Security Testing and Evaluation Labs
Security Evaluation Laboratory (SEL)
NSA: Key Recovery for End Systems PP
| Sponsor: | National Security Agency |
| Assurance Level: | EAL1+ |
| Status: | Completed |
This PP is one in a series of protection profiles describing Key Recovery System (KRS) components. KRSs provide a means to recover the key used for confidentiality within an encrypted association and/or the confidentiality-protected data that has become unobtainable. KRS components include End System component(s), End System component(s) with requestor functionality, Requestor component(s), and Key Recovery Agent (KRA) component(s). Other component(s) such as the Licensing Agent, the PKI source, and the Registration Agent are considered to interact with the KRS, but are not a part of the system.
The Target of Evaluation (TOE) is the software application used by the KRS End System component and the End System component that optionally implements Requestor functionality. End Systems are parties or clients who generate confidentiality-protected data and wish to have their data made recoverable through key recovery techniques. End Systems with requestor functionality are end entities that interact with one or more KRA(s) to recover the key needed to decrypt confidentiality-protected data generated by End Systems or to recover the actual data. The two primary techniques are:
Key Encapsulation – Technique where key(s), key part(s) or related information is encrypted specifically for the KRA and is associated with the encrypted data.This PP is applicable to both key recovery techniques.Key Escrow – Technique where the secret or private key(s), key parts, or key related information to be recovered is held by one or more KRAs.
End Systems are the parties or clients who generate confidentiality-protected data and wish to have their data made recoverable through key recovery techniques should this data become unobtainable. There are two possible TOE configurations. One configuration consists of a software application that implements End System key recovery functionality. The other configuration consists of a software application implementing end system key recovery functionality integrated with End System Requestor functionality. Requestors are those entities which interact with one, or more KRAs to recover the key needed to decrypt confidentiality-protected data generated by End Systems and/or to recover the actual data. End System Requestors may only recover their personal data. Personal data includes both data originated from and received by the end system.
Both TOE configurations are limited to the software which implements End System and optionally, End System Requestor functionality and does not include any underlying cryptomodules, operating systems or hardware.
The TOE configuration is based, in part, upon requirements and criteria from three documents: the Technical Advisory Committee (TAC) report titled Requirements for Key Recovery Products, the requirements detailed in the Information Assurance Technical Framework (IATF) Release 2.0 dated August 1999, and the criteria defined in the Key Recovery Evaluation Criteria (KREC) dated October 2, 1998. This PP describes a minimum set of Information Technology (IT) security requirements that should be implemented by an End System to provide maximum security within a KRS.