Implementation Evaluation Criteria for the Key Recovery Demonstration Project

Formerly known as the Emergency Access Demonstration Project

1. Objective

The objective of the Key Recovery Demonstration Project is to demonstrate the feasibility of emergency access to encrypted information in order to meet federal requirements for continuity of business, public safety, and national security interests. The demonstration project will examine various techniques for emergency access using varied technical approaches to encourage creativity in developing these capabilities. The demonstration project will not access digital signatures and, consequently, will encourage capabilities that use separate keys for digital signature and confidentiality. The choice of terms used in this list of criteria is intended to allow for this variety. The purpose of this evaluation criteria is to provide a disciplined approach to identifying and addressing the functional and security concerns related to the federal government's needs for emergency access to encrypted data. The criteria will serve as the basis for testing emergency access systems of pilot applications. The demonstration project members will enhance these criteria to meet the needs of each pilot application. However, the criteria presented below will serve as the minimum core criteria. Rationale for the enhancement of the criteria will be part of the business and cost/benefit analyses conducted for each pilot.

2. Glossary

A. Authorized requester(s) is that individual or entity permitted to obtain a key and/or key component under conditions specified pursuant to proper, lawful authorization.

B. Data is specific individual facts or a list of such items; facts from which conclusions can be drawn; any or all facts, numbers, letters, symbols, etc. that can be processed or produced by a computer.

C. Emergency access - acquisition of the plaintext information associated with ciphertext for which the decrypting key is not readily available.

D. Emergency access system (EAS) - includes the policies, procedures, and all emergency access components required to recover encrypted data.

E. Key - a parameter that determines the transformation from plaintext to ciphertext and/or vice versa.

F. Key component - one of at least two parameters having the format of a key that is combined with one or more like parameters to form a key

G. Key encryption key - a key used exclusively to encrypt and decrypt keys.

H. Key Recovery Agent - company, individual and/or entity that runs an Emergency Access System.

I. Key Recovery Center - location from which keys are obtained, for the purpose of emergency access.

J. Owner of the data - to be determined for each pilot.

K. Session, as in session data, is a logical connection between two terminals; part of a message transmission when two parties are exchanging messages; that which takes place after a communications circuit has been set up and is functioning, and which ends when the circuit has been terminated.

3. Evaluation criteria for an emergency access system (EAS).

A. An EAS shall implement policies, procedures, and mechanisms to ensure the confidentiality, integrity, and availability of the EAS and the information it processes, stores, audits and transmits.

B. The EAS shall implement procedures to recover from compromise of the confidentiality, integrity or availability of the EAS, subsystems, and keys and/or key components.

C. It should not be possible for an unauthorized person or process to alter, disable, bypass or corrupt an EAS, its subsystems or its components.

D. An EAS shall be designed and operated so that a failure by a single person, procedure, or mechanism does not compromise the confidentiality, integrity or availability of keys and/or key components or the EAS itself.

E. Unencrypted keys and/or key components shall be protected against modification, deletion and unauthorized disclosure while in storage, transmission or transfer.

F. The EAS shall ensure that each key recovery center (KRC) is uniquely identified. Encrypted data shall be bound to (associated with) the unique identity of the KRC and other information which is sufficient for the emergency access system to recover the encrypted data. This information shall be in an accessible format and occur with reasonable frequency to provide emergency access.

G. An EAS shall ensure emergency access to encrypted data without inducing errors, and without intruding upon or disrupting data system and/or storage service.

H. An EAS shall maintain data relating to emergency access events in sufficient detail for auditing by authorized officials or their representatives.

I. An EAS shall ensure that only the requested key and/or key component(s) shall be provided.

J. An EAS shall ensure that the decrypted data, and the key and/or key component(s) are obtainable in a timeframe reasonable to support federal government business operations.

K. An EAS shall enforce the start and end of a time interval for authorized access to stored data, session data, and/or multiple sessions of data.

L. In response to a proper, lawful authorization, an EAS shall be capable of providing more than one key and/or key component at once or over the authorized time interval, if appropriate.

M. An EAS shall be capable of providing the key and/or key component needed to decrypt the data regardless of whether the sender's or receiver's cryptographic product generated or received the ciphertext.

N. The EAS shall ensure that key and/or key components are provided only after authenticating the identity and authority of the requester, and in response to established mechanisms and/or procedures pursuant to proper, lawful authorization.

O. The EAS shall disclose keys and/or key components only to authorized requester(s).

P. The EAS shall ensure access to keys and/or key components for the life of the encrypted data. In addition, in the event an EAS subsystem or component dissolves or otherwise terminates emergency access operations, the emergency access capability shall be transferred to another EAS that meets the federal client's performance and security requirements.

Q. The EAS shall protect against disclosure of information to unauthorized entities regarding the identity of the person and/or organization whose key and/or key component(s) is requested, the fact that a key and/or key component was requested or provided, and the identity of the requester.

R. The Key Recovery Agent shall be a federal department or agency, or a U.S. registered company(ies), or through a U.S. treaty relationship.

S. The EAS' operating procedures shall designate an individual(s) responsible as security and operations officer(s); all EAS' shall designate individual(s) responsible for the security and the operations of their subsystems.

T. Non-Government entities performing EAS functions shall possess suitable evidence of corporate viability, e.g., a Certificate of Good Standing for the State of Incorporation, appropriate business registration documents, a credit report, errors and omission insurance coverage.

U. The entities performing EAS functions shall certify compliance with all applicable federal, state, and local laws and regulations.

V. The EAS serving the U.S. Government business shall interoperate only with EAS' that meet these criteria.