Multiple Escrow Agents in VoIP

Abstract: Using a Key escrow agent in conjunction with Voice over IP (VoIP) communication ensures that law enforcements agencies (LEAs) can retrieve the session key used to encrypt data between two users in a VoIP session. However, the use of a single escrow agent has some drawbacks. A fraudulent request by an evil employee from the LEA can lead to improper disclosure of a session key. After the escrow agent reveals the key this evil person could fabricate data according to his/her needs and encrypt it again (using the correct session key). In this situation the persons involved in the communication session can be accused of crimes that he or she or they never committed. The problems with a single escrow agent becomes even more critical as a failure of the escrow agent can delay or even make it impossible to reveal the session key, thus the escrow agent might not be able to comply with a lawful court order or comply with their escrow agreement in the case of data being released according to this agreement (for example for disaster recovery). This thesis project focused on improving the accessibility and reliability of escrow agents, while providing good security. One such method is based on dividing the session key into M chunks and escrowing the chunks with M escrow agents. Using threshold cryptography the key can be regenerated by gathering any N-out-of-M chunks. The value of M and N may differ according to the role of the user. For a highly sophisticated session, the user might define a higher value for M and N for improved, availability, reliability, and security. For a less confidential or less important session (call), the value of M and N might be smaller. The thesis examines the increased availability and increased reliability made possible by using multiple escrow agents.