Digital Trust: Digital Trust: Goals and ObstaclesGoals and Obstacles

Rafal LukawieckiRafal Lukawiecki

Strategic Consultant, Project Botticelli LtdStrategic Consultant, Project Botticelli Ltd

rafal@projectbotticelli.co.ukrafal@projectbotticelli.co.uk

www.projectbotticelli.co.ukwww.projectbotticelli.co.uk

Copyright 2005 © Microsoft Corp & Project Botticelli Ltd. E&OE. For informational purposes only. No warranties of any kind are made and you have to verify all Copyright 2005 © Microsoft Corp & Project Botticelli Ltd. E&OE. For informational purposes only. No warranties of any kind are made and you have to verify all information before relying on it. You can re-use this presentation as long as you read, agree, and follow the guidelines described in the “Comments” field in information before relying on it. You can re-use this presentation as long as you read, agree, and follow the guidelines described in the “Comments” field in File/Properties.File/Properties.

22

ObjectivesObjectives

Introduce the conceptsIntroduce the concepts

Discuss the difficulties and major issuesDiscuss the difficulties and major issues

Overview available technologyOverview available technology

Explain why governments and larger public Explain why governments and larger public organisations play a special role in this fieldorganisations play a special role in this field

33

Session AgendaSession Agenda

Digital Trust ConceptsDigital Trust Concepts

PrerequisitesPrerequisites

Issues with PKIIssues with PKI

Trusted Time StampsTrusted Time Stamps

Privacy and DRMPrivacy and DRM

ConclusionsConclusions

44

Digital Trust ConceptsDigital Trust Concepts

55

Defense in DepthDefense in Depth

Policies, Procedures, & Awareness

Policies, Procedures, & Awareness

Physical SecurityPhysical Security

PerimeterPerimeter

Internal NetworkInternal Network

HostHost

ApplicationApplication

DataData

66

Why?Why?

Unlike in the paper-based world, concluding Unlike in the paper-based world, concluding transactions on-line cannot rely on handwritten transactions on-line cannot rely on handwritten signatures and human instincts of trustsignatures and human instincts of trust

Traditional signatures are easy to repudiateTraditional signatures are easy to repudiate

It’s difficult to judge trustworthiness by looking at a It’s difficult to judge trustworthiness by looking at a web siteweb site

Privacy need is often ignoredPrivacy need is often ignored

Authentication is nearly impossibleAuthentication is nearly impossible

77

What is Digital Trust?What is Digital Trust?

InformallyInformally: characteristic of a computerised : characteristic of a computerised environment that has benefits of trust equivalent environment that has benefits of trust equivalent to that of paper-based worldto that of paper-based world

BrutallyBrutally: “In paper we trust, computers we don’t”: “In paper we trust, computers we don’t”

FormallyFormally: too early to define: too early to define

88

Impact of (the Lack of) Digital TrustImpact of (the Lack of) Digital Trust

Today, in practice, we still cannot:Today, in practice, we still cannot:

Make legal dependence on email or other digital Make legal dependence on email or other digital documentsdocuments

Have a reliable and auditable electronic voting Have a reliable and auditable electronic voting systemsystem

Trust online presence of unknown companiesTrust online presence of unknown companies

Negotiate contracts onlineNegotiate contracts online

Properly protect against malware and virusesProperly protect against malware and viruses

99

Example: “Failure” of PKIExample: “Failure” of PKI

Although many organisations have built PKI they Although many organisations have built PKI they still fail to be using digital signatures on more still fail to be using digital signatures on more than experimental basisthan experimental basis

Economically, security and lack of trust is Economically, security and lack of trust is costing a lot, so, costing a lot, so, has PKI failedhas PKI failed??

No. PKI is fine, but not enough. We need to No. PKI is fine, but not enough. We need to build a foundation of digital trust.build a foundation of digital trust.

1010

Building Digital TrustBuilding Digital Trust

Digital trust requires a combination of:Digital trust requires a combination of:

Identity authentication by multiple meansIdentity authentication by multiple means

Privacy protectionPrivacy protection

Federated trust between organisationsFederated trust between organisations

Digital signaturesDigital signatures

In addition to technology, we require In addition to technology, we require governmental, judicial and police supportgovernmental, judicial and police support

1111

PrerequisitesPrerequisites

1212

Legal RequirementsLegal Requirements

The basic legislative support includes needs for:The basic legislative support includes needs for:

Legal recognition of digital signaturesLegal recognition of digital signatures

Protection of data privacyProtection of data privacy

Framework for recognition of digital notary services Framework for recognition of digital notary services (e-notaries)(e-notaries)

Framework for “mixed-trust” situation where paper Framework for “mixed-trust” situation where paper and digital trust are intermixedand digital trust are intermixed

Existence of one or more accepted identity means Existence of one or more accepted identity means (IDs)(IDs)

1313

Today’s ProblemToday’s Problem

Even if you have legally recognised digital Even if you have legally recognised digital signatures (all EU countries do) the following are signatures (all EU countries do) the following are still a problem:still a problem:

Someone creates a digitally signed document, which is Someone creates a digitally signed document, which is then passed through a chain to someone who only uses then passed through a chain to someone who only uses paper-based signaturespaper-based signatures

Not everyone can (or wants to) provide digital Not everyone can (or wants to) provide digital signaturessignatures

Some transactions involve a mixture of paper and Some transactions involve a mixture of paper and digital signaturesdigital signatures

Solution? E-Notary Services (see later)Solution? E-Notary Services (see later)

1414

Crossing ContextsCrossing Contexts

““Digital” Trust really must be trust across digital and Digital” Trust really must be trust across digital and traditional environstraditional environs

Perhaps we should call it “Universal Trust”?Perhaps we should call it “Universal Trust”?

Your software verifies a digital signatureYour software verifies a digital signature

You trust it – good!You trust it – good!

You print the report – nice!You print the report – nice!

You give the report to someone. Should it be trusted?You give the report to someone. Should it be trusted?

NO!NO!

Unless you stamp it, sign it and, perhaps have a witness and a Unless you stamp it, sign it and, perhaps have a witness and a notarynotary

1515

Technical RequirementsTechnical Requirements

At overall organisational (or governmental) level, At overall organisational (or governmental) level, the following should be created or officially the following should be created or officially recognised:recognised:

Public Key Infrastructure (PKI)Public Key Infrastructure (PKI)

Identity credentials format and managementIdentity credentials format and management

Trusted time-stamping service for digital signaturesTrusted time-stamping service for digital signatures

This can be delegated to an e-notary service providerThis can be delegated to an e-notary service provider

1616

Issues with PKI & Issues with PKI & IdentityIdentity

1717

PKIPKI

Your PKI should be technically integrated into Your PKI should be technically integrated into the widely used internet browsers (Internet the widely used internet browsers (Internet Explorer etc.)Explorer etc.)

Otherwise, security can (and has been) exploited Otherwise, security can (and has been) exploited leading to loss of trust by the publicleading to loss of trust by the public

This is a difficult processThis is a difficult process

World-wide inclusion (€€€)World-wide inclusion (€€€)

Subordinate of know CA (politics)Subordinate of know CA (politics)

Own CA (distribution problem)Own CA (distribution problem)

1818

Internal PKIInternal PKI

If you are only concerned with the trust within If you are only concerned with the trust within your organisation, the task of building PKI is your organisation, the task of building PKI is easyeasy

Even easier if you integrate PKI with Active Even easier if you integrate PKI with Active DirectoryDirectory

Auto-enrolment for initial provisioningAuto-enrolment for initial provisioning

Certificate Services for ongoing managementCertificate Services for ongoing management

Especially easy using Windows Server 2003Especially easy using Windows Server 2003

1919

PKI with PartnersPKI with Partners

Sharing recognition of your PKI with selected Sharing recognition of your PKI with selected other organisations is easyother organisations is easy

Mutually cross-sign your root or OU certificates, or,Mutually cross-sign your root or OU certificates, or,

Install on all clients your partners’ root certificatesInstall on all clients your partners’ root certificates

Recognising your PKI outside of those groups is Recognising your PKI outside of those groups is far more difficultfar more difficult

2020

Identity Credentials FormatIdentity Credentials Format

It is a pre-defined textual, X.500 and binary representation It is a pre-defined textual, X.500 and binary representation of identity dataof identity data

Name, date of birth etc.Name, date of birth etc.

It should be consistently used:It should be consistently used:

Across governmental and organisational PKIAcross governmental and organisational PKI

Inside electronic IDs based on smartcardsInside electronic IDs based on smartcards

Optionally, subject to any privacy debates, it may contain Optionally, subject to any privacy debates, it may contain a unique ID of the entity (employee, citizen, company etc.)a unique ID of the entity (employee, citizen, company etc.)

This is not necessary for digital trust, but it allows for tighter This is not necessary for digital trust, but it allows for tighter verification across governmental departmentsverification across governmental departments

Inevitably, it can lead to erosion of privacyInevitably, it can lead to erosion of privacy

2121

Trusted Time StampsTrusted Time Stamps

2222

The Time ProblemThe Time Problem

Scenario:Scenario:

Document is signed on 1 Jan 2005Document is signed on 1 Jan 2005

Signatory loses the signing key on 1 Feb 2006Signatory loses the signing key on 1 Feb 2006

Is the signature valid or invalid?Is the signature valid or invalid?

Additional problem:Additional problem:

Anyone can “wind back” the clock on their computerAnyone can “wind back” the clock on their computer

Solution?Solution?

2323

Trusted Time-Stamping ServiceTrusted Time-Stamping Service

As certificates are revoked due to their loss, or As certificates are revoked due to their loss, or eventually expire, digital signatures cannot be eventually expire, digital signatures cannot be allowed to suddenly become invalidallowed to suddenly become invalid

A Trusted Time-Stamping Service can provide a A Trusted Time-Stamping Service can provide a “digital signature” containing date and time“digital signature” containing date and time

Certifying that a certain a document has been Certifying that a certain a document has been signed while the signatory’s certificate was validsigned while the signatory’s certificate was valid

Otherwise, it is easy to repudiate signatures in the Otherwise, it is easy to repudiate signatures in the future, cancelling validity of contracts etc.future, cancelling validity of contracts etc.

2424

XAdESXAdES

XML Advanced Electronic SignaturesXML Advanced Electronic Signatures

W3C SpecificationW3C Specification

Implements directive 1999/93/EC of the European Parliament Implements directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community and of the Council of 13 December 1999 on a Community framework for electronic signatures" [EU-DIR-ESIG]framework for electronic signatures" [EU-DIR-ESIG]

Microsoft’s BizTalk Server implements thisMicrosoft’s BizTalk Server implements this

Implements Time Stamp Authority conceptImplements Time Stamp Authority concept

Provides for really usable signaturesProvides for really usable signatures

Adopt it:Adopt it:

LegallyLegally

As servicesAs services

2525

XAdES – Signature TypesXAdES – Signature Types

XAdES formalises 6 types of signatures and specifies roles XAdES formalises 6 types of signatures and specifies roles and their responsibilitiesand their responsibilities

It builds on XMLDSIG in following ways:It builds on XMLDSIG in following ways:

XML Advanced Electronic SignatureXML Advanced Electronic Signature

XML Advanced Electronic Signature with Time-StampXML Advanced Electronic Signature with Time-Stamp

XML Advanced Electronic Signature with complete validation dataXML Advanced Electronic Signature with complete validation data

XML Advanced Electronic Signature with eXtended validation data XML Advanced Electronic Signature with eXtended validation data

XML Advanced Electronic Signature with eXtended validation data XML Advanced Electronic Signature with eXtended validation data incorporated for the long term incorporated for the long term

XML Advanced Electronic Signature with archiving validation dataXML Advanced Electronic Signature with archiving validation data

www.w3.org/TR/XAdES/www.w3.org/TR/XAdES/

2626

E-Notary ServicesE-Notary Services

Solution for earlier problem of “Crossing Trust Solution for earlier problem of “Crossing Trust Boundaries” Boundaries”

Electronic notary services allow co-existence of Electronic notary services allow co-existence of paper-based and digital trustpaper-based and digital trust

Additionally:Additionally:

Provide trusted time-stampsProvide trusted time-stamps

Issue and revoke certificatesIssue and revoke certificates

Assist in distribution of electronic IDsAssist in distribution of electronic IDs

2727

Word About ArchivingWord About Archiving

Archiving paper-based documents digitally is Archiving paper-based documents digitally is importantimportant

Need for trusted 3Need for trusted 3rdrd party access and party access and management of stored documents to cross management of stored documents to cross digital/paper borderdigital/paper border

E-Notaries can be archivistsE-Notaries can be archivists

2828

Privacy and DRM (Digital Privacy and DRM (Digital Rights Management)Rights Management)

2929

Privacy and TrustPrivacy and Trust

Relationship between trust and privacy is age-Relationship between trust and privacy is age-oldold

Unfortunately, in the digital world privacy is Unfortunately, in the digital world privacy is being eroded and rarely is it well protectedbeing eroded and rarely is it well protected

This may be a limiting factor in adoption of a wider, This may be a limiting factor in adoption of a wider, publicly oriented digital trust systempublicly oriented digital trust system

3030

More About PrivacyMore About Privacy

Widespread support for encryption will stimulate Widespread support for encryption will stimulate more confidentiality in the digital worldmore confidentiality in the digital world

Today, it is as if everyone was sending postcards Today, it is as if everyone was sending postcards without envelopeswithout envelopes

P3P (Privacy Protection Protocol) provides P3P (Privacy Protection Protocol) provides some limited technology todaysome limited technology today

WS-Privacy etc. will provide moreWS-Privacy etc. will provide more

Still insufficient!Still insufficient!

3131

Possible Privacy SolutionPossible Privacy Solution

Legislation needed that makes it illegal to store (and maybe process) Legislation needed that makes it illegal to store (and maybe process) data records that do not have a digital signature of the citizen they data records that do not have a digital signature of the citizen they relate torelate to

Each privacy-enabled record contains:Each privacy-enabled record contains:

Expiration dateExpiration date

Allowed/prohibited uses of dataAllowed/prohibited uses of data

Ex.: “Not for marketing email”, “Do not pass to 3rd parties”, “For credit Ex.: “Not for marketing email”, “Do not pass to 3rd parties”, “For credit reference only”, etc.reference only”, etc.

Digital signature of the original data “issuer”Digital signature of the original data “issuer”

If there is an alleged breach, the injured party requires the record to be If there is an alleged breach, the injured party requires the record to be handed over by the alleged abuserhanded over by the alleged abuser

Digital signature must be present – if not, prosecute the abuserDigital signature must be present – if not, prosecute the abuser

Purposes marked in the record must be observed – if not, prosecute the Purposes marked in the record must be observed – if not, prosecute the abuserabuser

3232

Relationship with DRMRelationship with DRM

Digital Rights Management (DRM) is a specific Digital Rights Management (DRM) is a specific application of digital trustapplication of digital trust

““Entrust the computer with your document’s life”Entrust the computer with your document’s life”

Reasonable prevention of printing, copying, Reasonable prevention of printing, copying, forwarding etc.forwarding etc.

Can be used to greatly increase privacyCan be used to greatly increase privacy

In the future there may be a convergence of the In the future there may be a convergence of the technologies used for signing with DRMtechnologies used for signing with DRM

Unlikely for a whileUnlikely for a while

3333

DRM Cannot Do EverythingDRM Cannot Do Everything

3434

ConclusionsConclusions

3535

Technology SupportTechnology Support

Microsoft has the following technologies for building digital Microsoft has the following technologies for building digital trust:trust:

Certificate Services (part of Windows Server 2003)Certificate Services (part of Windows Server 2003)

For building PKIFor building PKI

For issuing and revoking certificatesFor issuing and revoking certificates

For building a time-stamping serviceFor building a time-stamping service

Identity Integration ServerIdentity Integration Server

For building trust between identities issues by different For building trust between identities issues by different organisations (federation)organisations (federation)

BizTalk ServerBizTalk Server

For automating processing of digitally signed documents, including For automating processing of digitally signed documents, including XAdES supportXAdES support

WS-Federation, WS-Trust, and WS-Privacy for trust across web WS-Federation, WS-Trust, and WS-Privacy for trust across web servicesservices

3636

ConclusionsConclusions

Building Digital Trust in closed-context boundaries Building Digital Trust in closed-context boundaries (within a company etc.) is possible today and perhaps (within a company etc.) is possible today and perhaps worthwhileworthwhile

Expecting Digital Trust in open-context to co-exist with Expecting Digital Trust in open-context to co-exist with your system is a long-term goalyour system is a long-term goal

Very unlikely to be achievable in less than 3-7 years in my Very unlikely to be achievable in less than 3-7 years in my opinionopinion

Today’s deployed IT is far less trustworthy than it seemsToday’s deployed IT is far less trustworthy than it seems

Next few years will present numerous examples of highly Next few years will present numerous examples of highly visible, expensive and embarrassing breaches of trustvisible, expensive and embarrassing breaches of trust

Understanding digital trust is a good step to become Understanding digital trust is a good step to become more trustworthymore trustworthy

3737

SuggestionsSuggestions

Evaluate your trust exposure and expectationsEvaluate your trust exposure and expectations

Make a business case for an environment with Make a business case for an environment with digital trust enableddigital trust enabled

If needed, deploy:If needed, deploy:

PKI, Identity Management, and Time-Stamp ServicePKI, Identity Management, and Time-Stamp Service

Think of building an internal e-notaryThink of building an internal e-notary

Test and evaluate:Test and evaluate:

Extending your internal digital trust across Extending your internal digital trust across boundaries to partners and customersboundaries to partners and customers

3838

Q&AQ&A