Security Technologies for the World Wide Web
Authors: Oppliger R.
Published year: 2003
Many cryptographic systems use sequences of random (or pseudorandomly generated) bits. For example, if an e-mail message is digitally enveloped, an encryption key ”sometimes also called session key ”must be randomly selected by the sender of the message. This key is used to encrypt and digitally envelope the message. Also, random or pseudorandom numbers are required to initially generate public key pairs.
Randomness is a statistical property of a sequence of values. In the case of bit values, the requirement is for an adversary to be unable to predict the next bit in a sequence even when all previously generated bits are known. The problem is that if it is possible to predict some of the sequence of bits used, it may be possible to reduce the size of the domain from which the key being generated is selected. If the domain is significantly reduced, an exhaustive key search may become feasible .
Locating a source of unpredictable bits presents a unique challenge on most computer systems (because a hardware source of unpredictable bits is usually not available). Consequently, a whole branch of cryptographic research is dedicated to the problem of how to generate pseudorandom bit sequences using only software. In fact, there are various approaches to address this problem. For example, one software-based approach is to use a cryptographically strong OWHF to hash a large amount of information with limited unpredictability available. Such information can, for example, be derived from the current status of the computer system (using corresponding system commands) or the mouse movements and position of keyboard strokes. Because a OWHF generates a fixed size quantity, the process is iterated as many times as are necessary to get the required number of bits.
In 1994, an informational RFC was published that addresses the problem of how to randomly or pseudorandomly generate bit sequences . It recommends the use of hardware and shows that the existing hardware on many systems can be used for this purpose. Also, it provides suggestions for ameliorating the problem when a hardware solution is not available.
There are some legal issues to keep in mind when using cryptographic techniques. In particular, there are patent claims; regulations for the import, export, and use of cryptography; and legislation for electronic and digital signatures. Some legal issues are briefly mentioned next . You may refer to [34, 35] for more information about the legal implications of using cryptography.
Patents applied to computer programs are usually called software patents . In the U.S. computer industry, software patents are a subject of ongoing controversy. Some of the earliest and most important software patents granted by the U.S. Patent and Trademark Office were in the field of cryptography. These software patents go back to the late 1960s and early 1970s. Although computer algorithms were widely thought to be unpatentable at that time, cryptography patents were granted because they were written as patents on encryption devices built in hardware. Indeed, most early encryption devices were built in hardware because general-purpose computers simply could not execute the encryption algorithms fast enough in software. For example, IBM obtained several patents in the early 1970s on its Lucifer algorithm, which went on to become the DES. Today, many secret key cryptosystems also are covered by patent claims. For example, DES is patented but royalty-free, whereas IDEA is patented and royalty-free for noncommercial use, but requires a license for commercial use. Later in the 1970s, many pioneers in the field of public key cryptography filed and obtained patents for their work. Consequently, the field of public key cryptography is largely governed by a couple of software patents. Some of them have already expired (e.g., the Diffie-Hellman and RSA patents) or are about to expire soon.
Outside the United States, the patent situation is quite different. For example, patent law in Europe and Japan differs from U.S. patent law in one very important aspect. In the United States, an inventor has a grace period of one year between the first public disclosure of an invention and the last day on which a patent application can be filed. In Europe and Japan, there is no grace period. Any public disclosure instantly forfeits all patent rights. Because the inventions contained in the original patents related to public key cryptography were publicly disclosed before patent applications were filed, these algorithms were never patentable in Europe and Japan. 
Under U.S. patent law, patent infringement is not a criminal offense, and the penalties and damages are the jurisdiction of the civil courts. It is the responsibility of the user of a particular cryptographic algorithm or technique to make sure that correct licenses have been obtained from the corresponding patent holders. If these licenses do not exist, the patent holders can sue the user in court . Therefore, most products that make use of cryptographic algorithms or techniques include the licenses required to use them.
Finally, it is important to note that the IETF has a special requirement with regard to the use of patented technology in Internet standards track protocols. In fact, before approving a protocol specification for the Internet standards track, a written statement from a patent holder is required stating that a license will be made available to applicants under reasonable terms and conditions.
There are different regulations for the use and export of cryptographic techniques.  For example, France had some regulations for the use of cryptographic techniques and some countries from the Far East still have them as well. On the other side, there are some countries that require that specific data be encrypted to certain standards. This is particularly true for medical data.
With regard to the export of cryptographic techniques, the situation is even more complicated. For example, the United States regulates the export of cryptographic systems and technical data regarding them. More specifically , U.S. export controls on commercial encryption products are administered by the Bureau of Export Administration (BXA) in the Department of Commerce (DoC). Regulations governing exports of encryption are found in the Export Administration Regulations (EAR). Consequently, if a U.S. company wants to sell cryptographic systems and technical data overseas, it must have export approval by the BXA according to the EAR.
On January 14, 2000, the BXA published a regulation implementing the White House s announcement of a new framework for U.S. export controls on encryption items (the announcement was made on September 16, 1999). The policy is in response to the changing global market, advances in technology, and the need to give U.S. industry better access to these markets, while continuing to provide essential protections for national security.  The regulation enlarges the use of license exceptions, implements the changes agreed to at the Wassenaar Arrangement  on export controls for conventional arms and dual-use goods and technologies in December 1998, and eliminates the deemed export rule for encryption technology. In addition, new license exception provisions are created for certain types of encryption, such as source code and toolkits. There are some countries exempted from the regulation (i.e., Cuba, Iran, Iraq, Libya, North Korea, Sudan, and Syria). In these countries, some or all technologies and products mentioned in this book will not be available. In all other countries, most technologies and products mentioned in this book will be available.
In the recent past, many countries have enacted electronic or digital signature laws in an effort to facilitate electronic commerce (e-commerce) and e-commerce applications:
In the European Union (EU), the European Parliament and the Council of the European Union adopted Directive 1999/93/EC on a community framework for electronic signatures  on December 13, 1999. The purpose of the directive was (and still is) to facilitate the use of electronic signatures and to contribute to their legal recognition in Europe. According to the directive, EU ˜ ˜member states shall bring into force the laws, regulations and administrative provisions necessary to comply with this Directive before 19 July 2001. As of this writing, several EU member states already have an electronic signature law or are about to draft and enact one.
In the United States, former president Bill Clinton signed the Electronic Signatures in Global and National Commerce Act ( ESIGN) on June 30, 2000. The E-SIGN Act implements a national uniform standard for all electronic transactions that encourages the use of electronic signatures, electronic contracts, and electronic records by providing legal certainty for these instruments when signatories comply with its standards. The E-SIGN Act became effective on October 1, 2000.
In addition, many countries outside the EU and the United States have enacted electronic or digital signature laws or are about to work out the legal details thereof (e.g., some countries in Asia).
Unfortunately, the formal specification of requirements for both certification service providers and cryptographic devices that can be used to securely store private keys and generate digital signatures (e.g., smart cards or USB tokens) is very difficult and challenging. For example, how do you measure and quantify the security and trustworthiness of a commercial certification service provider? What criteria are relevant? How do you take into account organizational criteria? Similarly, how do you measure and quantify the security of a cryptographic device that is used to store private keys and/or digitally sign documents? Does the device, for example, really sign what the user sees on the screen (i.e., ˜ ˜what you sign is what you see ) or can it be spoofed with wrong input data? Keep in mind that the cryptographic device runs in a potentially hostile environment and that any kind of spoofing attack is possible there.
The requirements for certification service providers and cryptographic devices tend to be either too strong or too weak:
If the requirements are too strong, their implementation may become too expensive and prohibitive in practice. This is basically what happened in Germany when the first version of a signature law was put in place a couple of years ago.
If the requirements are too weak, their implementation ”or the security thereof ”may be challenged in court. Consequently, the legal value of the resulting electronic or digital signatures may not be very high. Against this background, it will be very interesting to see the E-SIGN Act be applied in practice.
Against this background, it will be interesting to see the requirements of future electronic and digital signature legislations. In either case, there is still a long way to go until we use electronic or digital signatures the same way we use handwritten signatures in daily life. In the meantime, however, digital signatures may serve as evidence gathering tools.
 The notation used is introduced in Section 4.9.
 As a consequence of the lack of patent claims, public key cryptography has been more widely adapted in European countries and in Japan.
 There are typically no regulations for the import of cryptographic techniques.
 The Wassenaar Arrangement is a treaty originally negotiated in July 1996 and signed by 31 countries to restrict the export of dual-use goods and technologies to specific countries considered to be dangerous. The countries that have signed the Wassenaar Arrangement include the former Coordinating Committee for Multilateral Export Controls (COCOM) member and cooperating countries, as well as some new countries such as Russia. The COCOM was an international munitions control organization that also restricted the export of cryptography as a dual-use technology. It was formally dissolved in March 1994. More recently, the Wassenaar Arrangement was updated. The participating countries of the Wassenaar Arrangement are Argentina, Australia, Austria, Belgium, Bulgaria, Canada, Czech Republic, Denmark, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Japan, Luxembourg, The Netherlands, New Zealand, Norway, Poland, Portugal, The Republic of Korea, Romania, Russian Federation, Slovak Republic, Spain, Sweden, Switzerland, Turkey, Ukraine, United Kingdom, and the United States. Further information on the Wassenaar Arrangement can be found on the Web by following the URL http://www.wassenaar.org .
Security Technologies for the World Wide Web
Authors: Oppliger R.
Published year: 2003