[Home] [Databases] [Search] [Feedback] [Help]
	Privacy Law Resources

You are here: WorldLII >> WorldLII Databases >> PrivLRes >> 2001 >> [2001] PrivLRes 8

[Global Search] [PrivLRes Search] [Help]

---

Calvin (2001) 'Internet technologies for eSecurity ' ([2001] CyberLRes 32) - [2001] PrivLRes 8

eSecurity

Seminar outline

Andrew Calvin

Senior Associate & Legal Technology Lawyer

Phillips Fox Lawyers

andrew.calvin@phillipsfox.com

July 2001

How do you want to live?

Security for computer technology is such a broad issue that this outline will only touch on a few issues. Operating systems, firewalls and many other products and technologies will not be addressed. Emphasis is given to policy issues and public key technology.

• Personal security

Do you live as if the world is out to get you? Do you want to live like that? What does it do to you to live that way? How far do we translate those attitudes from physical security to electronic security?

• Group security

Sometimes you don't feel as if you need security or confidentiality, but nevertheless you need to comply with wider needs around you; perhaps merely for the protection of the weaker or the paranoid.

• Security & confidentiality

The terms should be distinguished as the goals differ.

Goal 1: Security, authentication, non-interference with information

Goal 2: Confidentiality, privacy, non-disclosure of information

•  

• Because we can or because we should?

Too much technology is created because we can, rather than because we should (eg weight loss machines advertised on TV). How far should we go in using security for electronic communication?

• Why bother?

Confidence – peace of mind for personal issues and facilitation of commerce. However, it is not the only issue in establishing confidence; the whole supply chain is critical.

Privacy - there are just some things we don't want others to know.

• International cooperation

The OECD wishes to foster confidence in communications and information infrastructures[1] and to promote the use of cryptography without jeopardising public safety, law enforcement and national security.

The OECD defines Cryptography as "the discipline which embodies principles, means, and methods for the transformation of data in order to:

• hide its information content,
• establish its authenticity,
• prevent its undetected modification,
• prevent its repudiation, and/or
• prevent its unauthorised use.[2]"

What does the government want you to do?

• Public key infrastructure

The Australian Government has made a commitment to the use of public key certificates by setting up the Gatekeeper strategy. There are privacy implications in this, and the Privacy Commissioner (Malcolm Crompton -  http://www.privacy.gov.au)  has prepared a paper on privacy issues and PKI.

Gatekeeper is managed by the National Office for the Information Economy. It is the Commonwealth Government's strategy for the policy and use of PKI in government.[3] The NOIE manages accreditation of Registration Authorities and Certification Authorities insofar as government bodies are concerned.

The Gatekeeper strategy is the policy foundation for the promotion of the OECD goals.

Security methods

• Policies and processes

Policies and processes are the foundation of security in any form. Failures at this point render any further effort useless.

• Something you know

Passwords, pass phrases

• Something you have

Dongles

Encryption devices

• Something you are[4]

Biometric hardware

• All of the above

The strongest security will combine two or more systems. A classic example is the bank ATM which combines a policy on how cards are issued, the card itself, and a password/PIN.

Authentication

Authentication is about ensuring that the message received is that which was sent, and instilling confidence in the sender.

Humans have used sealing wax, rubber stamps, signatures other devices to authenticate messages. Their success has relied on a degree of uniqueness of the device. Today a digital certificate can be used in place of a rubber stamp, and instead of a rubber stamp you lock in your drawer, you use a certificate you lock with a pass phrase.

• I am who I say I am -v- Are you who I think you are?

Many systems rely on assertion, where the client forwards its credentials to the server, which checks them and permits/denies access. This is not particularly secure and it permits interception. NTLM in Windows NT4 operated in this fashion.

Windows 2000 implements Kerberos 5 security with extensions for public key authentication. Active Directory Services (ADS) is the security account data base. It is a step up from the previous NT Lan Manager in NT4. The client presents credentials to the server, and in a sense the server does likewise, but it is done using public keys rather than shared secret keys. A full discussion is beyond the scope of this paper.

Figure 1 The process of digitally signing and checking an email using public keys

Privacy

Privacy is concerned with ensuring that the message is received only by those chosen by the sender.

Encryption of information to ensure privacy has been carried out for many years. The Enigma machine of Word War 2 is famous, and armed forces continue to use hardware and paper-based methods to date.

Telephone and landline encryption has been available for many years. Many of the concepts used for telephone security have been adopted by internet security systems. For example, the STU-III telephone has been available since 1987 to encrypt transmissions of voice and fax, over land lines and wireless. It uses an EEPROM hardware “key” which the user is issued. It contains a cryptographic key based on user information. The system also uses a system-wide Compromised Key List which is updated and checked during each call. Traditionally in the USA it could only be obtained or purchased in specified circumstances. Setting up and maintaining them requires some effort.

Privacy in, say, email is usually achieved by encryption. Public key systems have become widely used, but require some effort.

Figure 2 Sending an encrypted email using public key encryption

Public keys/certificates

Public key encryption has been around in many guises for some time to provide authentication and privacy. A popular distribution today is PGP (http://web.mit.edu/network/pgp.html) which provides these through an informal infrastructre of mutual trust.

Commercially, digital certificates have become popular. Thawte describes a digital certificate as a digital passport, as well as “simply a statement signed by an independent and trusted third party.” It’s a little like the statement written on the back of passport photographs by the witness. The Dept of Foreign Affairs and Trade trusts that, by and large, most witnesses tell the truth, and that Australia Post can administer the application and renewal process. This system of trust is a form of infrastructure.

Most commercial certificates use the X.509 standard. The certificate describes the issuer, dates of validity, and the public key. The public key does not contain personal information.

Installing certificates may or may not be a difficult process. It usually involves a number of steps, some of which are not intuitive in current software such as Outlook 2000.

Keys are usually issued indefinitely, but they are usually only certified for a limited period. The certificate can be renewed (usually after payment!) indefinitely, but if the key is compromised it should be revoked a new one issued. The world at large is notified through certificate revocation lists published by certificate providers.

PK’s rely on an asymmetric algorithm, where one password is used to encrypt, and another is used to decrypt. The most common is the RSA algorithm, invented (discovered?) in 1977. It is patented but readily licensed.

PK cryptography is governed by IEEE P1363 (http://grouper.ieee.org/groups/1363/) which is under active development.

• Who can issue certificates?

Anyone can set themselves up as a Certification Authority, but whether or not that CA will be trusted is a different question. Most email and browser programs are set up with a list of trusted CAs. A user can add a new trusted CA, but the desire and ability to do so may vary widely among users. The Commonwealth of Australia has set up Gatekeeper to accredit CA's and Registration Authorities for government purposes.

• How are they installed?

A recent trial at installing an X.509 certificate from a major vendor was frustrating. Although the site provided a good series of web pages to permit installation of the certificate in Internet Explorer and Outlook 2000, problems remained. Outlook did not automatically install it, and a lengthy wade through the Options menu was required before it functioned.

Exporting and importing certificates on mulitple computers was also problematic, and eventually required further trips to the web site. However, the web site failed to function correctly for Internet Explorer 5.0 for Macintosh.

Certificates can be installed in many programs (eg Outlook, Acrobat) on many operating systems (eg PalmOS).

• Are they any good?

Thawte states that a 1,024 bit key is unlikely to be cracked before the death of our Sun. What is much more likely is that someone could guess the pass phrase because you used your birth date, spouse or cat’s name, or favourite make of motorcycle.

Trust in the CA is essential. Thawte states “Thawte hereby warrants that it performs checks on each and every certificate request with due diligence appropriate to the certification fee.” (my emphasis)

Another issue is that of privacy of the Certificate Authority. Thawte states “Currently, the database is held in the USA. Should there ever be a suggestion that your details might not be safe there we will move our database to another free nation. We can envisage no legitimate State interest in your personal information. We keep no private key information so your security cannot be compromised through Thawte.” (https://www.thawte.com/cgi/enroll/personal/step1.exe)

Public key storage

• Smart cards. Vendors such as Baltimore offer turnkey solutions to work with various operating systems such as Windows 2000 (http://www.baltimore.com/windows2000/index.html).
• Dongles. For example GlobalSign's eToken.[5]
• Software certificates
• PDAs. For example, Palm applications can use digital certificates with the AvantGo browser.
• Web sites. A user's browser can present its certificate to a web site to authenticate the user rather than transmit usernames and passwords.
• Signature pads. The ePad[6] checks pressure and speed of movement against data stored on a web site. It not only applies a digital signature but also a facsimile of the actual signature.

Practical uses

• Email

• Web sites

• ftp

• instant messaging/net meetings

Problems with technology

• Forged keys

At present it is unlikely that commercially available keys can be forged. However, weaknesses may be found in the algorithms, and brute force computing strength may develop beyond expectation.

• Administration

Making public users obtain a certificate can create a barrier to commerce (albeit a low one) which has economic impact for individual vendors.

• Cost

Management within an enterprise has been cumbersome, but systems are improving. For example, RSA's Keon has addressed many management issues.[7]

• Time

The process of providing evidence of identity to the RA can be an unwanted distraction.

• Loss/compromise

Certificate revocation lists need to be appropriately managed.

• Stupidity

I vivdly recall from my time in the Australian Army a sergeant who, about to encode a radio transmission, asked me for my girlfriend’s name to use as the key for the encryption.

Conclusion

The Australian government has created the Gatekeeper accrediation system to facilitate transacting with the government, and State and Territory agencies have indicated they will support the process. It is one of the few countries in the world making a  determined attempt to provide a legal and regulatory framework which will foster government dealings and could be adopted by the private sector.

Current public key systems are not perfect nor fully interoperable, but are a firm foundation for progress.

-oOo-