Re: [ISN] Signs of Insecurity in Cyberspace - Analysis

From: mea culpa (jerichot_private)
Date: Sat Jul 04 1998 - 01:22:36 PDT

  • Next message: mea culpa: "[ISN] Anti-Nuke Cracker Strikes Again"

    Reply From: Matthew Patton <pattont_private>
    
    >As we move towards
    >electronic commerce, digital signatures that are as legally binding as
    >handwritten ones are a necessity. In such a world, certification
    >authorities will act as guarantors in much the way that notaries public do
    >now.
    
    Forgive me, I'm no crypto, digital signature, or legal expert but having
    attended a recent US DoD PKI briefing and spent some time with the speaker
    (LCDR P. Friedrichs - most knowledgable) we discussed at length some of
    these issues. The problem problem with digital signatures is that while you
    have some assurance that somebody had posession of a certificate and knew
    the private key, you have no idea if that person is the real holder. Most
    private keys are stored on enduser boxes which as most of us IT people are
    aware, have not an iota of security. Therefore proving that the key has
    always remained under the user's control  is impossible. Therefore the much
    treasured concept of non-repudiation is unattainable. I also disagree that
    ecommerce requires 100% guarentees as to the parties' identities. When you
    buy stuff from a street vendor, does he check your license, call up your
    office, or do a retina scan? No. He just takes your green backs or credit
    card and hopes they aren't fakes. It will be no different in the "wonderful
    electronic age."
    
    What prompted me to write this message was the last statement in the above
    quote. This concept of a CA guarenteeing anything is preposterous! A notary
    is intimately and physically involved in the transaction. A cert authority
    / "trusted 3rd party" isn't. All they provide is a directory of public keys
    and attached certificates. Namely infrastructure. (certs = public key +
    identity) Therefore the whole chain of trust falls flat on it's face. Ever
    wonder just how CA's are going to be assured of your identity? SSN? I don't
    think so. Not only is it patently illegal for identification purposes,
    getting multiples or for that matter not getting one in the first place is
    very much an option.
    
    >"The most important principle," said Richard
    >Schlechter for the EC's DGXIII at a recent conference on cryptography in
    >London, "is to be sure that if you're doing business over the Internet you
    >have a legal signature at the end."
    
    This guy ought to know better. In EVERY non-cyber transaction there are at
    least 2 parties in a room who can stare at each other, touch each other, or
    talk to each other before putting their signatures on a PHYSICAL piece of
    paper. Each party gets a copy as proof. This paper is what is submissable
    in court. In a 3 party system you STILL have the notary or adjudicator
    physically present. The crux of the issue is that EVERYTHING being done is
    physical, tangible. Even if you were to sign a paper and fax it back to the
    other party, that's still a physical piece of evidence. In cyberspace you
    have no physical representation.
    
    I also disagree that you need a signature to do transactions. The vast
    majority of financial interaction is done by ordinary people buying food,
    gas, appliances, books, clothes etc. at the local merchant. And nowhere in
    this vibrant economy is a signature a neccessity. Sure if you do a credit
    card or check payment you give them one, but just try proving the signature
    is valid in court. Neither I nor the store can prove it was indeed me who
    was there at the checkout line signing my name. Unless you have other
    sources of proof like video cameras. Ecommerce is perfect for the little
    stuff. If you're doing huge deals, a face to face will always be necessary
    I would think.
    
    Will we and society in general accept the premise that faster transactions
    and their reduced cost is an acceptable tradeoff with not knowing who we're
    dealing with? Will it be declared by legal or legislative fiat that this
    flawed model is good enough? That seems to be the case in some states. Do
    you really think you can drag somebody into court months or years (maybe
    just days afterword) and based on the fact that they 'may' have had
    posession of a key at the time, prove that the document is indeed genuine?
    Who is going to provide the evidence? The "trusted 3rd Pary"? Hardly. (I
    wish we would quit using that term. They can't be trusted in any useful
    way. They simply provide the infrastructure as a certificate clearing
    house. Are they going to notice that the same public key has been bound to
    multiple entities? Or that the same entity has multiple keys? Why should
    they care?) What you need is coroborating evidence from a 3rd party who was
    a witness to the transaction: a notary for example: a human.
    
    Even more sinister, is that the burden of proof to show that the key
    remained under perfect control (or was compromised) rests entirely on the
    defendant. Now wait just one minute! That flips the whole principle of
    American justice on it's head. Are we going to rewrite the Constitution too
    just so we can do ecommerce? I think not.
    
    Is it any wonder then that the financial organizations absolutely pan SET?
    These guys MUST worry about stuff holding up in a court.
    
    So is electronic commerce doomed? I don't think so. For all of it's flaws,
    PGP is highly popular for privacy though frankly no one uses it to prove
    identity. You can personally trust a handful of people, but do you then
    turn around and trust the people they trust? Was't it something like 6
    degrees of freedom and you'd know everybody in the world?
    
    I think the only viable ecommerce will be anonymous ecash. You can't prove
    who you are so why bother figuring it out or worrying about it? Obviously
    the bank may care some when they issue you 'credits' but they have a better
    chance of knowing who you are if it's a face to face thing.
    
    But what really matters is *NOT* who the person or entity doing the buying
    or selling is, it's the genuineness of the "coinage." THAT is the crucial
    problem. We solve this in the real world with elaborate printing, special
    paper and a HUGE but practically ignored degree of trust. "In God we
    trust," no kidding. The trick is to inspire the same confidence in
    electronic coins. So is it then sufficient that the bank get a cert from
    the Dept of Treasury and issue coin with that cert? Will every merchant be
    willing to accept the coins so marked? How do we deal with the literally
    thousands of banks and branch offices and each having their own signing
    keys? The infrastructure would be non-trivial, not to mention just more
    ways in which somebody's key will eventually be stolen. See if the banks
    are the ones doing the signing, it's a bit easier to hit them with the law
    if they start issuing "fake" coinage.
    
    Then again maybe we should adopt another practice from the real world. ONly
    a handful of tightly controlled plants actually print the money in
    circulation. It's moved to the banks via truck. So let's say each plant has
    their own signing key, all of like 6 total in the USA. Each bank receives
    it's "allotment" via a floppy disk carried by a courier. They load the
    money into the computer vault and sign the receipt (note, PHYSICAL
    evidence). When customers come to them for "money" they fill their smart
    cards or whatnot with a series of coins the bank has on hand. The customer
    goes out and spends them. Naturally each 'coin' would have to have a unique
    ID, just like we have on paper money today. That's easy. The potential
    problem is ensuring that the Dept. of Treas keeps those signing keys under
    strict control or has a means by which each "batch" of money gets a new key
    with a relatively short expiration time. This 'expiring' coinage practice
    corresponds perfectly with the Dept of Treas recalling old bills. You
    simply revoke/expire their certificate and any such cybercash rattling
    around becomes worthless. Naturally there has to be a robust means by which
    a customer with "old" coin can trade in his for some of the "new". All
    we've done really is exchange a physical representation of money into an
    electronic one. None of the long established banking mechanisms has changed
    in any significant way. If your are doing bank to bank transfers, you
    simply move the digital coins to the other end, making sure you delete them
    out of your vault. Otherwise you could have 2 different banks/entities both
    claiming to have possession of the same coin. As we all know, computer
    snafus aren't exactly rare events.
    
    Do we care if conceivably somebody manages to issue a coin with the same
    id's and also gets the signature correct? Isn't that what counterfeiting is
    today? I would argue that pulling off a successful fake coin in the digital
    age would be rather more difficult than the paper variety. But in truth,
    the problem domain is different. A counterfeiter today needs to find the
    special paper, the dyes, the patterns, a press etc. Things that require
    some doing to acquire. In the digital arena all he conceivably needs is
    enough computing power to brute force or otherwise cryptographically break
    the signing keys. I hope it is clear then that signing keys will have to be
    very long, of good quality, and be changed rather frequently
    (semi-annually?).
    
    Much like ATMs and credit cards these days I think we will end up adopting
    a strategy that simply puts a cap on liability: acceptable risk vs
    convenience. ATM and CC fraud is rampant, all I need is an account number
    and a pin. I can dumpster dive or brute force my way in. But note that ATM
    withdrawls are limited to 3 to 4 hundred dollars per day in many areas. The
    ecommerce equivalent could be say $2000 but as the good CMDR put it, "how
    many $2k transactions per millisecond?" Whereas current fraud can be caught
    by tracking usage patterns and back channels like video cameras, what are
    you doing to do in cyberspace? Arrest the guy on the other end of the
    TCP/IP link? But where is the 'other end'. In the physical world the only
    parallel we have to source bouncing is the Don having his soldiers do the
    dirty work. But law enforcement can still arrest the soldier for actually
    committing the crime. You going to arrest Harvard's system admin because
    one of his systems was the last jump off point for a guy defrauding
    Citibank? I don't think so. It seems if you are peddling fraud insurance,
    the 21st century is looking to be an opportunity of a lifetime.
    
    BTW, cryptography is only really useful for ensuring that the private key
    holder can read the message. It's when we extend "possession to identity"
    that we get into trouble.
    
    So what does this have to do with the DoD trying to use PKI? Well, frankly
    if I receive a message via email from general X saying I am to move my unit
    12 miles North and prepare to engage the enemy at 0400 I have just as good
    if not better assurance that the message is ligit. Today I might get a
    phone call from the general or his aide. Do I know his voice? Have I ever
    met the guy, know his manner of speach, his intonation? If I do, then my
    assurance level is very high. If not, it could be some peon or enemy
    playing a sick and deadly joke. How about if I get the directive over the
    Telex. Do I have any justified faith in the communications infrastructure
    that drives that? Just like with the telcos, what reason do I have for
    trusting them? None that I can fathom. Yet we still do.
    
    A perfect example of IMO grossly missplaced trust: the security of SIPRnet.
    
    I think it's simply a matter of showing people the mind boggling degree to
    which they have implicitly trusted these more mundane channels of
    communication. Doing it electronically is really not such a big leap of
    faith. In fact, I think it could be reasonablly argued that the confidence
    level is significantly better. Personally, when I see a memo digitally
    signed by DefSec. Hamry, I would be inclined to give it more credence than
    one I see on paper. After all, maybe his secretary, or someone else
    entirely whipped the thing up and forged his signature. I don't know his
    signature from John Doe's. Do you? The key upon which this whole house of
    cards rests, is naturally the methods by which identity is established and
    how well the policy is enforced. Unfortunately when you start distributing
    this function to a large number of registration authorities (largely due to
    logistical issues) my confidence level plummets. So what are the procedures
    and datapoints that together constitute acceptable assurance in
    establishing an identity? I haven't the foggiest idea.
    
    
    This email has wandered far afield of the ISN charter and I appologize. I
    will be happy to discuss this further off line with those more knowledgable
    than myself.
    
    --------
    It is by caffeine alone I set my mind in motion, it is by the beans of Java
    that thoughts acquire speed, the hands acquire shaking, the shaking becomes
    a warning, it is by caffeine alone I set my mind in motion.
    
    
    -o-
    Subscribe: mail majordomot_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:57:48 PDT