digital trust: goals and obstacles rafal lukawiecki strategic consultant, project botticelli ltd...
TRANSCRIPT
Digital Trust: Digital Trust: Goals and ObstaclesGoals and Obstacles
Rafal LukawieckiRafal Lukawiecki
Strategic Consultant, Project Botticelli LtdStrategic Consultant, Project Botticelli Ltd
[email protected]@projectbotticelli.co.uk
www.projectbotticelli.co.ukwww.projectbotticelli.co.uk
Copyright 2005 © Microsoft Corp & Project Botticelli Ltd. E&OE. For informational purposes only. No warranties of any kind are made and you have to verify all Copyright 2005 © Microsoft Corp & Project Botticelli Ltd. E&OE. For informational purposes only. No warranties of any kind are made and you have to verify all information before relying on it. You can re-use this presentation as long as you read, agree, and follow the guidelines described in the “Comments” field in information before relying on it. You can re-use this presentation as long as you read, agree, and follow the guidelines described in the “Comments” field in File/Properties.File/Properties.
22
ObjectivesObjectives
Introduce the conceptsIntroduce the concepts
Discuss the difficulties and major issuesDiscuss the difficulties and major issues
Overview available technologyOverview available technology
Explain why governments and larger public Explain why governments and larger public organisations play a special role in this fieldorganisations play a special role in this field
33
Session AgendaSession Agenda
Digital Trust ConceptsDigital Trust Concepts
PrerequisitesPrerequisites
Issues with PKIIssues with PKI
Trusted Time StampsTrusted Time Stamps
Privacy and DRMPrivacy and DRM
ConclusionsConclusions
44
Digital Trust ConceptsDigital Trust Concepts
55
Defense in DepthDefense in Depth
Policies, Procedures, & Awareness
Policies, Procedures, & Awareness
Physical SecurityPhysical Security
PerimeterPerimeter
Internal NetworkInternal Network
HostHost
ApplicationApplication
DataData
66
Why?Why?
Unlike in the paper-based world, concluding Unlike in the paper-based world, concluding transactions on-line cannot rely on handwritten transactions on-line cannot rely on handwritten signatures and human instincts of trustsignatures and human instincts of trust
Traditional signatures are easy to repudiateTraditional signatures are easy to repudiate
It’s difficult to judge trustworthiness by looking at a It’s difficult to judge trustworthiness by looking at a web siteweb site
Privacy need is often ignoredPrivacy need is often ignored
Authentication is nearly impossibleAuthentication is nearly impossible
77
What is Digital Trust?What is Digital Trust?
InformallyInformally: characteristic of a computerised : characteristic of a computerised environment that has benefits of trust equivalent environment that has benefits of trust equivalent to that of paper-based worldto that of paper-based world
BrutallyBrutally: “In paper we trust, computers we don’t”: “In paper we trust, computers we don’t”
FormallyFormally: too early to define: too early to define
88
Impact of (the Lack of) Digital TrustImpact of (the Lack of) Digital Trust
Today, in practice, we still cannot:Today, in practice, we still cannot:
Make legal dependence on email or other digital Make legal dependence on email or other digital documentsdocuments
Have a reliable and auditable electronic voting Have a reliable and auditable electronic voting systemsystem
Trust online presence of unknown companiesTrust online presence of unknown companies
Negotiate contracts onlineNegotiate contracts online
Properly protect against malware and virusesProperly protect against malware and viruses
99
Example: “Failure” of PKIExample: “Failure” of PKI
Although many organisations have built PKI they Although many organisations have built PKI they still fail to be using digital signatures on more still fail to be using digital signatures on more than experimental basisthan experimental basis
Economically, security and lack of trust is Economically, security and lack of trust is costing a lot, so, costing a lot, so, has PKI failedhas PKI failed??
No. PKI is fine, but not enough. We need to No. PKI is fine, but not enough. We need to build a foundation of digital trust.build a foundation of digital trust.
1010
Building Digital TrustBuilding Digital Trust
Digital trust requires a combination of:Digital trust requires a combination of:
Identity authentication by multiple meansIdentity authentication by multiple means
Privacy protectionPrivacy protection
Federated trust between organisationsFederated trust between organisations
Digital signaturesDigital signatures
In addition to technology, we require In addition to technology, we require governmental, judicial and police supportgovernmental, judicial and police support
1111
PrerequisitesPrerequisites
1212
Legal RequirementsLegal Requirements
The basic legislative support includes needs for:The basic legislative support includes needs for:
Legal recognition of digital signaturesLegal recognition of digital signatures
Protection of data privacyProtection of data privacy
Framework for recognition of digital notary services Framework for recognition of digital notary services (e-notaries)(e-notaries)
Framework for “mixed-trust” situation where paper Framework for “mixed-trust” situation where paper and digital trust are intermixedand digital trust are intermixed
Existence of one or more accepted identity means Existence of one or more accepted identity means (IDs)(IDs)
1313
Today’s ProblemToday’s Problem
Even if you have legally recognised digital Even if you have legally recognised digital signatures (all EU countries do) the following are signatures (all EU countries do) the following are still a problem:still a problem:
Someone creates a digitally signed document, which is Someone creates a digitally signed document, which is then passed through a chain to someone who only uses then passed through a chain to someone who only uses paper-based signaturespaper-based signatures
Not everyone can (or wants to) provide digital Not everyone can (or wants to) provide digital signaturessignatures
Some transactions involve a mixture of paper and Some transactions involve a mixture of paper and digital signaturesdigital signatures
Solution? E-Notary Services (see later)Solution? E-Notary Services (see later)
1414
Crossing ContextsCrossing Contexts
““Digital” Trust really must be trust across digital and Digital” Trust really must be trust across digital and traditional environstraditional environs
Perhaps we should call it “Universal Trust”?Perhaps we should call it “Universal Trust”?
Your software verifies a digital signatureYour software verifies a digital signature
You trust it – good!You trust it – good!
You print the report – nice!You print the report – nice!
You give the report to someone. Should it be trusted?You give the report to someone. Should it be trusted?
NO!NO!
Unless you stamp it, sign it and, perhaps have a witness and a Unless you stamp it, sign it and, perhaps have a witness and a notarynotary
1515
Technical RequirementsTechnical Requirements
At overall organisational (or governmental) level, At overall organisational (or governmental) level, the following should be created or officially the following should be created or officially recognised:recognised:
Public Key Infrastructure (PKI)Public Key Infrastructure (PKI)
Identity credentials format and managementIdentity credentials format and management
Trusted time-stamping service for digital signaturesTrusted time-stamping service for digital signatures
This can be delegated to an e-notary service providerThis can be delegated to an e-notary service provider
1616
Issues with PKI & Issues with PKI & IdentityIdentity
1717
PKIPKI
Your PKI should be technically integrated into Your PKI should be technically integrated into the widely used internet browsers (Internet the widely used internet browsers (Internet Explorer etc.)Explorer etc.)
Otherwise, security can (and has been) exploited Otherwise, security can (and has been) exploited leading to loss of trust by the publicleading to loss of trust by the public
This is a difficult processThis is a difficult process
World-wide inclusion (€€€)World-wide inclusion (€€€)
Subordinate of know CA (politics)Subordinate of know CA (politics)
Own CA (distribution problem)Own CA (distribution problem)
1818
Internal PKIInternal PKI
If you are only concerned with the trust within If you are only concerned with the trust within your organisation, the task of building PKI is your organisation, the task of building PKI is easyeasy
Even easier if you integrate PKI with Active Even easier if you integrate PKI with Active DirectoryDirectory
Auto-enrolment for initial provisioningAuto-enrolment for initial provisioning
Certificate Services for ongoing managementCertificate Services for ongoing management
Especially easy using Windows Server 2003Especially easy using Windows Server 2003
1919
PKI with PartnersPKI with Partners
Sharing recognition of your PKI with selected Sharing recognition of your PKI with selected other organisations is easyother organisations is easy
Mutually cross-sign your root or OU certificates, or,Mutually cross-sign your root or OU certificates, or,
Install on all clients your partners’ root certificatesInstall on all clients your partners’ root certificates
Recognising your PKI outside of those groups is Recognising your PKI outside of those groups is far more difficultfar more difficult
2020
Identity Credentials FormatIdentity Credentials Format
It is a pre-defined textual, X.500 and binary representation It is a pre-defined textual, X.500 and binary representation of identity dataof identity data
Name, date of birth etc.Name, date of birth etc.
It should be consistently used:It should be consistently used:
Across governmental and organisational PKIAcross governmental and organisational PKI
Inside electronic IDs based on smartcardsInside electronic IDs based on smartcards
Optionally, subject to any privacy debates, it may contain Optionally, subject to any privacy debates, it may contain a unique ID of the entity (employee, citizen, company etc.)a unique ID of the entity (employee, citizen, company etc.)
This is not necessary for digital trust, but it allows for tighter This is not necessary for digital trust, but it allows for tighter verification across governmental departmentsverification across governmental departments
Inevitably, it can lead to erosion of privacyInevitably, it can lead to erosion of privacy
2121
Trusted Time StampsTrusted Time Stamps
2222
The Time ProblemThe Time Problem
Scenario:Scenario:
Document is signed on 1 Jan 2005Document is signed on 1 Jan 2005
Signatory loses the signing key on 1 Feb 2006Signatory loses the signing key on 1 Feb 2006
Is the signature valid or invalid?Is the signature valid or invalid?
Additional problem:Additional problem:
Anyone can “wind back” the clock on their computerAnyone can “wind back” the clock on their computer
Solution?Solution?
2323
Trusted Time-Stamping ServiceTrusted Time-Stamping Service
As certificates are revoked due to their loss, or As certificates are revoked due to their loss, or eventually expire, digital signatures cannot be eventually expire, digital signatures cannot be allowed to suddenly become invalidallowed to suddenly become invalid
A Trusted Time-Stamping Service can provide a A Trusted Time-Stamping Service can provide a “digital signature” containing date and time“digital signature” containing date and time
Certifying that a certain a document has been Certifying that a certain a document has been signed while the signatory’s certificate was validsigned while the signatory’s certificate was valid
Otherwise, it is easy to repudiate signatures in the Otherwise, it is easy to repudiate signatures in the future, cancelling validity of contracts etc.future, cancelling validity of contracts etc.
2424
XAdESXAdES
XML Advanced Electronic SignaturesXML Advanced Electronic Signatures
W3C SpecificationW3C Specification
Implements directive 1999/93/EC of the European Parliament Implements directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community and of the Council of 13 December 1999 on a Community framework for electronic signatures" [EU-DIR-ESIG]framework for electronic signatures" [EU-DIR-ESIG]
Microsoft’s BizTalk Server implements thisMicrosoft’s BizTalk Server implements this
Implements Time Stamp Authority conceptImplements Time Stamp Authority concept
Provides for really usable signaturesProvides for really usable signatures
Adopt it:Adopt it:
LegallyLegally
As servicesAs services
2525
XAdES – Signature TypesXAdES – Signature Types
XAdES formalises 6 types of signatures and specifies roles XAdES formalises 6 types of signatures and specifies roles and their responsibilitiesand their responsibilities
It builds on XMLDSIG in following ways:It builds on XMLDSIG in following ways:
XML Advanced Electronic SignatureXML Advanced Electronic Signature
XML Advanced Electronic Signature with Time-StampXML Advanced Electronic Signature with Time-Stamp
XML Advanced Electronic Signature with complete validation dataXML Advanced Electronic Signature with complete validation data
XML Advanced Electronic Signature with eXtended validation data XML Advanced Electronic Signature with eXtended validation data
XML Advanced Electronic Signature with eXtended validation data XML Advanced Electronic Signature with eXtended validation data incorporated for the long term incorporated for the long term
XML Advanced Electronic Signature with archiving validation dataXML Advanced Electronic Signature with archiving validation data
www.w3.org/TR/XAdES/www.w3.org/TR/XAdES/
2626
E-Notary ServicesE-Notary Services
Solution for earlier problem of “Crossing Trust Solution for earlier problem of “Crossing Trust Boundaries” Boundaries”
Electronic notary services allow co-existence of Electronic notary services allow co-existence of paper-based and digital trustpaper-based and digital trust
Additionally:Additionally:
Provide trusted time-stampsProvide trusted time-stamps
Issue and revoke certificatesIssue and revoke certificates
Assist in distribution of electronic IDsAssist in distribution of electronic IDs
2727
Word About ArchivingWord About Archiving
Archiving paper-based documents digitally is Archiving paper-based documents digitally is importantimportant
Need for trusted 3Need for trusted 3rdrd party access and party access and management of stored documents to cross management of stored documents to cross digital/paper borderdigital/paper border
E-Notaries can be archivistsE-Notaries can be archivists
2828
Privacy and DRM (Digital Privacy and DRM (Digital Rights Management)Rights Management)
2929
Privacy and TrustPrivacy and Trust
Relationship between trust and privacy is age-Relationship between trust and privacy is age-oldold
Unfortunately, in the digital world privacy is Unfortunately, in the digital world privacy is being eroded and rarely is it well protectedbeing eroded and rarely is it well protected
This may be a limiting factor in adoption of a wider, This may be a limiting factor in adoption of a wider, publicly oriented digital trust systempublicly oriented digital trust system
3030
More About PrivacyMore About Privacy
Widespread support for encryption will stimulate Widespread support for encryption will stimulate more confidentiality in the digital worldmore confidentiality in the digital world
Today, it is as if everyone was sending postcards Today, it is as if everyone was sending postcards without envelopeswithout envelopes
P3P (Privacy Protection Protocol) provides P3P (Privacy Protection Protocol) provides some limited technology todaysome limited technology today
WS-Privacy etc. will provide moreWS-Privacy etc. will provide more
Still insufficient!Still insufficient!
3131
Possible Privacy SolutionPossible Privacy Solution
Legislation needed that makes it illegal to store (and maybe process) Legislation needed that makes it illegal to store (and maybe process) data records that do not have a digital signature of the citizen they data records that do not have a digital signature of the citizen they relate torelate to
Each privacy-enabled record contains:Each privacy-enabled record contains:
Expiration dateExpiration date
Allowed/prohibited uses of dataAllowed/prohibited uses of data
Ex.: “Not for marketing email”, “Do not pass to 3rd parties”, “For credit Ex.: “Not for marketing email”, “Do not pass to 3rd parties”, “For credit reference only”, etc.reference only”, etc.
Digital signature of the original data “issuer”Digital signature of the original data “issuer”
If there is an alleged breach, the injured party requires the record to be If there is an alleged breach, the injured party requires the record to be handed over by the alleged abuserhanded over by the alleged abuser
Digital signature must be present – if not, prosecute the abuserDigital signature must be present – if not, prosecute the abuser
Purposes marked in the record must be observed – if not, prosecute the Purposes marked in the record must be observed – if not, prosecute the abuserabuser
3232
Relationship with DRMRelationship with DRM
Digital Rights Management (DRM) is a specific Digital Rights Management (DRM) is a specific application of digital trustapplication of digital trust
““Entrust the computer with your document’s life”Entrust the computer with your document’s life”
Reasonable prevention of printing, copying, Reasonable prevention of printing, copying, forwarding etc.forwarding etc.
Can be used to greatly increase privacyCan be used to greatly increase privacy
In the future there may be a convergence of the In the future there may be a convergence of the technologies used for signing with DRMtechnologies used for signing with DRM
Unlikely for a whileUnlikely for a while
3333
DRM Cannot Do EverythingDRM Cannot Do Everything
3434
ConclusionsConclusions
3535
Technology SupportTechnology Support
Microsoft has the following technologies for building digital Microsoft has the following technologies for building digital trust:trust:
Certificate Services (part of Windows Server 2003)Certificate Services (part of Windows Server 2003)
For building PKIFor building PKI
For issuing and revoking certificatesFor issuing and revoking certificates
For building a time-stamping serviceFor building a time-stamping service
Identity Integration ServerIdentity Integration Server
For building trust between identities issues by different For building trust between identities issues by different organisations (federation)organisations (federation)
BizTalk ServerBizTalk Server
For automating processing of digitally signed documents, including For automating processing of digitally signed documents, including XAdES supportXAdES support
WS-Federation, WS-Trust, and WS-Privacy for trust across web WS-Federation, WS-Trust, and WS-Privacy for trust across web servicesservices
3636
ConclusionsConclusions
Building Digital Trust in closed-context boundaries Building Digital Trust in closed-context boundaries (within a company etc.) is possible today and perhaps (within a company etc.) is possible today and perhaps worthwhileworthwhile
Expecting Digital Trust in open-context to co-exist with Expecting Digital Trust in open-context to co-exist with your system is a long-term goalyour system is a long-term goal
Very unlikely to be achievable in less than 3-7 years in my Very unlikely to be achievable in less than 3-7 years in my opinionopinion
Today’s deployed IT is far less trustworthy than it seemsToday’s deployed IT is far less trustworthy than it seems
Next few years will present numerous examples of highly Next few years will present numerous examples of highly visible, expensive and embarrassing breaches of trustvisible, expensive and embarrassing breaches of trust
Understanding digital trust is a good step to become Understanding digital trust is a good step to become more trustworthymore trustworthy
3737
SuggestionsSuggestions
Evaluate your trust exposure and expectationsEvaluate your trust exposure and expectations
Make a business case for an environment with Make a business case for an environment with digital trust enableddigital trust enabled
If needed, deploy:If needed, deploy:
PKI, Identity Management, and Time-Stamp ServicePKI, Identity Management, and Time-Stamp Service
Think of building an internal e-notaryThink of building an internal e-notary
Test and evaluate:Test and evaluate:
Extending your internal digital trust across Extending your internal digital trust across boundaries to partners and customersboundaries to partners and customers
3838
Q&AQ&A