Key Management in an Encrypting File System
Matt Blaze
AT&T Bell Laboratories
Abstract
As distributed computing systems grow in size, complexity and variety
of application, the problem of protecting sensitive data from
unauthorized disclosure and tampering becomes increasingly important.
Cryptographic techniques can play an important role in protecting
communication links and file data, since access to data can be limited
to those who hold the proper key. In the case of file data, however,
the routine use of encryption facilities often places the
organizational requirements of information security in opposition to
those of information management. Since strong encryption implies that
only the holders of the cryptographic key have access to the cleartext
data, an organization may be denied the use of its own critical
business records if the key used to encrypt these records becomes
unavailable (e.g., through the accidental death of the key holder).
This paper describes a system, based on cryptographic "smartcards,"
for the temporary "escrow" of file encryption keys for critical files
in a cryptographic file system. Unlike conventional escrow schemes,
this system is bilaterally auditable, in that the holder of an
escrowed key can verify that, in fact, he or she holds the key to a
particular directory and the owner of the key can verify, when the
escrow period is ended, that the escrow agent has neither used the key
nor can use it in the future. We describe a new algorithm, based on
the DES cipher, for the on-line encryption of file data in a secure
and efficient manner that is suitable for use in a smartcard.
Download the full text of this paper in
ASCII (36,767 bytes) and
POSTSCRIPT (108,300 bytes) form.
To Become a USENIX Member, please see our
Membership Information.