non-repudiation robin burke ect 582. midterm scores ave: 69 std. dev: 23 median: 75 max: 100 min: 35

Non-repudiation

Robin Burke

ECT 582

Midterm scores

Ave: 69 Std. dev: 23 Median: 75 Max: 100 Min: 35

Approximate grade

Mid 80s and up: As High 60s and to mid80s: Bs 50s to 60s: Cs 40s: Ds

Midterm

Answers

Law and Business

Legal systems make business possible (sorry libertarians)

Law establishes conditions for contract validity venues for disinterested mediation and

dispute resolution remedies for breach of contract mechanisms of enforcement

Law and E-Commerce

E-Commerce also needs legal systems

Complexitiesglobal scope / jurisdictionevolving technology landscapeautomation / liability

Evidence

Legal systems require evidenceevidentiary statutes predate digital eraslowly catching up

Non-repudiationmaintaining digital evidence for e-

commerce transactions

Legal structures

Common law long-established precedents in US and UK

Concepts writing signing notary competence presence negotiability

Problems for e-commerce

Is a digital contract "written"? digital media impermanent

Is a digital signature a "signature"? must be qualified with respect to key

purpose, policy, etc. Who bears liability?

private key compromise service disruption

Who will archive and how? digital media volatile archives must be secure

Example

Financial services lawbanks must retain canceled checks

• or facsimiles thereof (microfilm)

pre-dates digital era If we define "digital representation"

as equivalent to physical facsimilethen banks can store electronic scans

of canceled checks

Example

Jurisdictionlocation where suit can be broughtparty must have "minimum contacts"

with a jurisdiction to be summoned there

• US Constitutional law

Does the availability of web site constitute "minimum contacts"?

Legal frameworkUS Federal Federal law

Federal E-Sign actprovisions

• Technology-neutral• Electronic signatures have same status

as written ones• limits

• applies mostly to sale and lease contracts, will, trusts and other transactions explicitly excluded)

Legal FrameworkUS State Law Uniform Electronic Transactions Act

More specific than Federal law Enacted by 43 states Still technology-neutral

• Doesn't mention certificates, PKI, etc. Uniform Computer Information Transactions Act

Extremely controversial Enacted by 3 states: Maryland, Virginia, Iowa Major concern

• imposition of onerous license terms: self-help, reverse engineering, prevention of archiving, fair-use, etc.

UETA Provisions

Electronic Signature "an electronic sound, symbol. or process attached to or logically associated with

a record and executed or adopted by a person with the intent to sign the record."

Effect of Electronic Signature: A "signature may not be denied legal effect or enforceability solely because it is in

electronic form.""If a law requires a signature, an electronic signature satisfies the law."

Electronic Record "Means a record created, generated, sent, communicated, received, or stored

by electronic means." Effect of Electronic Record

A record "may not be denied legal effect or enforceability solely because it is in electronic form."

If a law requires a record to be in writing, an electronic record satisfies the law." A contract may not be denied legal effect or enforceability solely because an

electronic record was used in its formation." Effect of Electronic Agents

"The actions of machines ("electronic agents") programmed and used by people will bind the user of the machine, regardless of whether human review of a particular transaction has occurred."

Digital Signature Law

Utah Digital Signature Act (1995) Very specific

• Mentions public key cryptography, certificates, CRLs, etc.

• Licensing and regulation of CAs• Liabilities of users and CAs

Not widely emulated "Digital Signature Guidelines" (1999)

American Bar Association Guidelines for the deployment of PKI

• Expectations and liability associated with CAs, RAs, and users

International Laws

UN Model Law on Electronic Commercesimilar to UETA

EU Directive on Digital Signaturessimilar to Utah lawspecific requirements for PKI

State of law

Complex and unsettledDifferent laws in different states /

countries Catch-22

Slow adoption of PKI is tied to legal uncertainties

Lack of legal precedents / guidelines due to slow adoption

Break

Non-repudiation

System property Protocol

provides for the retention of evidencethat can be used to resolve disputesregarding transactions

Non-repudiation

Strong and substantial evidence of the identity of the signer of a message and of message integrity, sufficient to prevent a party from successfully denying the origin, submission or delivery of the message and the integrity of its contents.

– ABA Digital Signature Guidelines

Disputes

"I never said that."origin

"I never got your message."reception

"Check's in the mail."submission

Types needed

Non-repudiation of originNRO

Non-repudiation of deliveryNRD

Non-repudiation of submissionNRS

Non-repudiation of Origin

Evidence neededIdentity of originatorContents of messageTime of generation

• this may matter for establishing a negotiation sequence

Techniquestwo partythree party

Originator Digital Signature

Alice creates message M dates it T and signs it S

Alice sends M + T + S to Bob Bob uses Alice's public key certificate to

verify signature Bob archives

M + T + S Alice's public key certificate and CRL used to

verify it

Features

Identity and contents are protected Timestamping depends on the

accuracy of Alice's clock Alice needs digital signature capability

TTP Signature

Trusted third-party (Vicky) Receives Alice's transaction M

message Generates time stamp T Signs M + T

creating S' Returns to Alice Bob gets M + T + S'

can verify that whole transaction matches S' archives the message for dispute resolution also Vicky's certificate and CRL used to verify it

Features

Alice doesn't need to sign she can review message before sending Alice doesn't need a key pair

• lower PKI overhead Timestamp

Vicky's timestamp will be more reliable than Alice's

Identity less secure no digital signature from Alice

Vicky has access to message contents

TTP Digest Signature

Alice doesn't want to disclose M Same operation with hash of M using key k

creates hash H Sends H to Vicky

gets back H + T + S' Attaches M

encrypts M + k + H + T + S' Bob receives message

verifies that H is a true hash of M verifies Vicky's signature archives the transaction

Features

Alice needs encryption / hashing capability

Confidentiality is preserved Identity still a problem

In-line TTP

Receives Alice's transaction M message

Generates time stamp T Signs M + T creating S'

Archives M + T + S' Forwards M to Bob

perhaps with transaction id Bob can contact Vicky to get evidence

Features

Vicky does archiving Alice and Bob don't need encryption

capability Content and identity guarantees

TTP Token

Receives Alice's transaction M Generates time stamp T Creates a secure hash H of M + T using a

cryptographic key k Returns to Alice M + T + H Bob gets M + T + H

Bob can contact Vicky with H Vicky verifies that H matches message

Features

Content secure No PKI

Ordinary symmetric encryption sufficient

Identity less secure

Combination of methods

Originator Signature + TTP Digest Signature if we care about disclosure and recipient can archive

Originator Signature + In-line TTP if we don't care about disclosure and we want 3rd party archiving

In-line TTP could archive encrypted message Bob would need private key to access

evidence

Non-repudiation of delivery

Same information neededIdentity of recipientContent of messageTimestamp

Think of NRObut the origin message is the

acknowledgement of receipt

Signed receipt

Alice sends Bob M Bob

generates a timestamp T computes a hash of M = H signs H + T = S' sends Alice a receipt message H + T + S'

Alice checks H against her original message validates Bob's signature archives the receipt message

Features

Like digital signature NRO, but in reverse message = acknowledgement

Standardized part of S/MIME secure receipt of email available in MS Outlook

Other variants TTP Signature, In-Line etc.

• all the same options available

Problem

Requires that the recipient generate the receipt

What about the "reluctant recipient"?reason for NRD in the first place

Trusted Delivery Agent

Alice sends message of Vicky Bob must contact Vicky to access

messageVicky generates receipt

Non-repudiation of submission

Useful when what matters is submitting somethinga bidacceptance

Like NDDbut with the mail system

• or the bidding engine

doing the verification

Basic idea

Parties agree to non-repudiation mechanism

Evidence is generated during transaction Evidence is transmitted Evidence is verified Evidence is archived If necessary

Evidence is retrieved Evidence is presented for dispute resolution

Digital evidence

Evidence will be strong ifsecure chain of custody from creation

to presentationproperties of authenticity and integritypolicies of the CA and TTP

Secure bidding

Suppose Alice doesn't want Bob to know the contents of her message a bid to be unsealed later

Additional safeguards Alice shouldn't be able to change her mind Bob shouldn't be able to read her bid

"Commitment protocol" Alice commits to an answer but doesn't

reveal it

Commitment protocol

Alice encrypts M with symmetric key k produces ciphertext C generates the transaction based on C

Bob gets Alice's bid C he can verify identity and timestamp gets copy of C

When bids are revealed Alice transmits k Bid can be read

Homework #4

Use secure email digital signature encryption

Get certificate from www.thawte.com cannot use web mail if necessary, open a new hotmail account Use Outlook Express or Netscape

Communicator