers appropriate for cloud-based use
(Cont.) can be encrypted with keys that the cloud provider holds, enabling the
full range of cloud services. Data that requires maximum protection
can be encrypted with company-held keys, rendering it unreadable by
the cloud provider.

12
  Public SSH Keys
 When a user needs an SSH key pair to access their cloud
Examples for infrastructure (i.e. AWS®), a public and private key are generated.
 The private key is kept by the service the user authenticates to using
Using Key their public key.
Escrow  Since SSH keys are generally longer and more complex than
traditional passwords, they are often harder to remember.
Services  So, by using a key escrow system for the system-stored public keys,
IT organizations can worry less about their users losing their SSH key
pairs, and subsequently, their access to critical, protected resources.

13
Examples for  Full Disk Encryption (FDE)
 Securing the data at rest.
Using Key  Data can be accessed through 2 ways
Escrow  Directly logging into the system with an authorized user’s credentials.
 Using recovery key: a unique, complex password that is tied directly to
Services the encrypted disk.

(Cont.)

14
  The framework shall:
 Provide benefits to legitimate users,
 Be public and unclassified,
 Use well known techniques,
Requirements
 Support all forms of communications,
for Key Escrow  Compatible with different laws and
Arrangements regulations,
 Provide access under warrant,
 Not require to deal with other third parties,

15
  Data recovery
 When the key used to encrypt data is lost, key
escrow services can help in recovering the data.
Pros of Key  Some resources are calling the key escrow a key
recovery.
Escrow
Agreements  Warrented interception
 Protection of national security
 CLIPPER proposal (US)

16
  A U.S. government encryption chipset introduced in 1993.
 The chipset was promoted as an encryption device with a
The Clipper government-held (escrow) master key to facilitate encryption in
the face of security threats.
Chip  The controversial Clipper Chip was defunct by 1996, but the
concept evolved into the Pretty Good Privacy (PGP) encryption
tool, which is used worldwide.

17
  The trusted third parties work within the regulatory regime; which
means that they are required to reveal their customer secrets
when legally required.
 It is similar to the regulations of the banks; banks are obligated to
show the financial transactions to the tax authorities as an example.
 The Key escrow agreements may be the vulnerability that
Cons of Key criminals may use to hide their malicious behaviors.
Escrow  It is hard to implement in multidomain frameworks (while it is
straightforward for the single domain) for the following reasons:
Agreements  One escrow agent for each domain,
 Different rules in each domain,
 Lack of trust between the domains.
 Mistrust of the security of the structural escrow arrangement.
 Exposing the company to new risks.

18
  Improper disclosures of keys.
 Theft of valuable key information.
 Failure to comply with law enforecement demands.
 Insider abuse
Risks of key  Compromise the secrets of indiveduals, particular corporations, or
even entire nations.
Escrow  National law enforcement agencies may abuse their key recovery
authority.
 New kind of attacks
 Theft of recovery agent’s own private keys may lead to broader array
of communications,
 Key recovery infra is a valuable targets for attackers.

19
  New costs
 Operational costs
 Product design costs
 Government oversight costs

Other Open  User costs

 High scale
Issues of Key  More than 800 encryption product.
Escrew 

Thousands of agents all over the world
About 17,000 different local, state, and federal law enforcement.
 Millions of users,
 Tens of millions (or more) public-private key pairs.

20
  Key escrow is a good solution for reducing the risk of
loosing our encrypted data because of the inability of
decrypting them.
 There is a trade off between:
 the privacy and protection the population against serious
crimes.
 Security and trusting third parties to store your keys.
Conclusion
 You (as a cloud customer) are the only responsible for
protecting the data that you have, so before going
further in any key escrow arrangement you have to
heavily check the key escrow provider.

21
  Hoyle, Mark P., and Chris J. Mitchell. "On solutions to the key
escrow problem." State of the Art in Applied Cryptography.
Springer, Berlin, Heidelberg, 1998. 277-306.
 Abelson, Hal, et al. "The risks of key recovery, key escrow,
Resources and trusted third-party encryption." (1997).
 https://www.giac.org/paper/gsec/1369/key-escrow-encryption-sav
ed-day/102566
 https://jumpcloud.com/blog/key-escrow

22
23