Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Identity and Authentication: A computer scientist looks at the analogue world

572 views

Published on

Lecture at Univeristy of Luxembourg 10 November 2010

  • Login to see the comments

  • Be the first to like this

Identity and Authentication: A computer scientist looks at the analogue world

  1. 1. Identity and Authentication: A computer scientist looks at the analogue world James Davenport Hebron & Medlock Professor of Information Technology University of Bath (U.K.) 10 November 2010
  2. 2. Thesis Cryptography is very concerned (and rightly so!) with issues like
  3. 3. Thesis Cryptography is very concerned (and rightly so!) with issues like Correctness
  4. 4. Thesis Cryptography is very concerned (and rightly so!) with issues like Correctness Provability
  5. 5. Thesis Cryptography is very concerned (and rightly so!) with issues like Correctness Provability Revocation
  6. 6. Thesis Cryptography is very concerned (and rightly so!) with issues like Correctness Provability Revocation Non-repudiability and so on
  7. 7. Thesis Cryptography is very concerned (and rightly so!) with issues like Correctness Provability Revocation Non-repudiability and so on
  8. 8. Thesis Cryptography is very concerned (and rightly so!) with issues like Correctness Provability Revocation Non-repudiability and so on What happens if we look at the analogue world around us this way?
  9. 9. Signatures/ Seals/ . . . For people, signatures have largely replaced seals in the West, whereas in other cultures personal seals are much more common
  10. 10. Signatures/ Seals/ . . . For people, signatures have largely replaced seals in the West, whereas in other cultures personal seals are much more common By cryptographic standards, both are easy to forge, or dispute
  11. 11. Signatures/ Seals/ . . . For people, signatures have largely replaced seals in the West, whereas in other cultures personal seals are much more common By cryptographic standards, both are easy to forge, or dispute Professional document examiners have a 6.5% error rate (at least)
  12. 12. Signatures/ Seals/ . . . For people, signatures have largely replaced seals in the West, whereas in other cultures personal seals are much more common By cryptographic standards, both are easy to forge, or dispute Professional document examiners have a 6.5% error rate (at least) we have a very weak biometric mechanism that works fairly well in practice [Anderson]
  13. 13. Signatures/ Seals/ . . . For people, signatures have largely replaced seals in the West, whereas in other cultures personal seals are much more common By cryptographic standards, both are easy to forge, or dispute Professional document examiners have a 6.5% error rate (at least) we have a very weak biometric mechanism that works fairly well in practice [Anderson] It is comparatively rare for signatures to be disputed in court: essentially a combination of context, and retrospective investigation
  14. 14. [English] Common Law
  15. 15. [English] Common Law A contract is just an accepted offer
  16. 16. [English] Common Law A contract is just an accepted offer Example: shop putting coffee on shelf at £2 is an offer; customer bringing it to the checkout is an acceptance
  17. 17. [English] Common Law A contract is just an accepted offer Example: shop putting coffee on shelf at £2 is an offer; customer bringing it to the checkout is an acceptance (Contrary to belief, there is no special law “it’s the price on the shelf, not the price in the computer, that counts”)
  18. 18. [English] Common Law A contract is just an accepted offer Example: shop putting coffee on shelf at £2 is an offer; customer bringing it to the checkout is an acceptance (Contrary to belief, there is no special law “it’s the price on the shelf, not the price in the computer, that counts”) Note that nothing is in writing
  19. 19. [English] Common Law A contract is just an accepted offer Example: shop putting coffee on shelf at £2 is an offer; customer bringing it to the checkout is an acceptance (Contrary to belief, there is no special law “it’s the price on the shelf, not the price in the computer, that counts”) Note that nothing is in writing An exchange of ASCII e-mails can constitute a contract
  20. 20. [English] Common Law A contract is just an accepted offer Example: shop putting coffee on shelf at £2 is an offer; customer bringing it to the checkout is an acceptance (Contrary to belief, there is no special law “it’s the price on the shelf, not the price in the computer, that counts”) Note that nothing is in writing An exchange of ASCII e-mails can constitute a contract If cryptography is necessary to make email contracts legal, then we ask more of digital media than we do of its predecessors [Wright1994]
  21. 21. Is this the death of cryptography?
  22. 22. Is this the death of cryptography? Of course not!
  23. 23. Is this the death of cryptography? Of course not! Cryptography may not be necessary, but it may be very useful
  24. 24. Is this the death of cryptography? Of course not! Cryptography may not be necessary, but it may be very useful Just because I make you an offer does not mean that I can, or intend to carry it out
  25. 25. Is this the death of cryptography? Of course not! Cryptography may not be necessary, but it may be very useful Just because I make you an offer does not mean that I can, or intend to carry it out (Ask anyone who’s purchased Viagra on the Internet!)
  26. 26. Is this the death of cryptography? Of course not! Cryptography may not be necessary, but it may be very useful Just because I make you an offer does not mean that I can, or intend to carry it out (Ask anyone who’s purchased Viagra on the Internet!) Human face-to-face contracts rely heavily on implicit trust
  27. 27. Is this the death of cryptography? Of course not! Cryptography may not be necessary, but it may be very useful Just because I make you an offer does not mean that I can, or intend to carry it out (Ask anyone who’s purchased Viagra on the Internet!) Human face-to-face contracts rely heavily on implicit trust, which is the main problem with all distance transactions (not necessarily Internet) — hence the U.S. term “wire fraud”
  28. 28. Why, then, signatures?
  29. 29. Why, then, signatures? Essentially, to create a connection between the offeror and the offer (acceptor and acceptance)
  30. 30. Why, then, signatures? Essentially, to create a connection between the offeror and the offer (acceptor and acceptance) The less physical the contract, the more important this becomes
  31. 31. Why, then, signatures? Essentially, to create a connection between the offeror and the offer (acceptor and acceptance) The less physical the contract, the more important this becomes There are other reasons: English law requires the transfer of land to be in a special form in writing
  32. 32. Why, then, signatures? Essentially, to create a connection between the offeror and the offer (acceptor and acceptance) The less physical the contract, the more important this becomes There are other reasons: English law requires the transfer of land to be in a special form in writing so that it can be taxed — 4%
  33. 33. Why, then, signatures? Essentially, to create a connection between the offeror and the offer (acceptor and acceptance) The less physical the contract, the more important this becomes There are other reasons: English law requires the transfer of land to be in a special form in writing so that it can be taxed — 4% It’s also very important when the offeror/acceptor is compound
  34. 34. Why, then, signatures? Essentially, to create a connection between the offeror and the offer (acceptor and acceptance) The less physical the contract, the more important this becomes There are other reasons: English law requires the transfer of land to be in a special form in writing so that it can be taxed — 4% It’s also very important when the offeror/acceptor is compound: what doe sit mean for a University to offer, or accept?
  35. 35. Statutes: 17.27 To select a Seal and a Mace for the University and to have the sole custody and use of the Seal and under detailed provisions to be contained in the Ordinances to provide that the use of the Seal and its witnessing or the execution of deeds on behalf of the University by Officers of the University and those persons nominated by the Council for this purpose may be dealt with as if the University was a Company incorporated under the provisions of the Companies Act 1985 or under any legislation in substitution therefor and in accordance with any resolution of the Council relating to the use of the Seal or the execution of deeds
  36. 36. 27. USE OF THE SEAL OF THE UNIVERSITY In accordance with the provisions of Section 17.27 of the Statutes, power to affix the Seal of the University to a document may be exercised and witnessed either by two Members of the Council of the University or by one Member of the Council and the University Secretary (or, in the absence of the University Secretary, the Vice- Chancellor or Director of Finance). The Academic Registrar shall maintain a register of documents sealed in the name of the University under the terms of this Ordinance showing: (i) the identity of the document; (ii) the date the document was sealed; (iii) the names of the persons witnessing the use of the Seal in the name of the University and shall report each such transaction to Finance Committee on behalf of Council. Approved by Council 1st August 2010
  37. 37. 27. USE OF THE SEAL OF THE UNIVERSITY In accordance with the provisions of Section 17.27 of the Statutes, power to affix the Seal of the University to a document may be exercised and witnessed either by two Members of the Council of the University or by one Member of the Council and the University Secretary (or, in the absence of the University Secretary, the Vice- Chancellor or Director of Finance). The Academic Registrar shall maintain a register of documents sealed in the name of the University under the terms of this Ordinance showing: (i) the identity of the document; (ii) the date the document was sealed; (iii) the names of the persons witnessing the use of the Seal in the name of the University and shall report each such transaction to Finance Committee on behalf of Council. Approved by Council 1st August 2010
  38. 38. Formally, this is a mess
  39. 39. Formally, this is a mess How do I know what the seal of the University looks like?
  40. 40. Formally, this is a mess How do I know what the seal of the University looks like? How do I know who the members of Council are?
  41. 41. Formally, this is a mess How do I know what the seal of the University looks like? How do I know who the members of Council are? How do I know who the University Secretary is?
  42. 42. Formally, this is a mess How do I know what the seal of the University looks like? How do I know who the members of Council are? How do I know who the University Secretary is? How do I know who the Directorof Finance is?
  43. 43. Formally, this is a mess How do I know what the seal of the University looks like? How do I know who the members of Council are? How do I know who the University Secretary is? How do I know who the Directorof Finance is? How do I know the University Secretary is absent?
  44. 44. Formally, this is a mess How do I know what the seal of the University looks like? How do I know who the members of Council are? How do I know who the University Secretary is? How do I know who the Directorof Finance is? How do I know the University Secretary is absent? How do I know what their signatures are?
  45. 45. Formally, this is a mess How do I know what the seal of the University looks like? How do I know who the members of Council are? How do I know who the University Secretary is? How do I know who the Directorof Finance is? How do I know the University Secretary is absent? How do I know what their signatures are?
  46. 46. Formally, this is a mess How do I know what the seal of the University looks like? How do I know who the members of Council are? How do I know who the University Secretary is? How do I know who the Directorof Finance is? How do I know the University Secretary is absent? How do I know what their signatures are? Note that the same objections could be raised about the other company
  47. 47. Formally, this is a mess How do I know what the seal of the University looks like? How do I know who the members of Council are? How do I know who the University Secretary is? How do I know who the Directorof Finance is? How do I know the University Secretary is absent? How do I know what their signatures are? Note that the same objections could be raised about the other company, though the names of the Directors are on record
  48. 48. Formally, this is a mess How do I know what the seal of the University looks like? How do I know who the members of Council are? How do I know who the University Secretary is? How do I know who the Directorof Finance is? How do I know the University Secretary is absent? How do I know what their signatures are? Note that the same objections could be raised about the other company, though the names of the Directors are on record The point of this is to establish intention
  49. 49. If we did want to use Cryptography
  50. 50. If we did want to use Cryptography “Member of Council” — probably an attribute Γ
  51. 51. If we did want to use Cryptography “Member of Council” — probably an attribute Γ “University Secretary” — probably an attribute ∆
  52. 52. If we did want to use Cryptography “Member of Council” — probably an attribute Γ “University Secretary” — probably an attribute ∆ “Director of Finance” — probably an attribute Ω
  53. 53. If we did want to use Cryptography “Member of Council” — probably an attribute Γ “University Secretary” — probably an attribute ∆ “Director of Finance” — probably an attribute Ω
  54. 54. If we did want to use Cryptography “Member of Council” — probably an attribute Γ “University Secretary” — probably an attribute ∆ “Director of Finance” — probably an attribute Ω Then attribute mechanisms [see Khader] can handle (Γ ∧ ∆) ∨ (Γ ∧ Ω)
  55. 55. If we did want to use Cryptography “Member of Council” — probably an attribute Γ “University Secretary” — probably an attribute ∆ “Director of Finance” — probably an attribute Ω Then attribute mechanisms [see Khader] can handle (Γ ∧ ∆) ∨ (Γ ∧ Ω), but Γ ∧ Γ is currently an unsolved problem
  56. 56. If we did want to use Cryptography “Member of Council” — probably an attribute Γ “University Secretary” — probably an attribute ∆ “Director of Finance” — probably an attribute Ω Then attribute mechanisms [see Khader] can handle (Γ ∧ ∆) ∨ (Γ ∧ Ω), but Γ ∧ Γ is currently an unsolved problem However, is it worth it?
  57. 57. In fact, many ‘signatures’ are really attributes
  58. 58. In fact, many ‘signatures’ are really attributes An order to issue rum to a unit must be signed by an officer in the chain of command above the unit and by a doctor [Queen’s Regulations]
  59. 59. In fact, many ‘signatures’ are really attributes An order to issue rum to a unit must be signed by an officer in the chain of command above the unit and by a doctor [Queen’s Regulations] The form is in triplicate:
  60. 60. In fact, many ‘signatures’ are really attributes An order to issue rum to a unit must be signed by an officer in the chain of command above the unit and by a doctor [Queen’s Regulations] The form is in triplicate: 1 Unit records
  61. 61. In fact, many ‘signatures’ are really attributes An order to issue rum to a unit must be signed by an officer in the chain of command above the unit and by a doctor [Queen’s Regulations] The form is in triplicate: 1 Unit records 2 Stores depot (for the issue)
  62. 62. In fact, many ‘signatures’ are really attributes An order to issue rum to a unit must be signed by an officer in the chain of command above the unit and by a doctor [Queen’s Regulations] The form is in triplicate: 1 Unit records 2 Stores depot (for the issue) 3 Medical Corps records
  63. 63. In fact, many ‘signatures’ are really attributes An order to issue rum to a unit must be signed by an officer in the chain of command above the unit and by a doctor [Queen’s Regulations] The form is in triplicate: 1 Unit records 2 Stores depot (for the issue) 3 Medical Corps records
  64. 64. In fact, many ‘signatures’ are really attributes An order to issue rum to a unit must be signed by an officer in the chain of command above the unit and by a doctor [Queen’s Regulations] The form is in triplicate: 1 Unit records 2 Stores depot (for the issue) 3 Medical Corps records In fact the (paper) order is malleable
  65. 65. In fact, many ‘signatures’ are really attributes An order to issue rum to a unit must be signed by an officer in the chain of command above the unit and by a doctor [Queen’s Regulations] The form is in triplicate: 1 Unit records 2 Stores depot (for the issue) 3 Medical Corps records In fact the (paper) order is malleable, JHD signed 1 and 2, the unit got the rum, and the (medical) doctor signed 3 later
  66. 66. In fact, many ‘signatures’ are really attributes An order to issue rum to a unit must be signed by an officer in the chain of command above the unit and by a doctor [Queen’s Regulations] The form is in triplicate: 1 Unit records 2 Stores depot (for the issue) 3 Medical Corps records In fact the (paper) order is malleable, JHD signed 1 and 2, the unit got the rum, and the (medical) doctor signed 3 later There are inconsistent forms in the system, but no suspicions were raised
  67. 67. How does one establish/verify attributes?
  68. 68. How does one establish/verify attributes? The attribute “ability to cast X’s vote in person”
  69. 69. How does one establish/verify attributes? The attribute “ability to cast X’s vote in person” Note that votes can only be cast at X’s polling station (normally based on where X lives)
  70. 70. How does one establish/verify attributes? The attribute “ability to cast X’s vote in person” Note that votes can only be cast at X’s polling station (normally based on where X lives) A Claim to be X. If you have X’s polling card (sent by post) and aren’t implausible (e.g. wrong sex) this is trivial
  71. 71. How does one establish/verify attributes? The attribute “ability to cast X’s vote in person” Note that votes can only be cast at X’s polling station (normally based on where X lives) A Claim to be X. If you have X’s polling card (sent by post) and aren’t implausible (e.g. wrong sex) this is trivial If you don’t have the polling card, it requires knowing address, and possibly more
  72. 72. How does one establish/verify attributes? The attribute “ability to cast X’s vote in person” Note that votes can only be cast at X’s polling station (normally based on where X lives) A Claim to be X. If you have X’s polling card (sent by post) and aren’t implausible (e.g. wrong sex) this is trivial If you don’t have the polling card, it requires knowing address, and possibly more If the real X turns up later, there’s an investigation, and your ballot found and removed
  73. 73. How does one establish/verify attributes? The attribute “ability to cast X’s vote in person” Note that votes can only be cast at X’s polling station (normally based on where X lives) A Claim to be X. If you have X’s polling card (sent by post) and aren’t implausible (e.g. wrong sex) this is trivial If you don’t have the polling card, it requires knowing address, and possibly more If the real X turns up later, there’s an investigation, and your ballot found and removed B Get a proxy vote. Write in, saying “I, X, am currently at Y, please send me a proxy form”. There is then some to/fro with forms, and you have a form saying “Z is allowed to vote as X’s proxy”
  74. 74. How does one establish/verify attributes? The attribute “ability to cast X’s vote in person” Note that votes can only be cast at X’s polling station (normally based on where X lives) A Claim to be X. If you have X’s polling card (sent by post) and aren’t implausible (e.g. wrong sex) this is trivial If you don’t have the polling card, it requires knowing address, and possibly more If the real X turns up later, there’s an investigation, and your ballot found and removed B Get a proxy vote. Write in, saying “I, X, am currently at Y, please send me a proxy form”. There is then some to/fro with forms, and you have a form saying “Z is allowed to vote as X’s proxy” You need to forge X’s signature on the forms, but no-one has a master to check it against!
  75. 75. How does one establish/verify attributes? The attribute “ability to cast X’s vote in person” Note that votes can only be cast at X’s polling station (normally based on where X lives) A Claim to be X. If you have X’s polling card (sent by post) and aren’t implausible (e.g. wrong sex) this is trivial If you don’t have the polling card, it requires knowing address, and possibly more If the real X turns up later, there’s an investigation, and your ballot found and removed B Get a proxy vote. Write in, saying “I, X, am currently at Y, please send me a proxy form”. There is then some to/fro with forms, and you have a form saying “Z is allowed to vote as X’s proxy” You need to forge X’s signature on the forms, but no-one has a master to check it against! Again, an investigation if X turns up later
  76. 76. Voting continued
  77. 77. Voting continued However, the proxy has to turn up at X’s polling station
  78. 78. Voting continued However, the proxy has to turn up at X’s polling station You can get round this with a ‘postal proxy’
  79. 79. Voting continued However, the proxy has to turn up at X’s polling station You can get round this with a ‘postal proxy’, but why bother, just use postal votes
  80. 80. Voting continued However, the proxy has to turn up at X’s polling station You can get round this with a ‘postal proxy’, but why bother, just use postal votes “sack loads of postal votes were driven to a ‘vote-rigging factory’
  81. 81. Voting continued However, the proxy has to turn up at X’s polling station You can get round this with a ‘postal proxy’, but why bother, just use postal votes “sack loads of postal votes were driven to a ‘vote-rigging factory’ . . . A box of postal ballots also ‘mysteriously appeared’ at a count
  82. 82. Voting continued However, the proxy has to turn up at X’s polling station You can get round this with a ‘postal proxy’, but why bother, just use postal votes “sack loads of postal votes were driven to a ‘vote-rigging factory’ . . . A box of postal ballots also ‘mysteriously appeared’ at a count . . . the postal voting system was ‘wide open’ to criminals”
  83. 83. Voting continued However, the proxy has to turn up at X’s polling station You can get round this with a ‘postal proxy’, but why bother, just use postal votes “sack loads of postal votes were driven to a ‘vote-rigging factory’ . . . A box of postal ballots also ‘mysteriously appeared’ at a count . . . the postal voting system was ‘wide open’ to criminals” http://news.bbc.co.uk/2/hi/uk_news/politics/election_ 2010/england/8649379.stm
  84. 84. Voting continued However, the proxy has to turn up at X’s polling station You can get round this with a ‘postal proxy’, but why bother, just use postal votes “sack loads of postal votes were driven to a ‘vote-rigging factory’ . . . A box of postal ballots also ‘mysteriously appeared’ at a count . . . the postal voting system was ‘wide open’ to criminals” http://news.bbc.co.uk/2/hi/uk_news/politics/election_ 2010/england/8649379.stm “More than 30 allegations of postal vote irregularities have been reported to police forces in England” [2010]
  85. 85. UK Voting — Summary As with so much else, we have a system based on neighbourhoods and physical interaction, which is
  86. 86. UK Voting — Summary As with so much else, we have a system based on neighbourhoods and physical interaction, which is Easy to use One has to wonder how long this can continue
  87. 87. UK Voting — Summary As with so much else, we have a system based on neighbourhoods and physical interaction, which is Easy to use Easy to abuse One has to wonder how long this can continue
  88. 88. UK Voting — Summary As with so much else, we have a system based on neighbourhoods and physical interaction, which is Easy to use Easy to abuse reliant on detection One has to wonder how long this can continue
  89. 89. UK Voting — Summary As with so much else, we have a system based on neighbourhoods and physical interaction, which is Easy to use Easy to abuse reliant on detection × which is rare except in blatant cases One has to wonder how long this can continue
  90. 90. Other sorts of attributes If a student asks for a reference, I write one
  91. 91. Other sorts of attributes If a student asks for a reference, I write one generally on laser-printed letterhead
  92. 92. Other sorts of attributes If a student asks for a reference, I write one generally on laser-printed letterhead and often faxed or e-mailed
  93. 93. Other sorts of attributes If a student asks for a reference, I write one generally on laser-printed letterhead and often faxed or e-mailed × hence no physical clues
  94. 94. Other sorts of attributes If a student asks for a reference, I write one generally on laser-printed letterhead and often faxed or e-mailed × hence no physical clues and anyway, does the recipient know me
  95. 95. Other sorts of attributes If a student asks for a reference, I write one generally on laser-printed letterhead and often faxed or e-mailed × hence no physical clues and anyway, does the recipient know me or know my signature?
  96. 96. Other sorts of attributes If a student asks for a reference, I write one generally on laser-printed letterhead and often faxed or e-mailed × hence no physical clues and anyway, does the recipient know me or know my signature?
  97. 97. Other sorts of attributes If a student asks for a reference, I write one generally on laser-printed letterhead and often faxed or e-mailed × hence no physical clues and anyway, does the recipient know me or know my signature? Again, the “reference” culture is based on detection and investigation, and works because there’s a physical person in the job
  98. 98. Other sorts of attributes If a student asks for a reference, I write one generally on laser-printed letterhead and often faxed or e-mailed × hence no physical clues and anyway, does the recipient know me or know my signature? Again, the “reference” culture is based on detection and investigation, and works because there’s a physical person in the job If they can do the job, who cares? If they can’t, finding a forged reference or lie on CV is the easiest way to sack them
  99. 99. Conclusions
  100. 100. Conclusions The physical world has a presumption of honesty (just like the early Internet)
  101. 101. Conclusions The physical world has a presumption of honesty (just like the early Internet) (specific sub-areas, e.g. ATM, credit cards, have own rules)
  102. 102. Conclusions The physical world has a presumption of honesty (just like the early Internet) (specific sub-areas, e.g. ATM, credit cards, have own rules) This is enforced largely by fear of punishment
  103. 103. Conclusions The physical world has a presumption of honesty (just like the early Internet) (specific sub-areas, e.g. ATM, credit cards, have own rules) This is enforced largely by fear of punishment which relies on feasibility of punishment, generally through physical presence
  104. 104. Conclusions The physical world has a presumption of honesty (just like the early Internet) (specific sub-areas, e.g. ATM, credit cards, have own rules) This is enforced largely by fear of punishment which relies on feasibility of punishment, generally through physical presence
  105. 105. Conclusions The physical world has a presumption of honesty (just like the early Internet) (specific sub-areas, e.g. ATM, credit cards, have own rules) This is enforced largely by fear of punishment which relies on feasibility of punishment, generally through physical presence This world model sits ill with ‘Formal Methods’
  106. 106. Conclusions The physical world has a presumption of honesty (just like the early Internet) (specific sub-areas, e.g. ATM, credit cards, have own rules) This is enforced largely by fear of punishment which relies on feasibility of punishment, generally through physical presence This world model sits ill with ‘Formal Methods’, and even less well with the cryptographic mindset

×