About
Community
Bad Ideas
Drugs
Ego
Erotica
Fringe
Society
Technology
Hack
Phreak
Broadcast Technology
Computer Technology
Cryptography
Science & Technology
Space, Astronomy, NASA
Telecommunications
The Internet: Technology of Freedom
Viruses
register | bbs | search | rss | faq | about
meet up | add to del.icio.us | digg it

NIST Clipper Chip

by Peter Wayner

Raymond Kammer NIST

Dear Mr. Kammer:

I'm filing my comments to NIST Clipper Chip. I would like the opportunity to testify at your meeting on either June 2,3 or 4th.

Thank you for taking the time to solict public comment on the chip.

-Peter Wayner

Comments on the National Institute of Standards and Technology's (NIST) Proposed Encryption Chip with Key Escrow.

Peter Wayner

Permission is granted to freely distribute this text.

Abstract: My comments are limited to the practical problems involving pure hardware solutions. I feel that such systems are unwieldy, expensive and not easily retrofitted into machines that are already in service. More importantly, the key escrow system adds an additional weakness that if compromised, could render the standard obsolete. If such a "Digital Pearl Harbor" occured, the country would be without secure channels until all of the hardware in the country could be replaced and this could easily take over 1 year.

Introduction

My comments are limited to the practical problems involved in implementing a hardware- based encryption standard for the country. I believe that specialized hardware is an unnecessarily expensive and overly complicated approach for providing solid encryption capabilities and these costs will deter people from adopting the standard. More importantly, these high costs and the general inflexibility would prevent the US from having a quick response in the event that the key escrow system became compromised.

Although it is hard to estimate the true effect that the NIST chip could have on the price of telephones and computers, it is possible to make ballpark guesses. Manufacturers like Sun Microsystems and IBM multiply the cost of a part by about 4 to determine the impact of adding that part to the final price of the machine. This would mean that a chip that cost $25 would add about $100 to purchasers cost. This rule of thumb includes the cost of adding extra inventory, reworking the assembly lines, re-engineering circuit boards, re- programming system software, training support staff, re-writing manuals and other extraneous tasks that are not directly related to the cost of the part.

Some low-end PC manufacturers are able to use lower multiples because they provide less support and assistance for the final customer. More importantly, they use very standard designs with off-the-shelf chipsets that are optimized to make cheap computers available to all. At this time, though, the chipsets are not designed to allow for an encryption "co- processor" and adding the chip could be more expensive. For this reason, I feel that that the chip could also add $100 to the price of off-the-shelf PCs-- an amount that is almost 10% for many models.

The cost of adding the chip to any of the existing computers, though, could be much more expensive. The chip would need to be mounted on an expansion board that fits into computers. The cost for this board would need to be about $100 to cover the costs of marketting, packaging and stocking the product. Some computers, however, do not have expansion slots and others have all of their expansion slots filled up already. Computer manufacturers routinely survey users to discover how many cards they use so the computers can be built with the minimum necessary slots. In time, there would be enough space for a NIST encryption chip card, but until then many users would have trouble adding the chip to their current system.

The high cost is bound to slow the adoption of the standard because the risk of data insecurity is nebulous and illformed. Will they be willing to pay extra for this security? Will American people be willing to add the chip to their home phones to protect themselves from evesdroppers listening for their credit card numbers? The problems are severe, but people often don't protect themselves until it is to late. If the cost is significant, then many people will certainly balk at the added cost and slow if not stop the development of the standard.

A Cheaper Solution

Naturally, every new feature is going to cost something. But the fact is that encryption does not need to cost this much money if it is accomplished in software. It could be almost free. A student on summer vacation can turn out a system that lives in the public domain. There is ample evidence that people are willing to do this. PGP (Pretty Good Privacy) is a system that Phil Zimmerman developed on his own and gave to the world. NIST could easily pay someone to generate a public-domain software version for general distribution if it wanted to provide the lowest cost standard for the people.

There is already ample evidence that software solutions succeed and hardware solutions do not. Several corporations including Cryptech and AMD have manufactured fast DES chips for years. Yet, the chips are rarely found in many applications. Public domain implementations of DES accomplish much of the DES encryption which is done in this country.

I think that most people would agree that a secure standard for data encryption is necessary to the country's economic health. For this reason, I believe that a free software implementation is the best way to achieve this goal. Cost will not prevent people from adopting the software.

The Telephone Problem

Perhaps the best example of the cost of converting a $25 chip into a markettable product is the AT&T secure phone announced on the same day as the NIST chip. It was priced at over $1000. Certainly, some of this cost covers the extra electronics to process the voice, but the need to mark up products to pay for the work is still evident. The price on these phones is sure to drop as the market grows more mature, but it should be obvious that the market won't grow substantially until the price drops more. The Government may be able to afford these rates, but even the average corporation cannot.

The cost of adding secure encryption to handheld market is more difficult to estimate. Here size, weight and power consumption are just as important as price and an extra chip adds to each of these problems. Cellular companies currently aim to manufacturer devices at a price point of $100/unit in wholesale costs. The NIST chip would mark up the price by at least 25%, drop the battery life, increase the weight and add to pocket bulge. These are not positive effects on a product.Yet, digital cellular phones and digital cordless phones are perhaps the most important market for a secure encryption device because the signals travel over the airwaves.

As before, all of the work of the Clipper chip could be accomplished in software. Many of the current digital cellular phones use highly-integrated Digital Signal Processing computers that both control the phone and handle the signalling chores. Adding encryption to a phone can be done by merely instructing the programmer to add an additional function. The cost per unit is minimal and the extra feature does not affect the power consumption. There is no doubt that most people would rather have a software solution.

"Digital Pearl Harbors"

The Key Escrow system allows the law enforcement agencies to access the content of a signal when they are duly authorized. The NIST plan requires that the key be split up and held by two separate agencies. This is both a concession to those who fear abuse and a good safety procedure. But we must remember Ben Franklin's admonishment that "three can keep a secret if two are dead."

Does NIST have plans for replacing the chips throughout the country if the key escrow services are compromised? Although I realize that serious precautions will be taken to protect the keys, I hope that NIST realizes their value. The Russians were able to obtain the secrets of the atomic bomb and the hydrogen bomb for very little money. There have been several high-profile spy cases involving cryptographic information. The intelligence community recognizes the need to keep information compartmentalized and to frequently change codes and ciphers but there are still breaches of security. This system, however, is barely compartmentalized.

Criminals are becoming increasingly adept with technology. One group placed a fake Automated Teller Machine in a Mall and used it to steal account information which they later used to make fake withdrawls. Many crimes like this will be possible in the future and I have little doubt that the escrowed keys will have much more value than the atomic secrets.

The cost of replacing all of the NIST chips around the country would be prohibitive. What would happen if the FBI discovered that two people in the different escrow agencies succumbed to bribery? Would NIST announce a recall of all encryption chips? What would they use to replace the chips? It could take 6 months to design and fabricate a new chip in sufficient quantities. There are at least 250 million phones around the country and 50 million computers. Even if each computer and phone had a zero insertion force sockets that made exchanging the chips easy, the cost to the country would be over $7 billion dollars at $25 a chip.

A software solution, on the other hand, could be changed very quickly in the event of a compromise. Many companies that manufacture virus software include provisions for delivering updates whenever a new virus is discovered. The solution often travels substantially faster than the virus itself because people are able to download the anti-virus from bulletin boards.

The military and the intelligence community routinely change their cipher systems because they know that mistakes can be made and leaks can emerge in even the best system. The economic health of the country is resting, in some part, on the success of large, broadly implemented encryption systems. Many foreign companies pay princely sums for American technology. They routinely pay sums that are 10 times larger than the largest offered by the old Soviet Union. Can we be certain that two escrow agencies are going to be any more secure than the atomic scientists or the intelligence community?

Conclusions

The NIST system is too expensive and too unwieldly for general use. NIST would be better advised to develop a standard implemented in software that could be made available to all at no cost. It could be essentially free and much less prone to dangerous interruptions of services in case the system was compromised.

 
To the best of our knowledge, the text on this page may be freely reproduced and distributed.
If you have any questions about this, please check out our Copyright Policy.
 

totse.com certificate signatures
 
 
About | Advertise | Bad Ideas | Community | Contact Us | Copyright Policy | Drugs | Ego | Erotica
FAQ | Fringe | Link to totse.com | Search | Society | Submissions | Technology
Hot Topics
What do you call the main box of the computer?
Comp keeps freezing after bootup :(
Essential Programs Thread
Your tech related job
32-bit OS on 64-bit computer
Split Hard Drive???
computer crashed
Intel's Q6600
 
Sponsored Links
 
Ads presented by the
AdBrite Ad Network

 

TSHIRT HELL T-SHIRTS