Digital Trust: Goals and Obstacles

1
Digital Trust Goals and Obstacles

• Rafal Lukawiecki
• Strategic Consultant, Project Botticelli Ltd

2
Objectives

• Introduce the concepts
• Discuss the difficulties and major issues
• Overview available technology
• Explain why governments and larger public
  organisations play a special role in this field

3
Session Agenda

• Digital Trust Concepts
• Prerequisites
• Issues with PKI
• Trusted Time Stamps
• Privacy and DRM
• Conclusions

4
Digital Trust Concepts
5
Defense in Depth
Policies, Procedures, Awareness
Physical Security
Data
Application
Host
Internal Network
Perimeter
6
Why?

• Unlike in the paper-based world, concluding
  transactions on-line cannot rely on handwritten
  signatures and human instincts of trust
• Traditional signatures are easy to repudiate
• Its difficult to judge trustworthiness by
  looking at a web site
• Privacy need is often ignored
• Authentication is nearly impossible

7
What is Digital Trust?

• Informally characteristic of a computerised
  environment that has benefits of trust equivalent
  to that of paper-based world
• Brutally In paper we trust, computers we dont
• Formally too early to define

8
Impact of (the Lack of) Digital Trust

• Today, in practice, we still cannot
• Make legal dependence on email or other digital
  documents
• Have a reliable and auditable electronic voting
  system
• Trust online presence of unknown companies
• Negotiate contracts online
• Properly protect against malware and viruses

9
Example Failure of PKI

• Although many organisations have built PKI they
  still fail to be using digital signatures on more
  than experimental basis
• Economically, security and lack of trust is
  costing a lot, so, has PKI failed?
• No. PKI is fine, but not enough. We need to build
  a foundation of digital trust.

10
Building Digital Trust

• Digital trust requires a combination of
• Identity authentication by multiple means
• Privacy protection
• Federated trust between organisations
• Digital signatures
• In addition to technology, we require
  governmental, judicial and police support

11
Prerequisites
12
Legal Requirements

• The basic legislative support includes needs for
• Legal recognition of digital signatures
• Protection of data privacy
• Framework for recognition of digital notary
  services (e-notaries)
• Framework for mixed-trust situation where paper
  and digital trust are intermixed
• Existence of one or more accepted identity means
  (IDs)

13
Todays Problem

• Even if you have legally recognised digital
  signatures (all EU countries do) the following
  are still a problem
• Someone creates a digitally signed document,
  which is then passed through a chain to someone
  who only uses paper-based signatures
• Not everyone can (or wants to) provide digital
  signatures
• Some transactions involve a mixture of paper and
  digital signatures
• Solution? E-Notary Services (see later)

14
Crossing Contexts

• Digital Trust really must be trust across
  digital and traditional environs
• Perhaps we should call it Universal Trust?
• Your software verifies a digital signature
• You trust it good!
• You print the report nice!
• You give the report to someone. Should it be
  trusted?
• NO!
• Unless you stamp it, sign it and, perhaps have a
  witness and a notary

15
Technical Requirements

• At overall organisational (or governmental)
  level, the following should be created or
  officially recognised
• Public Key Infrastructure (PKI)
• Identity credentials format and management
• Trusted time-stamping service for digital
  signatures
• This can be delegated to an e-notary service
  provider

16
Issues with PKI Identity
17
PKI

• Your PKI should be technically integrated into
  the widely used internet browsers (Internet
  Explorer etc.)
• Otherwise, security can (and has been) exploited
  leading to loss of trust by the public
• This is a difficult process
• World-wide inclusion ()
• Subordinate of know CA (politics)
• Own CA (distribution problem)

18
Internal PKI

• If you are only concerned with the trust within
  your organisation, the task of building PKI is
  easy
• Even easier if you integrate PKI with Active
  Directory
• Auto-enrolment for initial provisioning
• Certificate Services for ongoing management
• Especially easy using Windows Server 2003

19
PKI with Partners

• Sharing recognition of your PKI with selected
  other organisations is easy
• Mutually cross-sign your root or OU certificates,
  or,
• Install on all clients your partners root
  certificates
• Recognising your PKI outside of those groups is
  far more difficult

20
Identity Credentials Format

• It is a pre-defined textual, X.500 and binary
  representation of identity data
• Name, date of birth etc.
• It should be consistently used
• Across governmental and organisational PKI
• Inside electronic IDs based on smartcards
• Optionally, subject to any privacy debates, it
  may contain a unique ID of the entity (employee,
  citizen, company etc.)
• This is not necessary for digital trust, but it
  allows for tighter verification across
  governmental departments
• Inevitably, it can lead to erosion of privacy

21
Trusted Time Stamps
22
The Time Problem

• Scenario
• Document is signed on 1 Jan 2005
• Signatory loses the signing key on 1 Feb 2006
• Is the signature valid or invalid?
• Additional problem
• Anyone can wind back the clock on their
  computer
• Solution?

23
Trusted Time-Stamping Service

• As certificates are revoked due to their loss, or
  eventually expire, digital signatures cannot be
  allowed to suddenly become invalid
• A Trusted Time-Stamping Service can provide a
  digital signature containing date and time
• Certifying that a certain a document has been
  signed while the signatorys certificate was
  valid
• Otherwise, it is easy to repudiate signatures in
  the future, cancelling validity of contracts etc.

24
XAdES

• XML Advanced Electronic Signatures
• W3C Specification
• Implements directive 1999/93/EC of the European
  Parliament and of the Council of 13 December 1999
  on a Community framework for electronic
  signatures" EU-DIR-ESIG
• Microsofts BizTalk Server implements this
• Implements Time Stamp Authority concept
• Provides for really usable signatures
• Adopt it
• Legally
• As services

25
XAdES Signature Types

• XAdES formalises 6 types of signatures and
  specifies roles and their responsibilities
• It builds on XMLDSIG in following ways
• XML Advanced Electronic Signature
• XML Advanced Electronic Signature with Time-Stamp
• XML Advanced Electronic Signature with complete
  validation data
• XML Advanced Electronic Signature with eXtended
  validation data
• XML Advanced Electronic Signature with eXtended
  validation data incorporated for the long term
• XML Advanced Electronic Signature with archiving
  validation data
• www.w3.org/TR/XAdES/

26
E-Notary Services

• Solution for earlier problem of Crossing Trust
  Boundaries
• Electronic notary services allow co-existence of
  paper-based and digital trust
• Additionally
• Provide trusted time-stamps
• Issue and revoke certificates
• Assist in distribution of electronic IDs

27
Word About Archiving

• Archiving paper-based documents digitally is
  important
• Need for trusted 3rd party access and management
  of stored documents to cross digital/paper border
• E-Notaries can be archivists

28
Privacy and DRM (Digital Rights Management)
29
Privacy and Trust

• Relationship between trust and privacy is age-old
• Unfortunately, in the digital world privacy is
  being eroded and rarely is it well protected
• This may be a limiting factor in adoption of a
  wider, publicly oriented digital trust system

30
More About Privacy

• Widespread support for encryption will stimulate
  more confidentiality in the digital world
• Today, it is as if everyone was sending postcards
  without envelopes
• P3P (Privacy Protection Protocol) provides some
  limited technology today
• WS-Privacy etc. will provide more
• Still insufficient!

31
Possible Privacy Solution

• Legislation needed that makes it illegal to store
  (and maybe process) data records that do not have
  a digital signature of the citizen they relate to
• Each privacy-enabled record contains
• Expiration date
• Allowed/prohibited uses of data
• Ex. Not for marketing email, Do not pass to
  3rd parties, For credit reference only, etc.
• Digital signature of the original data issuer
• If there is an alleged breach, the injured party
  requires the record to be handed over by the
  alleged abuser
• Digital signature must be present if not,
  prosecute the abuser
• Purposes marked in the record must be observed
  if not, prosecute the abuser

32
Relationship with DRM

• Digital Rights Management (DRM) is a specific
  application of digital trust
• Entrust the computer with your documents life
• Reasonable prevention of printing, copying,
  forwarding etc.
• Can be used to greatly increase privacy
• In the future there may be a convergence of the
  technologies used for signing with DRM
• Unlikely for a while

33
DRM Cannot Do Everything
34
Conclusions
35
Technology Support

• Microsoft has the following technologies for
  building digital trust
• Certificate Services (part of Windows Server
  2003)
• For building PKI
• For issuing and revoking certificates
• For building a time-stamping service
• Identity Integration Server
• For building trust between identities issues by
  different organisations (federation)
• BizTalk Server
• For automating processing of digitally signed
  documents, including XAdES support
• WS-Federation, WS-Trust, and WS-Privacy for trust
  across web services

36
Conclusions

• Building Digital Trust in closed-context
  boundaries (within a company etc.) is possible
  today and perhaps worthwhile
• Expecting Digital Trust in open-context to
  co-exist with your system is a long-term goal
• Very unlikely to be achievable in less than 3-7
  years in my opinion
• Todays deployed IT is far less trustworthy than
  it seems
• Next few years will present numerous examples of
  highly visible, expensive and embarrassing
  breaches of trust
• Understanding digital trust is a good step to
  become more trustworthy

37
Suggestions

• Evaluate your trust exposure and expectations
• Make a business case for an environment with
  digital trust enabled
• If needed, deploy
• PKI, Identity Management, and Time-Stamp Service
• Think of building an internal e-notary
• Test and evaluate
• Extending your internal digital trust across
  boundaries to partners and customers