Скачать презентацию Non-repudiation Robin Burke ECT 582 Midterm scores Скачать презентацию Non-repudiation Robin Burke ECT 582 Midterm scores

0120b29149bdc47c2cdac9702bd19b80.ppt

  • Количество слайдов: 45

Non-repudiation Robin Burke ECT 582 Non-repudiation Robin Burke ECT 582

Midterm scores Ave: 69 ¢ Std. dev: 23 ¢ Median: 75 ¢ Max: 100 Midterm scores Ave: 69 ¢ Std. dev: 23 ¢ Median: 75 ¢ Max: 100 ¢ Min: 35 ¢

Approximate grade Mid 80 s and up: As ¢ High 60 s and to Approximate grade Mid 80 s and up: As ¢ High 60 s and to mid 80 s: Bs ¢ 50 s to 60 s: Cs ¢ 40 s: Ds ¢

Midterm ¢ Answers Midterm ¢ Answers

Law and Business ¢ Legal systems make business possible l ¢ (sorry libertarians) Law Law and Business ¢ Legal systems make business possible l ¢ (sorry libertarians) Law establishes l l conditions for contract validity venues for disinterested mediation and dispute resolution remedies for breach of contract mechanisms of enforcement

Law and E-Commerce also needs legal systems ¢ Complexities ¢ global scope / jurisdiction Law and E-Commerce also needs legal systems ¢ Complexities ¢ global scope / jurisdiction l evolving technology landscape l automation / liability l

Evidence ¢ Legal systems require evidence evidentiary statutes predate digital era l slowly catching Evidence ¢ Legal systems require evidence evidentiary statutes predate digital era l slowly catching up l ¢ Non-repudiation l maintaining digital evidence for ecommerce transactions

Legal structures ¢ Common law l ¢ long-established precedents in US and UK Concepts Legal structures ¢ Common law l ¢ long-established precedents in US and UK Concepts l l l writing signing notary competence presence negotiability

Problems for e-commerce ¢ Is a digital contract Problems for e-commerce ¢ Is a digital contract "written"? l ¢ Is a digital signature a "signature"? l ¢ must be qualified with respect to key purpose, policy, etc. Who bears liability? l l ¢ digital media impermanent private key compromise service disruption Who will archive and how? l l digital media volatile archives must be secure

Example ¢ Financial services law l banks must retain canceled checks • or facsimiles Example ¢ Financial services law l banks must retain canceled checks • or facsimiles thereof (microfilm) l ¢ pre-dates digital era If we define "digital representation" as equivalent to physical facsimile l then banks can store electronic scans of canceled checks l

Example ¢ Jurisdiction location where suit can be brought l party must have Example ¢ Jurisdiction location where suit can be brought l party must have "minimum contacts" with a jurisdiction to be summoned there l • US Constitutional law ¢ Does the availability of web site constitute "minimum contacts"?

Legal framework US Federal ¢ Federal law Federal E-Sign act l provisions l • Legal framework US Federal ¢ Federal law Federal E-Sign act l provisions l • Technology-neutral • Electronic signatures have same status as written ones • limits • applies mostly to sale and lease contracts, will, trusts and other transactions explicitly excluded)

Legal Framework US State Law ¢ Uniform Electronic Transactions Act l More specific than Legal Framework US State Law ¢ Uniform Electronic Transactions Act l More specific than Federal law l Enacted by 43 states l Still technology-neutral • Doesn't mention certificates, PKI, etc. ¢ Uniform Computer Information Transactions Act l Extremely controversial l Enacted by 3 states: Maryland, Virginia, Iowa l Major concern • imposition of onerous license terms: self-help, reverse engineering, prevention of archiving, fair-use, etc.

UETA Provisions ¢ Electronic Signature l ¢ Effect of Electronic Signature: A l ¢ UETA Provisions ¢ Electronic Signature l ¢ Effect of Electronic Signature: A l ¢ "Means a record created, generated, sent, communicated, received, or stored by electronic means. " Effect of Electronic Record l l l ¢ "signature may not be denied legal effect or enforceability solely because it is in electronic form. " "If a law requires a signature, an electronic signature satisfies the law. " Electronic Record l ¢ "an electronic sound, symbol. or process attached to or logically associated with a record and executed or adopted by a person with the intent to sign the record. " A record "may not be denied legal effect or enforceability solely because it is in electronic form. " If a law requires a record to be in writing, an electronic record satisfies the law. " A contract may not be denied legal effect or enforceability solely because an electronic record was used in its formation. " Effect of Electronic Agents l "The actions of machines ("electronic agents") programmed and used by people will bind the user of the machine, regardless of whether human review of a particular transaction has occurred. "

Digital Signature Law ¢ Utah Digital Signature Act (1995) l Very specific • Mentions Digital Signature Law ¢ Utah Digital Signature Act (1995) l Very specific • Mentions public key cryptography, certificates, CRLs, etc. • Licensing and regulation of CAs • Liabilities of users and CAs l ¢ Not widely emulated "Digital Signature Guidelines" (1999) l l American Bar Association Guidelines for the deployment of PKI • Expectations and liability associated with CAs, RAs, and users

International Laws ¢ UN Model Law on Electronic Commerce l ¢ similar to UETA International Laws ¢ UN Model Law on Electronic Commerce l ¢ similar to UETA EU Directive on Digital Signatures similar to Utah law l specific requirements for PKI l

State of law ¢ Complex and unsettled l ¢ Different laws in different states State of law ¢ Complex and unsettled l ¢ Different laws in different states / countries Catch-22 Slow adoption of PKI is tied to legal uncertainties l Lack of legal precedents / guidelines due to slow adoption l

Break Break

Non-repudiation System property ¢ Protocol ¢ provides for the retention of evidence l that Non-repudiation System property ¢ Protocol ¢ provides for the retention of evidence l that can be used to resolve disputes l regarding transactions l

Non-repudiation ¢ Strong and substantial evidence of the identity of the signer of a Non-repudiation ¢ Strong and substantial evidence of the identity of the signer of a message and of message integrity, sufficient to prevent a party from successfully denying the origin, submission or delivery of the message and the integrity of its contents. – ABA Digital Signature Guidelines

Disputes ¢ Disputes ¢ "I never said that. " l ¢ "I never got your message. " l ¢ origin reception "Check's in the mail. " l submission

Types needed ¢ Non-repudiation of origin l ¢ Non-repudiation of delivery l ¢ NRO Types needed ¢ Non-repudiation of origin l ¢ Non-repudiation of delivery l ¢ NRO NRD Non-repudiation of submission l NRS

Non-repudiation of Origin ¢ Evidence needed Identity of originator l Contents of message l Non-repudiation of Origin ¢ Evidence needed Identity of originator l Contents of message l Time of generation l • this may matter for establishing a negotiation sequence ¢ Techniques two party l three party l

Originator Digital Signature ¢ Alice l l l ¢ ¢ ¢ creates message M Originator Digital Signature ¢ Alice l l l ¢ ¢ ¢ creates message M dates it T and signs it S Alice sends M + T + S to Bob uses Alice's public key certificate to verify signature Bob archives l l M+T+S Alice's public key certificate and CRL used to verify it

Features Identity and contents are protected ¢ Timestamping depends on the accuracy of Alice's Features Identity and contents are protected ¢ Timestamping depends on the accuracy of Alice's clock ¢ Alice needs digital signature capability ¢

TTP Signature ¢ ¢ ¢ Trusted third-party (Vicky) Receives Alice's transaction M l message TTP Signature ¢ ¢ ¢ Trusted third-party (Vicky) Receives Alice's transaction M l message Generates time stamp T Signs M + T l creating S' Returns to Alice Bob gets M + T + S' l can verify that whole transaction matches S' l archives the message for dispute resolution l also Vicky's certificate and CRL used to verify it

Features ¢ Alice doesn't need to sign l l she can review message before Features ¢ Alice doesn't need to sign l l she can review message before sending Alice doesn't need a key pair • lower PKI overhead ¢ Timestamp l ¢ Identity less secure l ¢ Vicky's timestamp will be more reliable than Alice's no digital signature from Alice Vicky has access to message contents

TTP Digest Signature ¢ ¢ ¢ Alice doesn't want to disclose M Same operation TTP Digest Signature ¢ ¢ ¢ Alice doesn't want to disclose M Same operation with hash of M using key k l creates hash H Sends H to Vicky l gets back H + T + S' Attaches M l encrypts M + k + H + T + S' Bob receives message l verifies that H is a true hash of M l verifies Vicky's signature l archives the transaction

Features Alice needs encryption / hashing capability ¢ Confidentiality is preserved ¢ Identity still Features Alice needs encryption / hashing capability ¢ Confidentiality is preserved ¢ Identity still a problem ¢

In-line TTP ¢ Receives Alice's transaction M l ¢ Generates time stamp T l In-line TTP ¢ Receives Alice's transaction M l ¢ Generates time stamp T l l ¢ ¢ Signs M + T creating S' Archives M + T + S' Forwards M to Bob l ¢ message perhaps with transaction id Bob can contact Vicky to get evidence

Features Vicky does archiving ¢ Alice and Bob don't need encryption capability ¢ Content Features Vicky does archiving ¢ Alice and Bob don't need encryption capability ¢ Content and identity guarantees ¢

TTP Token ¢ ¢ ¢ Receives Alice's transaction M Generates time stamp T Creates TTP Token ¢ ¢ ¢ Receives Alice's transaction M Generates time stamp T Creates a secure hash H of M + T using a cryptographic key k Returns to Alice M + T + H Bob gets M + T + H l l Bob can contact Vicky with H Vicky verifies that H matches message

Features Content secure ¢ No PKI ¢ l ¢ Ordinary symmetric encryption sufficient Identity Features Content secure ¢ No PKI ¢ l ¢ Ordinary symmetric encryption sufficient Identity less secure

Combination of methods ¢ Originator Signature + TTP Digest Signature l l ¢ Originator Combination of methods ¢ Originator Signature + TTP Digest Signature l l ¢ Originator Signature + In-line TTP l l ¢ if we care about disclosure and recipient can archive if we don't care about disclosure and we want 3 rd party archiving In-line TTP could l l archive encrypted message Bob would need private key to access evidence

Non-repudiation of delivery ¢ Same information needed Identity of recipient l Content of message Non-repudiation of delivery ¢ Same information needed Identity of recipient l Content of message l Timestamp l ¢ Think of NRO l but the origin message is the acknowledgement of receipt

Signed receipt ¢ ¢ Alice sends Bob M Bob l l ¢ generates a Signed receipt ¢ ¢ Alice sends Bob M Bob l l ¢ generates a timestamp T computes a hash of M = H signs H + T = S' sends Alice a receipt message H + T + S' Alice l l l checks H against her original message validates Bob's signature archives the receipt message

Features ¢ Like digital signature NRO, but in reverse l ¢ Standardized part of Features ¢ Like digital signature NRO, but in reverse l ¢ Standardized part of S/MIME l l ¢ message = acknowledgement secure receipt of email available in MS Outlook Other variants l TTP Signature, In-Line etc. • all the same options available

Problem Requires that the recipient generate the receipt ¢ What about the Problem Requires that the recipient generate the receipt ¢ What about the "reluctant recipient"? ¢ l reason for NRD in the first place

Trusted Delivery Agent Alice sends message of Vicky ¢ Bob must contact Vicky to Trusted Delivery Agent Alice sends message of Vicky ¢ Bob must contact Vicky to access message ¢ l Vicky generates receipt

Non-repudiation of submission ¢ Useful when what matters is submitting something a bid l Non-repudiation of submission ¢ Useful when what matters is submitting something a bid l acceptance l ¢ Like NDD l but with the mail system • or the bidding engine l doing the verification

Basic idea ¢ ¢ ¢ Parties agree to non-repudiation mechanism Evidence is generated during Basic idea ¢ ¢ ¢ Parties agree to non-repudiation mechanism Evidence is generated during transaction Evidence is transmitted Evidence is verified Evidence is archived If necessary l l Evidence is retrieved Evidence is presented for dispute resolution

Digital evidence ¢ Evidence will be strong if secure chain of custody from creation Digital evidence ¢ Evidence will be strong if secure chain of custody from creation to presentation l properties of authenticity and integrity l policies of the CA and TTP l

Secure bidding ¢ Suppose Alice doesn't want Bob to know the contents of her Secure bidding ¢ Suppose Alice doesn't want Bob to know the contents of her message l ¢ Additional safeguards l l ¢ a bid to be unsealed later Alice shouldn't be able to change her mind Bob shouldn't be able to read her bid "Commitment protocol" l Alice commits to an answer but doesn't reveal it

Commitment protocol ¢ Alice encrypts M with symmetric key k l l ¢ Bob Commitment protocol ¢ Alice encrypts M with symmetric key k l l ¢ Bob gets Alice's bid C l l ¢ produces ciphertext C generates the transaction based on C he can verify identity and timestamp gets copy of C When bids are revealed l l Alice transmits k Bid can be read

Homework #4 ¢ Use secure email l l ¢ digital signature encryption Get certificate Homework #4 ¢ Use secure email l l ¢ digital signature encryption Get certificate from www. thawte. com l l l cannot use web mail if necessary, open a new hotmail account Use Outlook Express or Netscape Communicator