non-repudiation robin burke ect 582. midterm scores ave: 69 std. dev: 23 median: 75 max: 100 min: 35
TRANSCRIPT
Non-repudiation
Robin Burke
ECT 582
Midterm scores
Ave: 69 Std. dev: 23 Median: 75 Max: 100 Min: 35
Approximate grade
Mid 80s and up: As High 60s and to mid80s: Bs 50s to 60s: Cs 40s: Ds
Midterm
Answers
Law and Business
Legal systems make business possible (sorry libertarians)
Law establishes conditions for contract validity venues for disinterested mediation and
dispute resolution remedies for breach of contract mechanisms of enforcement
Law and E-Commerce
E-Commerce also needs legal systems
Complexitiesglobal scope / jurisdictionevolving technology landscapeautomation / liability
Evidence
Legal systems require evidenceevidentiary statutes predate digital eraslowly catching up
Non-repudiationmaintaining digital evidence for e-
commerce transactions
Legal structures
Common law long-established precedents in US and UK
Concepts writing signing notary competence presence negotiability
Problems for e-commerce
Is a digital contract "written"? digital media impermanent
Is a digital signature a "signature"? must be qualified with respect to key
purpose, policy, etc. Who bears liability?
private key compromise service disruption
Who will archive and how? digital media volatile archives must be secure
Example
Financial services lawbanks must retain canceled checks
• or facsimiles thereof (microfilm)
pre-dates digital era If we define "digital representation"
as equivalent to physical facsimilethen banks can store electronic scans
of canceled checks
Example
Jurisdictionlocation where suit can be broughtparty must have "minimum contacts"
with a jurisdiction to be summoned there
• US Constitutional law
Does the availability of web site constitute "minimum contacts"?
Legal frameworkUS Federal Federal law
Federal E-Sign actprovisions
• Technology-neutral• Electronic signatures have same status
as written ones• limits
• applies mostly to sale and lease contracts, will, trusts and other transactions explicitly excluded)
Legal FrameworkUS State Law Uniform Electronic Transactions Act
More specific than Federal law Enacted by 43 states Still technology-neutral
• Doesn't mention certificates, PKI, etc. Uniform Computer Information Transactions Act
Extremely controversial Enacted by 3 states: Maryland, Virginia, Iowa Major concern
• imposition of onerous license terms: self-help, reverse engineering, prevention of archiving, fair-use, etc.
UETA Provisions
Electronic Signature "an electronic sound, symbol. or process attached to or logically associated with
a record and executed or adopted by a person with the intent to sign the record."
Effect of Electronic Signature: A "signature may not be denied legal effect or enforceability solely because it is in
electronic form.""If a law requires a signature, an electronic signature satisfies the law."
Electronic Record "Means a record created, generated, sent, communicated, received, or stored
by electronic means." Effect of Electronic Record
A record "may not be denied legal effect or enforceability solely because it is in electronic form."
If a law requires a record to be in writing, an electronic record satisfies the law." A contract may not be denied legal effect or enforceability solely because an
electronic record was used in its formation." Effect of Electronic Agents
"The actions of machines ("electronic agents") programmed and used by people will bind the user of the machine, regardless of whether human review of a particular transaction has occurred."
Digital Signature Law
Utah Digital Signature Act (1995) Very specific
• Mentions public key cryptography, certificates, CRLs, etc.
• Licensing and regulation of CAs• Liabilities of users and CAs
Not widely emulated "Digital Signature Guidelines" (1999)
American Bar Association Guidelines for the deployment of PKI
• Expectations and liability associated with CAs, RAs, and users
International Laws
UN Model Law on Electronic Commercesimilar to UETA
EU Directive on Digital Signaturessimilar to Utah lawspecific requirements for PKI
State of law
Complex and unsettledDifferent laws in different states /
countries Catch-22
Slow adoption of PKI is tied to legal uncertainties
Lack of legal precedents / guidelines due to slow adoption
Break
Non-repudiation
System property Protocol
provides for the retention of evidencethat can be used to resolve disputesregarding transactions
Non-repudiation
Strong and substantial evidence of the identity of the signer of a message and of message integrity, sufficient to prevent a party from successfully denying the origin, submission or delivery of the message and the integrity of its contents.
– ABA Digital Signature Guidelines
Disputes
"I never said that."origin
"I never got your message."reception
"Check's in the mail."submission
Types needed
Non-repudiation of originNRO
Non-repudiation of deliveryNRD
Non-repudiation of submissionNRS
Non-repudiation of Origin
Evidence neededIdentity of originatorContents of messageTime of generation
• this may matter for establishing a negotiation sequence
Techniquestwo partythree party
Originator Digital Signature
Alice creates message M dates it T and signs it S
Alice sends M + T + S to Bob Bob uses Alice's public key certificate to
verify signature Bob archives
M + T + S Alice's public key certificate and CRL used to
verify it
Features
Identity and contents are protected Timestamping depends on the
accuracy of Alice's clock Alice needs digital signature capability
TTP Signature
Trusted third-party (Vicky) Receives Alice's transaction M
message Generates time stamp T Signs M + T
creating S' Returns to Alice Bob gets M + T + S'
can verify that whole transaction matches S' archives the message for dispute resolution also Vicky's certificate and CRL used to verify it
Features
Alice doesn't need to sign she can review message before sending Alice doesn't need a key pair
• lower PKI overhead Timestamp
Vicky's timestamp will be more reliable than Alice's
Identity less secure no digital signature from Alice
Vicky has access to message contents
TTP Digest Signature
Alice doesn't want to disclose M Same operation with hash of M using key k
creates hash H Sends H to Vicky
gets back H + T + S' Attaches M
encrypts M + k + H + T + S' Bob receives message
verifies that H is a true hash of M verifies Vicky's signature archives the transaction
Features
Alice needs encryption / hashing capability
Confidentiality is preserved Identity still a problem
In-line TTP
Receives Alice's transaction M message
Generates time stamp T Signs M + T creating S'
Archives M + T + S' Forwards M to Bob
perhaps with transaction id Bob can contact Vicky to get evidence
Features
Vicky does archiving Alice and Bob don't need encryption
capability Content and identity guarantees
TTP Token
Receives Alice's transaction M Generates time stamp T Creates a secure hash H of M + T using a
cryptographic key k Returns to Alice M + T + H Bob gets M + T + H
Bob can contact Vicky with H Vicky verifies that H matches message
Features
Content secure No PKI
Ordinary symmetric encryption sufficient
Identity less secure
Combination of methods
Originator Signature + TTP Digest Signature if we care about disclosure and recipient can archive
Originator Signature + In-line TTP if we don't care about disclosure and we want 3rd party archiving
In-line TTP could archive encrypted message Bob would need private key to access
evidence
Non-repudiation of delivery
Same information neededIdentity of recipientContent of messageTimestamp
Think of NRObut the origin message is the
acknowledgement of receipt
Signed receipt
Alice sends Bob M Bob
generates a timestamp T computes a hash of M = H signs H + T = S' sends Alice a receipt message H + T + S'
Alice checks H against her original message validates Bob's signature archives the receipt message
Features
Like digital signature NRO, but in reverse message = acknowledgement
Standardized part of S/MIME secure receipt of email available in MS Outlook
Other variants TTP Signature, In-Line etc.
• all the same options available
Problem
Requires that the recipient generate the receipt
What about the "reluctant recipient"?reason for NRD in the first place
Trusted Delivery Agent
Alice sends message of Vicky Bob must contact Vicky to access
messageVicky generates receipt
Non-repudiation of submission
Useful when what matters is submitting somethinga bidacceptance
Like NDDbut with the mail system
• or the bidding engine
doing the verification
Basic idea
Parties agree to non-repudiation mechanism
Evidence is generated during transaction Evidence is transmitted Evidence is verified Evidence is archived If necessary
Evidence is retrieved Evidence is presented for dispute resolution
Digital evidence
Evidence will be strong ifsecure chain of custody from creation
to presentationproperties of authenticity and integritypolicies of the CA and TTP
Secure bidding
Suppose Alice doesn't want Bob to know the contents of her message a bid to be unsealed later
Additional safeguards Alice shouldn't be able to change her mind Bob shouldn't be able to read her bid
"Commitment protocol" Alice commits to an answer but doesn't
reveal it
Commitment protocol
Alice encrypts M with symmetric key k produces ciphertext C generates the transaction based on C
Bob gets Alice's bid C he can verify identity and timestamp gets copy of C
When bids are revealed Alice transmits k Bid can be read
Homework #4
Use secure email digital signature encryption
Get certificate from www.thawte.com cannot use web mail if necessary, open a new hotmail account Use Outlook Express or Netscape
Communicator