SlideShare une entreprise Scribd logo

Identity and Authentication: A computer scientist looks at the analogue world

J
J_H_Davenport

Lecture at Univeristy of Luxembourg 10 November 2010

1  sur  114
Télécharger pour lire hors ligne
Identity and Authentication: A computer scientist looks at the analogue world James Davenport Hebron & Medlock Professor of Information Technology University of Bath (U.K.) 10 November 2010
Thesis Cryptography is very concerned (and rightly so!) with issues like
Thesis Cryptography is very concerned (and rightly so!) with issues like Correctness
Thesis Cryptography is very concerned (and rightly so!) with issues like Correctness Provability
Thesis Cryptography is very concerned (and rightly so!) with issues like Correctness Provability Revocation
Thesis Cryptography is very concerned (and rightly so!) with issues like Correctness Provability Revocation Non-repudiability and so on
Thesis Cryptography is very concerned (and rightly so!) with issues like Correctness Provability Revocation Non-repudiability and so on
Thesis Cryptography is very concerned (and rightly so!) with issues like Correctness Provability Revocation Non-repudiability and so on What happens if we look at the analogue world around us this way?
Signatures/ Seals/ . . . For people, signatures have largely replaced seals in the West, whereas in other cultures personal seals are much more common
Signatures/ Seals/ . . . For people, signatures have largely replaced seals in the West, whereas in other cultures personal seals are much more common By cryptographic standards, both are easy to forge, or dispute
Signatures/ Seals/ . . . For people, signatures have largely replaced seals in the West, whereas in other cultures personal seals are much more common By cryptographic standards, both are easy to forge, or dispute Professional document examiners have a 6.5% error rate (at least)
Signatures/ Seals/ . . . For people, signatures have largely replaced seals in the West, whereas in other cultures personal seals are much more common By cryptographic standards, both are easy to forge, or dispute Professional document examiners have a 6.5% error rate (at least) we have a very weak biometric mechanism that works fairly well in practice [Anderson]
Signatures/ Seals/ . . . For people, signatures have largely replaced seals in the West, whereas in other cultures personal seals are much more common By cryptographic standards, both are easy to forge, or dispute Professional document examiners have a 6.5% error rate (at least) we have a very weak biometric mechanism that works fairly well in practice [Anderson] It is comparatively rare for signatures to be disputed in court: essentially a combination of context, and retrospective investigation
[English] Common Law
[English] Common Law A contract is just an accepted offer
[English] Common Law A contract is just an accepted offer Example: shop putting coffee on shelf at £2 is an offer; customer bringing it to the checkout is an acceptance
[English] Common Law A contract is just an accepted offer Example: shop putting coffee on shelf at £2 is an offer; customer bringing it to the checkout is an acceptance (Contrary to belief, there is no special law “it’s the price on the shelf, not the price in the computer, that counts”)
[English] Common Law A contract is just an accepted offer Example: shop putting coffee on shelf at £2 is an offer; customer bringing it to the checkout is an acceptance (Contrary to belief, there is no special law “it’s the price on the shelf, not the price in the computer, that counts”) Note that nothing is in writing
[English] Common Law A contract is just an accepted offer Example: shop putting coffee on shelf at £2 is an offer; customer bringing it to the checkout is an acceptance (Contrary to belief, there is no special law “it’s the price on the shelf, not the price in the computer, that counts”) Note that nothing is in writing An exchange of ASCII e-mails can constitute a contract
[English] Common Law A contract is just an accepted offer Example: shop putting coffee on shelf at £2 is an offer; customer bringing it to the checkout is an acceptance (Contrary to belief, there is no special law “it’s the price on the shelf, not the price in the computer, that counts”) Note that nothing is in writing An exchange of ASCII e-mails can constitute a contract If cryptography is necessary to make email contracts legal, then we ask more of digital media than we do of its predecessors [Wright1994]
Is this the death of cryptography?
Is this the death of cryptography? Of course not!
Is this the death of cryptography? Of course not! Cryptography may not be necessary, but it may be very useful
Is this the death of cryptography? Of course not! Cryptography may not be necessary, but it may be very useful Just because I make you an offer does not mean that I can, or intend to carry it out
Is this the death of cryptography? Of course not! Cryptography may not be necessary, but it may be very useful Just because I make you an offer does not mean that I can, or intend to carry it out (Ask anyone who’s purchased Viagra on the Internet!)
Is this the death of cryptography? Of course not! Cryptography may not be necessary, but it may be very useful Just because I make you an offer does not mean that I can, or intend to carry it out (Ask anyone who’s purchased Viagra on the Internet!) Human face-to-face contracts rely heavily on implicit trust
Is this the death of cryptography? Of course not! Cryptography may not be necessary, but it may be very useful Just because I make you an offer does not mean that I can, or intend to carry it out (Ask anyone who’s purchased Viagra on the Internet!) Human face-to-face contracts rely heavily on implicit trust, which is the main problem with all distance transactions (not necessarily Internet) — hence the U.S. term “wire fraud”
Why, then, signatures?
Why, then, signatures? Essentially, to create a connection between the offeror and the offer (acceptor and acceptance)
Why, then, signatures? Essentially, to create a connection between the offeror and the offer (acceptor and acceptance) The less physical the contract, the more important this becomes
Why, then, signatures? Essentially, to create a connection between the offeror and the offer (acceptor and acceptance) The less physical the contract, the more important this becomes There are other reasons: English law requires the transfer of land to be in a special form in writing
Why, then, signatures? Essentially, to create a connection between the offeror and the offer (acceptor and acceptance) The less physical the contract, the more important this becomes There are other reasons: English law requires the transfer of land to be in a special form in writing so that it can be taxed — 4%
Why, then, signatures? Essentially, to create a connection between the offeror and the offer (acceptor and acceptance) The less physical the contract, the more important this becomes There are other reasons: English law requires the transfer of land to be in a special form in writing so that it can be taxed — 4% It’s also very important when the offeror/acceptor is compound
Why, then, signatures? Essentially, to create a connection between the offeror and the offer (acceptor and acceptance) The less physical the contract, the more important this becomes There are other reasons: English law requires the transfer of land to be in a special form in writing so that it can be taxed — 4% It’s also very important when the offeror/acceptor is compound: what doe sit mean for a University to offer, or accept?
Statutes: 17.27 To select a Seal and a Mace for the University and to have the sole custody and use of the Seal and under detailed provisions to be contained in the Ordinances to provide that the use of the Seal and its witnessing or the execution of deeds on behalf of the University by Officers of the University and those persons nominated by the Council for this purpose may be dealt with as if the University was a Company incorporated under the provisions of the Companies Act 1985 or under any legislation in substitution therefor and in accordance with any resolution of the Council relating to the use of the Seal or the execution of deeds
27. USE OF THE SEAL OF THE UNIVERSITY In accordance with the provisions of Section 17.27 of the Statutes, power to affix the Seal of the University to a document may be exercised and witnessed either by two Members of the Council of the University or by one Member of the Council and the University Secretary (or, in the absence of the University Secretary, the Vice- Chancellor or Director of Finance). The Academic Registrar shall maintain a register of documents sealed in the name of the University under the terms of this Ordinance showing: (i) the identity of the document; (ii) the date the document was sealed; (iii) the names of the persons witnessing the use of the Seal in the name of the University and shall report each such transaction to Finance Committee on behalf of Council. Approved by Council 1st August 2010
27. USE OF THE SEAL OF THE UNIVERSITY In accordance with the provisions of Section 17.27 of the Statutes, power to affix the Seal of the University to a document may be exercised and witnessed either by two Members of the Council of the University or by one Member of the Council and the University Secretary (or, in the absence of the University Secretary, the Vice- Chancellor or Director of Finance). The Academic Registrar shall maintain a register of documents sealed in the name of the University under the terms of this Ordinance showing: (i) the identity of the document; (ii) the date the document was sealed; (iii) the names of the persons witnessing the use of the Seal in the name of the University and shall report each such transaction to Finance Committee on behalf of Council. Approved by Council 1st August 2010
Formally, this is a mess
Formally, this is a mess How do I know what the seal of the University looks like?
Formally, this is a mess How do I know what the seal of the University looks like? How do I know who the members of Council are?
Formally, this is a mess How do I know what the seal of the University looks like? How do I know who the members of Council are? How do I know who the University Secretary is?
Formally, this is a mess How do I know what the seal of the University looks like? How do I know who the members of Council are? How do I know who the University Secretary is? How do I know who the Directorof Finance is?
Formally, this is a mess How do I know what the seal of the University looks like? How do I know who the members of Council are? How do I know who the University Secretary is? How do I know who the Directorof Finance is? How do I know the University Secretary is absent?
Formally, this is a mess How do I know what the seal of the University looks like? How do I know who the members of Council are? How do I know who the University Secretary is? How do I know who the Directorof Finance is? How do I know the University Secretary is absent? How do I know what their signatures are?
Formally, this is a mess How do I know what the seal of the University looks like? How do I know who the members of Council are? How do I know who the University Secretary is? How do I know who the Directorof Finance is? How do I know the University Secretary is absent? How do I know what their signatures are?
Formally, this is a mess How do I know what the seal of the University looks like? How do I know who the members of Council are? How do I know who the University Secretary is? How do I know who the Directorof Finance is? How do I know the University Secretary is absent? How do I know what their signatures are? Note that the same objections could be raised about the other company
Formally, this is a mess How do I know what the seal of the University looks like? How do I know who the members of Council are? How do I know who the University Secretary is? How do I know who the Directorof Finance is? How do I know the University Secretary is absent? How do I know what their signatures are? Note that the same objections could be raised about the other company, though the names of the Directors are on record
Formally, this is a mess How do I know what the seal of the University looks like? How do I know who the members of Council are? How do I know who the University Secretary is? How do I know who the Directorof Finance is? How do I know the University Secretary is absent? How do I know what their signatures are? Note that the same objections could be raised about the other company, though the names of the Directors are on record The point of this is to establish intention
If we did want to use Cryptography
If we did want to use Cryptography “Member of Council” — probably an attribute Γ
If we did want to use Cryptography “Member of Council” — probably an attribute Γ “University Secretary” — probably an attribute ∆
If we did want to use Cryptography “Member of Council” — probably an attribute Γ “University Secretary” — probably an attribute ∆ “Director of Finance” — probably an attribute Ω
If we did want to use Cryptography “Member of Council” — probably an attribute Γ “University Secretary” — probably an attribute ∆ “Director of Finance” — probably an attribute Ω
If we did want to use Cryptography “Member of Council” — probably an attribute Γ “University Secretary” — probably an attribute ∆ “Director of Finance” — probably an attribute Ω Then attribute mechanisms [see Khader] can handle (Γ ∧ ∆) ∨ (Γ ∧ Ω)
If we did want to use Cryptography “Member of Council” — probably an attribute Γ “University Secretary” — probably an attribute ∆ “Director of Finance” — probably an attribute Ω Then attribute mechanisms [see Khader] can handle (Γ ∧ ∆) ∨ (Γ ∧ Ω), but Γ ∧ Γ is currently an unsolved problem
If we did want to use Cryptography “Member of Council” — probably an attribute Γ “University Secretary” — probably an attribute ∆ “Director of Finance” — probably an attribute Ω Then attribute mechanisms [see Khader] can handle (Γ ∧ ∆) ∨ (Γ ∧ Ω), but Γ ∧ Γ is currently an unsolved problem However, is it worth it?
In fact, many ‘signatures’ are really attributes
In fact, many ‘signatures’ are really attributes An order to issue rum to a unit must be signed by an officer in the chain of command above the unit and by a doctor [Queen’s Regulations]
In fact, many ‘signatures’ are really attributes An order to issue rum to a unit must be signed by an officer in the chain of command above the unit and by a doctor [Queen’s Regulations] The form is in triplicate:
In fact, many ‘signatures’ are really attributes An order to issue rum to a unit must be signed by an officer in the chain of command above the unit and by a doctor [Queen’s Regulations] The form is in triplicate: 1 Unit records
In fact, many ‘signatures’ are really attributes An order to issue rum to a unit must be signed by an officer in the chain of command above the unit and by a doctor [Queen’s Regulations] The form is in triplicate: 1 Unit records 2 Stores depot (for the issue)
In fact, many ‘signatures’ are really attributes An order to issue rum to a unit must be signed by an officer in the chain of command above the unit and by a doctor [Queen’s Regulations] The form is in triplicate: 1 Unit records 2 Stores depot (for the issue) 3 Medical Corps records
In fact, many ‘signatures’ are really attributes An order to issue rum to a unit must be signed by an officer in the chain of command above the unit and by a doctor [Queen’s Regulations] The form is in triplicate: 1 Unit records 2 Stores depot (for the issue) 3 Medical Corps records
In fact, many ‘signatures’ are really attributes An order to issue rum to a unit must be signed by an officer in the chain of command above the unit and by a doctor [Queen’s Regulations] The form is in triplicate: 1 Unit records 2 Stores depot (for the issue) 3 Medical Corps records In fact the (paper) order is malleable
In fact, many ‘signatures’ are really attributes An order to issue rum to a unit must be signed by an officer in the chain of command above the unit and by a doctor [Queen’s Regulations] The form is in triplicate: 1 Unit records 2 Stores depot (for the issue) 3 Medical Corps records In fact the (paper) order is malleable, JHD signed 1 and 2, the unit got the rum, and the (medical) doctor signed 3 later
In fact, many ‘signatures’ are really attributes An order to issue rum to a unit must be signed by an officer in the chain of command above the unit and by a doctor [Queen’s Regulations] The form is in triplicate: 1 Unit records 2 Stores depot (for the issue) 3 Medical Corps records In fact the (paper) order is malleable, JHD signed 1 and 2, the unit got the rum, and the (medical) doctor signed 3 later There are inconsistent forms in the system, but no suspicions were raised
How does one establish/verify attributes?
How does one establish/verify attributes? The attribute “ability to cast X’s vote in person”
How does one establish/verify attributes? The attribute “ability to cast X’s vote in person” Note that votes can only be cast at X’s polling station (normally based on where X lives)
How does one establish/verify attributes? The attribute “ability to cast X’s vote in person” Note that votes can only be cast at X’s polling station (normally based on where X lives) A Claim to be X. If you have X’s polling card (sent by post) and aren’t implausible (e.g. wrong sex) this is trivial
How does one establish/verify attributes? The attribute “ability to cast X’s vote in person” Note that votes can only be cast at X’s polling station (normally based on where X lives) A Claim to be X. If you have X’s polling card (sent by post) and aren’t implausible (e.g. wrong sex) this is trivial If you don’t have the polling card, it requires knowing address, and possibly more
How does one establish/verify attributes? The attribute “ability to cast X’s vote in person” Note that votes can only be cast at X’s polling station (normally based on where X lives) A Claim to be X. If you have X’s polling card (sent by post) and aren’t implausible (e.g. wrong sex) this is trivial If you don’t have the polling card, it requires knowing address, and possibly more If the real X turns up later, there’s an investigation, and your ballot found and removed
How does one establish/verify attributes? The attribute “ability to cast X’s vote in person” Note that votes can only be cast at X’s polling station (normally based on where X lives) A Claim to be X. If you have X’s polling card (sent by post) and aren’t implausible (e.g. wrong sex) this is trivial If you don’t have the polling card, it requires knowing address, and possibly more If the real X turns up later, there’s an investigation, and your ballot found and removed B Get a proxy vote. Write in, saying “I, X, am currently at Y, please send me a proxy form”. There is then some to/fro with forms, and you have a form saying “Z is allowed to vote as X’s proxy”
How does one establish/verify attributes? The attribute “ability to cast X’s vote in person” Note that votes can only be cast at X’s polling station (normally based on where X lives) A Claim to be X. If you have X’s polling card (sent by post) and aren’t implausible (e.g. wrong sex) this is trivial If you don’t have the polling card, it requires knowing address, and possibly more If the real X turns up later, there’s an investigation, and your ballot found and removed B Get a proxy vote. Write in, saying “I, X, am currently at Y, please send me a proxy form”. There is then some to/fro with forms, and you have a form saying “Z is allowed to vote as X’s proxy” You need to forge X’s signature on the forms, but no-one has a master to check it against!
How does one establish/verify attributes? The attribute “ability to cast X’s vote in person” Note that votes can only be cast at X’s polling station (normally based on where X lives) A Claim to be X. If you have X’s polling card (sent by post) and aren’t implausible (e.g. wrong sex) this is trivial If you don’t have the polling card, it requires knowing address, and possibly more If the real X turns up later, there’s an investigation, and your ballot found and removed B Get a proxy vote. Write in, saying “I, X, am currently at Y, please send me a proxy form”. There is then some to/fro with forms, and you have a form saying “Z is allowed to vote as X’s proxy” You need to forge X’s signature on the forms, but no-one has a master to check it against! Again, an investigation if X turns up later
Voting continued
Voting continued However, the proxy has to turn up at X’s polling station
Voting continued However, the proxy has to turn up at X’s polling station You can get round this with a ‘postal proxy’
Voting continued However, the proxy has to turn up at X’s polling station You can get round this with a ‘postal proxy’, but why bother, just use postal votes
Voting continued However, the proxy has to turn up at X’s polling station You can get round this with a ‘postal proxy’, but why bother, just use postal votes “sack loads of postal votes were driven to a ‘vote-rigging factory’
Voting continued However, the proxy has to turn up at X’s polling station You can get round this with a ‘postal proxy’, but why bother, just use postal votes “sack loads of postal votes were driven to a ‘vote-rigging factory’ . . . A box of postal ballots also ‘mysteriously appeared’ at a count
Voting continued However, the proxy has to turn up at X’s polling station You can get round this with a ‘postal proxy’, but why bother, just use postal votes “sack loads of postal votes were driven to a ‘vote-rigging factory’ . . . A box of postal ballots also ‘mysteriously appeared’ at a count . . . the postal voting system was ‘wide open’ to criminals”
Voting continued However, the proxy has to turn up at X’s polling station You can get round this with a ‘postal proxy’, but why bother, just use postal votes “sack loads of postal votes were driven to a ‘vote-rigging factory’ . . . A box of postal ballots also ‘mysteriously appeared’ at a count . . . the postal voting system was ‘wide open’ to criminals” http://news.bbc.co.uk/2/hi/uk_news/politics/election_ 2010/england/8649379.stm
Voting continued However, the proxy has to turn up at X’s polling station You can get round this with a ‘postal proxy’, but why bother, just use postal votes “sack loads of postal votes were driven to a ‘vote-rigging factory’ . . . A box of postal ballots also ‘mysteriously appeared’ at a count . . . the postal voting system was ‘wide open’ to criminals” http://news.bbc.co.uk/2/hi/uk_news/politics/election_ 2010/england/8649379.stm “More than 30 allegations of postal vote irregularities have been reported to police forces in England” [2010]
UK Voting — Summary As with so much else, we have a system based on neighbourhoods and physical interaction, which is
UK Voting — Summary As with so much else, we have a system based on neighbourhoods and physical interaction, which is Easy to use One has to wonder how long this can continue
UK Voting — Summary As with so much else, we have a system based on neighbourhoods and physical interaction, which is Easy to use Easy to abuse One has to wonder how long this can continue
UK Voting — Summary As with so much else, we have a system based on neighbourhoods and physical interaction, which is Easy to use Easy to abuse reliant on detection One has to wonder how long this can continue
UK Voting — Summary As with so much else, we have a system based on neighbourhoods and physical interaction, which is Easy to use Easy to abuse reliant on detection × which is rare except in blatant cases One has to wonder how long this can continue
Other sorts of attributes If a student asks for a reference, I write one
Other sorts of attributes If a student asks for a reference, I write one generally on laser-printed letterhead
Other sorts of attributes If a student asks for a reference, I write one generally on laser-printed letterhead and often faxed or e-mailed
Other sorts of attributes If a student asks for a reference, I write one generally on laser-printed letterhead and often faxed or e-mailed × hence no physical clues
Other sorts of attributes If a student asks for a reference, I write one generally on laser-printed letterhead and often faxed or e-mailed × hence no physical clues and anyway, does the recipient know me
Other sorts of attributes If a student asks for a reference, I write one generally on laser-printed letterhead and often faxed or e-mailed × hence no physical clues and anyway, does the recipient know me or know my signature?
Other sorts of attributes If a student asks for a reference, I write one generally on laser-printed letterhead and often faxed or e-mailed × hence no physical clues and anyway, does the recipient know me or know my signature?
Other sorts of attributes If a student asks for a reference, I write one generally on laser-printed letterhead and often faxed or e-mailed × hence no physical clues and anyway, does the recipient know me or know my signature? Again, the “reference” culture is based on detection and investigation, and works because there’s a physical person in the job
Other sorts of attributes If a student asks for a reference, I write one generally on laser-printed letterhead and often faxed or e-mailed × hence no physical clues and anyway, does the recipient know me or know my signature? Again, the “reference” culture is based on detection and investigation, and works because there’s a physical person in the job If they can do the job, who cares? If they can’t, finding a forged reference or lie on CV is the easiest way to sack them
Conclusions
Conclusions The physical world has a presumption of honesty (just like the early Internet)
Conclusions The physical world has a presumption of honesty (just like the early Internet) (specific sub-areas, e.g. ATM, credit cards, have own rules)
Conclusions The physical world has a presumption of honesty (just like the early Internet) (specific sub-areas, e.g. ATM, credit cards, have own rules) This is enforced largely by fear of punishment
Conclusions The physical world has a presumption of honesty (just like the early Internet) (specific sub-areas, e.g. ATM, credit cards, have own rules) This is enforced largely by fear of punishment which relies on feasibility of punishment, generally through physical presence
Conclusions The physical world has a presumption of honesty (just like the early Internet) (specific sub-areas, e.g. ATM, credit cards, have own rules) This is enforced largely by fear of punishment which relies on feasibility of punishment, generally through physical presence
Conclusions The physical world has a presumption of honesty (just like the early Internet) (specific sub-areas, e.g. ATM, credit cards, have own rules) This is enforced largely by fear of punishment which relies on feasibility of punishment, generally through physical presence This world model sits ill with ‘Formal Methods’
Conclusions The physical world has a presumption of honesty (just like the early Internet) (specific sub-areas, e.g. ATM, credit cards, have own rules) This is enforced largely by fear of punishment which relies on feasibility of punishment, generally through physical presence This world model sits ill with ‘Formal Methods’, and even less well with the cryptographic mindset

Recommandé

Жизнь замечательных ТЗ
Жизнь замечательных ТЗЖизнь замечательных ТЗ
Жизнь замечательных ТЗGrigoriy Pechenkin
 
SunGard Overview 2010
SunGard Overview 2010SunGard Overview 2010
SunGard Overview 2010brianrobins
 
How To Make Your Component Compliant
How To Make Your Component CompliantHow To Make Your Component Compliant
How To Make Your Component CompliantJan Gregersen
 
Сценарное планирование
Сценарное планированиеСценарное планирование
Сценарное планированиеGrigoriy Pechenkin
 
Mary Anne Burke Uof Md Rh Smith Bus Grad Audit Careers March 2012
Mary Anne Burke Uof Md Rh Smith Bus Grad Audit Careers March 2012Mary Anne Burke Uof Md Rh Smith Bus Grad Audit Careers March 2012
Mary Anne Burke Uof Md Rh Smith Bus Grad Audit Careers March 2012maryanneburke
 
Vedenin
VedeninVedenin
VedeninGrigoriy Pechenkin
 
Will the Kindle Save Reading?
Will the Kindle Save Reading?Will the Kindle Save Reading?
Will the Kindle Save Reading?Len Edgerly
 
Qliktechcorporateoverview
QliktechcorporateoverviewQliktechcorporateoverview
Qliktechcorporateoverviewivango1
 

Recommandé

Жизнь замечательных ТЗ
Жизнь замечательных ТЗЖизнь замечательных ТЗ
Жизнь замечательных ТЗGrigoriy Pechenkin
 
SunGard Overview 2010
SunGard Overview 2010SunGard Overview 2010
SunGard Overview 2010brianrobins
 
How To Make Your Component Compliant
How To Make Your Component CompliantHow To Make Your Component Compliant
How To Make Your Component CompliantJan Gregersen
 
Сценарное планирование
Сценарное планированиеСценарное планирование
Сценарное планированиеGrigoriy Pechenkin
 
Mary Anne Burke Uof Md Rh Smith Bus Grad Audit Careers March 2012
Mary Anne Burke Uof Md Rh Smith Bus Grad Audit Careers March 2012Mary Anne Burke Uof Md Rh Smith Bus Grad Audit Careers March 2012
Mary Anne Burke Uof Md Rh Smith Bus Grad Audit Careers March 2012maryanneburke
 
Vedenin
VedeninVedenin
VedeninGrigoriy Pechenkin
 
Will the Kindle Save Reading?
Will the Kindle Save Reading?Will the Kindle Save Reading?
Will the Kindle Save Reading?Len Edgerly
 
Qliktechcorporateoverview
QliktechcorporateoverviewQliktechcorporateoverview
Qliktechcorporateoverviewivango1
 
Kerdoivek osszesitese
Kerdoivek osszesiteseKerdoivek osszesitese
Kerdoivek osszesitesebara1
 
Kerdoivvalaszokosszesitese
KerdoivvalaszokosszesiteseKerdoivvalaszokosszesitese
Kerdoivvalaszokosszesitesebara1
 
A vilag het_termeszeti_csodaja
A vilag het_termeszeti_csodajaA vilag het_termeszeti_csodaja
A vilag het_termeszeti_csodajabara1
 
Asociatividad globalizacion
Asociatividad globalizacionAsociatividad globalizacion
Asociatividad globalizacionsmpchiclayo
 
Úkranía Janus
Úkranía JanusÚkranía Janus
Úkranía Janusjanusg
 
Business Analytics Lesson Of The Day August 2012
Business Analytics Lesson Of The Day August 2012Business Analytics Lesson Of The Day August 2012
Business Analytics Lesson Of The Day August 2012Pozzolini
 
Surtsey
SurtseySurtsey
Surtseyjanusg
 
JP deLange
JP deLangeJP deLange
JP deLangeJon-Paul deLange
 
20160418_JTS Overview
20160418_JTS Overview20160418_JTS Overview
20160418_JTS OverviewJon-Paul deLange
 
Its Not The Effort You Put In That Counts, Its The Results You Get Out.“
Its Not The Effort You Put In That Counts, Its The Results You Get Out.“Its Not The Effort You Put In That Counts, Its The Results You Get Out.“
Its Not The Effort You Put In That Counts, Its The Results You Get Out.“Pozzolini
 
Bakirova
BakirovaBakirova
BakirovaGrigoriy Pechenkin
 
Gallery
GalleryGallery
Galleryuspshooter
 
Бесконтактное обследование
Бесконтактное обследованиеБесконтактное обследование
Бесконтактное обследованиеGrigoriy Pechenkin
 
Диаграммы планов счетов
Диаграммы планов счетовДиаграммы планов счетов
Диаграммы планов счетовGrigoriy Pechenkin
 
Seven Principles For Systems Security
Seven Principles For Systems SecuritySeven Principles For Systems Security
Seven Principles For Systems Securityinvestoralist
 
Lokacii
LokaciiLokacii
Lokaciiguesta0d07d
 
Jess & Danny Math Exit Project
Jess & Danny Math Exit ProjectJess & Danny Math Exit Project
Jess & Danny Math Exit ProjectJessicaanddanny
 
Geek a-paloozaaa metro-xaml_appdev
Geek a-paloozaaa metro-xaml_appdevGeek a-paloozaaa metro-xaml_appdev
Geek a-paloozaaa metro-xaml_appdevJose Luis Latorre Millas
 
Server Virtualization Essay. Online assignment writing service.
Server Virtualization Essay. Online assignment writing service.Server Virtualization Essay. Online assignment writing service.
Server Virtualization Essay. Online assignment writing service.Angela Jennings
 
5 Paragraph Essay. Online assignment writing service.
5 Paragraph Essay. Online assignment writing service.5 Paragraph Essay. Online assignment writing service.
5 Paragraph Essay. Online assignment writing service.Katrina Duarte
 
Get Law Essay Writing Services By Top Practicin
Get Law Essay Writing Services By Top PracticinGet Law Essay Writing Services By Top Practicin
Get Law Essay Writing Services By Top PracticinCarli Ferrante
 
Eugenics Essay. Online assignment writing service.
Eugenics Essay. Online assignment writing service.Eugenics Essay. Online assignment writing service.
Eugenics Essay. Online assignment writing service.Cierra Leigh
 

Contenu connexe

En vedette

Kerdoivek osszesitese
Kerdoivek osszesiteseKerdoivek osszesitese
Kerdoivek osszesitesebara1
 
Kerdoivvalaszokosszesitese
KerdoivvalaszokosszesiteseKerdoivvalaszokosszesitese
Kerdoivvalaszokosszesitesebara1
 
A vilag het_termeszeti_csodaja
A vilag het_termeszeti_csodajaA vilag het_termeszeti_csodaja
A vilag het_termeszeti_csodajabara1
 
Asociatividad globalizacion
Asociatividad globalizacionAsociatividad globalizacion
Asociatividad globalizacionsmpchiclayo
 
Úkranía Janus
Úkranía JanusÚkranía Janus
Úkranía Janusjanusg
 
Business Analytics Lesson Of The Day August 2012
Business Analytics Lesson Of The Day August 2012Business Analytics Lesson Of The Day August 2012
Business Analytics Lesson Of The Day August 2012Pozzolini
 
Surtsey
SurtseySurtsey
Surtseyjanusg
 
Its Not The Effort You Put In That Counts, Its The Results You Get Out.“
Its Not The Effort You Put In That Counts, Its The Results You Get Out.“Its Not The Effort You Put In That Counts, Its The Results You Get Out.“
Its Not The Effort You Put In That Counts, Its The Results You Get Out.“Pozzolini
 
Бесконтактное обследование
Бесконтактное обследованиеБесконтактное обследование
Бесконтактное обследованиеGrigoriy Pechenkin
 
Диаграммы планов счетов
Диаграммы планов счетовДиаграммы планов счетов
Диаграммы планов счетовGrigoriy Pechenkin
 
Seven Principles For Systems Security
Seven Principles For Systems SecuritySeven Principles For Systems Security
Seven Principles For Systems Securityinvestoralist
 
Jess & Danny Math Exit Project
Jess & Danny Math Exit ProjectJess & Danny Math Exit Project
Jess & Danny Math Exit ProjectJessicaanddanny
 

En vedette (18)

Kerdoivek osszesitese
Kerdoivek osszesiteseKerdoivek osszesitese
Kerdoivek osszesitese
 
Kerdoivvalaszokosszesitese
KerdoivvalaszokosszesiteseKerdoivvalaszokosszesitese
Kerdoivvalaszokosszesitese
 
A vilag het_termeszeti_csodaja
A vilag het_termeszeti_csodajaA vilag het_termeszeti_csodaja
A vilag het_termeszeti_csodaja
 
Asociatividad globalizacion
Asociatividad globalizacionAsociatividad globalizacion
Asociatividad globalizacion
 
Úkranía Janus
Úkranía JanusÚkranía Janus
Úkranía Janus
 
Business Analytics Lesson Of The Day August 2012
Business Analytics Lesson Of The Day August 2012Business Analytics Lesson Of The Day August 2012
Business Analytics Lesson Of The Day August 2012
 
Surtsey
SurtseySurtsey
Surtsey
 
JP deLange
JP deLangeJP deLange
JP deLange
 
20160418_JTS Overview
20160418_JTS Overview20160418_JTS Overview
20160418_JTS Overview
 
Its Not The Effort You Put In That Counts, Its The Results You Get Out.“
Its Not The Effort You Put In That Counts, Its The Results You Get Out.“Its Not The Effort You Put In That Counts, Its The Results You Get Out.“
Its Not The Effort You Put In That Counts, Its The Results You Get Out.“
 
Bakirova
BakirovaBakirova
Bakirova
 
Gallery
GalleryGallery
Gallery
 
Бесконтактное обследование
Бесконтактное обследованиеБесконтактное обследование
Бесконтактное обследование
 
Диаграммы планов счетов
Диаграммы планов счетовДиаграммы планов счетов
Диаграммы планов счетов
 
Seven Principles For Systems Security
Seven Principles For Systems SecuritySeven Principles For Systems Security
Seven Principles For Systems Security
 
Lokacii
LokaciiLokacii
Lokacii
 
Jess & Danny Math Exit Project
Jess & Danny Math Exit ProjectJess & Danny Math Exit Project
Jess & Danny Math Exit Project
 
Geek a-paloozaaa metro-xaml_appdev
Geek a-paloozaaa metro-xaml_appdevGeek a-paloozaaa metro-xaml_appdev
Geek a-paloozaaa metro-xaml_appdev
 

Similaire à Identity and Authentication: A computer scientist looks at the analogue world

Server Virtualization Essay. Online assignment writing service.
Server Virtualization Essay. Online assignment writing service.Server Virtualization Essay. Online assignment writing service.
Server Virtualization Essay. Online assignment writing service.Angela Jennings
 
5 Paragraph Essay. Online assignment writing service.
5 Paragraph Essay. Online assignment writing service.5 Paragraph Essay. Online assignment writing service.
5 Paragraph Essay. Online assignment writing service.Katrina Duarte
 
Get Law Essay Writing Services By Top Practicin
Get Law Essay Writing Services By Top PracticinGet Law Essay Writing Services By Top Practicin
Get Law Essay Writing Services By Top PracticinCarli Ferrante
 
Eugenics Essay. Online assignment writing service.
Eugenics Essay. Online assignment writing service.Eugenics Essay. Online assignment writing service.
Eugenics Essay. Online assignment writing service.Cierra Leigh
 
Public i- Petitions by Law
Public i- Petitions by LawPublic i- Petitions by Law
Public i- Petitions by LawFraser Henderson
 
Polar Bear Writing Prompt By April Donaldson Teacher
Polar Bear Writing Prompt By April Donaldson TeacherPolar Bear Writing Prompt By April Donaldson Teacher
Polar Bear Writing Prompt By April Donaldson TeacherErica Wright
 
Discursive Essay Writing Format
Discursive Essay Writing FormatDiscursive Essay Writing Format
Discursive Essay Writing FormatEmily Garcia
 
How To Write A Rogerian Essay Complete Guide And Sample Essay
How To Write A Rogerian Essay Complete Guide And Sample EssayHow To Write A Rogerian Essay Complete Guide And Sample Essay
How To Write A Rogerian Essay Complete Guide And Sample EssayMelissa Wilson
 
Types of electronic contracts
Types of electronic contractsTypes of electronic contracts
Types of electronic contractsVijay Dalmia
 
How To Write Essay In English Sample
How To Write Essay In English SampleHow To Write Essay In English Sample
How To Write Essay In English SampleShantel Jervey
 
Essay On My Dream House In English
Essay On My Dream House In EnglishEssay On My Dream House In English
Essay On My Dream House In EnglishAnna May
 
Electronic contracts and electronic signatures under Australian law
Electronic contracts and electronic signatures under Australian lawElectronic contracts and electronic signatures under Australian law
Electronic contracts and electronic signatures under Australian lawrun_frictionless
 
Interpretation of Securities Laws
Interpretation of Securities LawsInterpretation of Securities Laws
Interpretation of Securities LawsManoj Singh Bisht
 
Electronic Contract : When Is a Contract Actually Concluded or Not?
Electronic Contract : When Is a Contract Actually Concluded or Not?Electronic Contract : When Is a Contract Actually Concluded or Not?
Electronic Contract : When Is a Contract Actually Concluded or Not?inventionjournals
 
Find Out How To Earn 398Day Using Essay Wri
Find Out How To Earn 398Day Using Essay WriFind Out How To Earn 398Day Using Essay Wri
Find Out How To Earn 398Day Using Essay WriLiz Adams
 
Hague conference 2008
Hague conference 2008Hague conference 2008
Hague conference 2008imfaraz
 
Hague conference 2008
Hague conference 2008Hague conference 2008
Hague conference 2008imfaraz
 
Ethics of Online Forms and E-Signatures for Attorneys
Ethics of Online Forms and E-Signatures for AttorneysEthics of Online Forms and E-Signatures for Attorneys
Ethics of Online Forms and E-Signatures for AttorneysGreg McLawsen
 
Electronic Signatures
Electronic SignaturesElectronic Signatures
Electronic SignaturesOdoo
 
Definition And Examples Of Evaluation Essays
Definition And Examples Of Evaluation EssaysDefinition And Examples Of Evaluation Essays
Definition And Examples Of Evaluation EssaysMelissa Jackson
 

Similaire à Identity and Authentication: A computer scientist looks at the analogue world (20)

Server Virtualization Essay. Online assignment writing service.
Server Virtualization Essay. Online assignment writing service.Server Virtualization Essay. Online assignment writing service.
Server Virtualization Essay. Online assignment writing service.
 
5 Paragraph Essay. Online assignment writing service.
5 Paragraph Essay. Online assignment writing service.5 Paragraph Essay. Online assignment writing service.
5 Paragraph Essay. Online assignment writing service.
 
Get Law Essay Writing Services By Top Practicin
Get Law Essay Writing Services By Top PracticinGet Law Essay Writing Services By Top Practicin
Get Law Essay Writing Services By Top Practicin
 
Eugenics Essay. Online assignment writing service.
Eugenics Essay. Online assignment writing service.Eugenics Essay. Online assignment writing service.
Eugenics Essay. Online assignment writing service.
 
Public i- Petitions by Law
Public i- Petitions by LawPublic i- Petitions by Law
Public i- Petitions by Law
 
Polar Bear Writing Prompt By April Donaldson Teacher
Polar Bear Writing Prompt By April Donaldson TeacherPolar Bear Writing Prompt By April Donaldson Teacher
Polar Bear Writing Prompt By April Donaldson Teacher
 
Discursive Essay Writing Format
Discursive Essay Writing FormatDiscursive Essay Writing Format
Discursive Essay Writing Format
 
How To Write A Rogerian Essay Complete Guide And Sample Essay
How To Write A Rogerian Essay Complete Guide And Sample EssayHow To Write A Rogerian Essay Complete Guide And Sample Essay
How To Write A Rogerian Essay Complete Guide And Sample Essay
 
Types of electronic contracts
Types of electronic contractsTypes of electronic contracts
Types of electronic contracts
 
How To Write Essay In English Sample
How To Write Essay In English SampleHow To Write Essay In English Sample
How To Write Essay In English Sample
 
Essay On My Dream House In English
Essay On My Dream House In EnglishEssay On My Dream House In English
Essay On My Dream House In English
 
Electronic contracts and electronic signatures under Australian law
Electronic contracts and electronic signatures under Australian lawElectronic contracts and electronic signatures under Australian law
Electronic contracts and electronic signatures under Australian law
 
Interpretation of Securities Laws
Interpretation of Securities LawsInterpretation of Securities Laws
Interpretation of Securities Laws
 
Electronic Contract : When Is a Contract Actually Concluded or Not?
Electronic Contract : When Is a Contract Actually Concluded or Not?Electronic Contract : When Is a Contract Actually Concluded or Not?
Electronic Contract : When Is a Contract Actually Concluded or Not?
 
Find Out How To Earn 398Day Using Essay Wri
Find Out How To Earn 398Day Using Essay WriFind Out How To Earn 398Day Using Essay Wri
Find Out How To Earn 398Day Using Essay Wri
 
Hague conference 2008
Hague conference 2008Hague conference 2008
Hague conference 2008
 
Hague conference 2008
Hague conference 2008Hague conference 2008
Hague conference 2008
 
Ethics of Online Forms and E-Signatures for Attorneys
Ethics of Online Forms and E-Signatures for AttorneysEthics of Online Forms and E-Signatures for Attorneys
Ethics of Online Forms and E-Signatures for Attorneys
 
Electronic Signatures
Electronic SignaturesElectronic Signatures
Electronic Signatures
 
Definition And Examples Of Evaluation Essays
Definition And Examples Of Evaluation EssaysDefinition And Examples Of Evaluation Essays
Definition And Examples Of Evaluation Essays
 

Identity and Authentication: A computer scientist looks at the analogue world

  • 1. Identity and Authentication: A computer scientist looks at the analogue world James Davenport Hebron & Medlock Professor of Information Technology University of Bath (U.K.) 10 November 2010
  • 2. Thesis Cryptography is very concerned (and rightly so!) with issues like
  • 3. Thesis Cryptography is very concerned (and rightly so!) with issues like Correctness
  • 4. Thesis Cryptography is very concerned (and rightly so!) with issues like Correctness Provability
  • 5. Thesis Cryptography is very concerned (and rightly so!) with issues like Correctness Provability Revocation
  • 6. Thesis Cryptography is very concerned (and rightly so!) with issues like Correctness Provability Revocation Non-repudiability and so on
  • 7. Thesis Cryptography is very concerned (and rightly so!) with issues like Correctness Provability Revocation Non-repudiability and so on
  • 8. Thesis Cryptography is very concerned (and rightly so!) with issues like Correctness Provability Revocation Non-repudiability and so on What happens if we look at the analogue world around us this way?
  • 9. Signatures/ Seals/ . . . For people, signatures have largely replaced seals in the West, whereas in other cultures personal seals are much more common
  • 10. Signatures/ Seals/ . . . For people, signatures have largely replaced seals in the West, whereas in other cultures personal seals are much more common By cryptographic standards, both are easy to forge, or dispute
  • 11. Signatures/ Seals/ . . . For people, signatures have largely replaced seals in the West, whereas in other cultures personal seals are much more common By cryptographic standards, both are easy to forge, or dispute Professional document examiners have a 6.5% error rate (at least)
  • 12. Signatures/ Seals/ . . . For people, signatures have largely replaced seals in the West, whereas in other cultures personal seals are much more common By cryptographic standards, both are easy to forge, or dispute Professional document examiners have a 6.5% error rate (at least) we have a very weak biometric mechanism that works fairly well in practice [Anderson]
  • 13. Signatures/ Seals/ . . . For people, signatures have largely replaced seals in the West, whereas in other cultures personal seals are much more common By cryptographic standards, both are easy to forge, or dispute Professional document examiners have a 6.5% error rate (at least) we have a very weak biometric mechanism that works fairly well in practice [Anderson] It is comparatively rare for signatures to be disputed in court: essentially a combination of context, and retrospective investigation
  • 15. [English] Common Law A contract is just an accepted offer
  • 16. [English] Common Law A contract is just an accepted offer Example: shop putting coffee on shelf at £2 is an offer; customer bringing it to the checkout is an acceptance
  • 17. [English] Common Law A contract is just an accepted offer Example: shop putting coffee on shelf at £2 is an offer; customer bringing it to the checkout is an acceptance (Contrary to belief, there is no special law “it’s the price on the shelf, not the price in the computer, that counts”)
  • 18. [English] Common Law A contract is just an accepted offer Example: shop putting coffee on shelf at £2 is an offer; customer bringing it to the checkout is an acceptance (Contrary to belief, there is no special law “it’s the price on the shelf, not the price in the computer, that counts”) Note that nothing is in writing
  • 19. [English] Common Law A contract is just an accepted offer Example: shop putting coffee on shelf at £2 is an offer; customer bringing it to the checkout is an acceptance (Contrary to belief, there is no special law “it’s the price on the shelf, not the price in the computer, that counts”) Note that nothing is in writing An exchange of ASCII e-mails can constitute a contract
  • 20. [English] Common Law A contract is just an accepted offer Example: shop putting coffee on shelf at £2 is an offer; customer bringing it to the checkout is an acceptance (Contrary to belief, there is no special law “it’s the price on the shelf, not the price in the computer, that counts”) Note that nothing is in writing An exchange of ASCII e-mails can constitute a contract If cryptography is necessary to make email contracts legal, then we ask more of digital media than we do of its predecessors [Wright1994]
  • 21. Is this the death of cryptography?
  • 22. Is this the death of cryptography? Of course not!
  • 23. Is this the death of cryptography? Of course not! Cryptography may not be necessary, but it may be very useful
  • 24. Is this the death of cryptography? Of course not! Cryptography may not be necessary, but it may be very useful Just because I make you an offer does not mean that I can, or intend to carry it out
  • 25. Is this the death of cryptography? Of course not! Cryptography may not be necessary, but it may be very useful Just because I make you an offer does not mean that I can, or intend to carry it out (Ask anyone who’s purchased Viagra on the Internet!)
  • 26. Is this the death of cryptography? Of course not! Cryptography may not be necessary, but it may be very useful Just because I make you an offer does not mean that I can, or intend to carry it out (Ask anyone who’s purchased Viagra on the Internet!) Human face-to-face contracts rely heavily on implicit trust
  • 27. Is this the death of cryptography? Of course not! Cryptography may not be necessary, but it may be very useful Just because I make you an offer does not mean that I can, or intend to carry it out (Ask anyone who’s purchased Viagra on the Internet!) Human face-to-face contracts rely heavily on implicit trust, which is the main problem with all distance transactions (not necessarily Internet) — hence the U.S. term “wire fraud”
  • 29. Why, then, signatures? Essentially, to create a connection between the offeror and the offer (acceptor and acceptance)
  • 30. Why, then, signatures? Essentially, to create a connection between the offeror and the offer (acceptor and acceptance) The less physical the contract, the more important this becomes
  • 31. Why, then, signatures? Essentially, to create a connection between the offeror and the offer (acceptor and acceptance) The less physical the contract, the more important this becomes There are other reasons: English law requires the transfer of land to be in a special form in writing
  • 32. Why, then, signatures? Essentially, to create a connection between the offeror and the offer (acceptor and acceptance) The less physical the contract, the more important this becomes There are other reasons: English law requires the transfer of land to be in a special form in writing so that it can be taxed — 4%
  • 33. Why, then, signatures? Essentially, to create a connection between the offeror and the offer (acceptor and acceptance) The less physical the contract, the more important this becomes There are other reasons: English law requires the transfer of land to be in a special form in writing so that it can be taxed — 4% It’s also very important when the offeror/acceptor is compound
  • 34. Why, then, signatures? Essentially, to create a connection between the offeror and the offer (acceptor and acceptance) The less physical the contract, the more important this becomes There are other reasons: English law requires the transfer of land to be in a special form in writing so that it can be taxed — 4% It’s also very important when the offeror/acceptor is compound: what doe sit mean for a University to offer, or accept?
  • 35. Statutes: 17.27 To select a Seal and a Mace for the University and to have the sole custody and use of the Seal and under detailed provisions to be contained in the Ordinances to provide that the use of the Seal and its witnessing or the execution of deeds on behalf of the University by Officers of the University and those persons nominated by the Council for this purpose may be dealt with as if the University was a Company incorporated under the provisions of the Companies Act 1985 or under any legislation in substitution therefor and in accordance with any resolution of the Council relating to the use of the Seal or the execution of deeds
  • 36. 27. USE OF THE SEAL OF THE UNIVERSITY In accordance with the provisions of Section 17.27 of the Statutes, power to affix the Seal of the University to a document may be exercised and witnessed either by two Members of the Council of the University or by one Member of the Council and the University Secretary (or, in the absence of the University Secretary, the Vice- Chancellor or Director of Finance). The Academic Registrar shall maintain a register of documents sealed in the name of the University under the terms of this Ordinance showing: (i) the identity of the document; (ii) the date the document was sealed; (iii) the names of the persons witnessing the use of the Seal in the name of the University and shall report each such transaction to Finance Committee on behalf of Council. Approved by Council 1st August 2010
  • 37.
  • 38.
  • 39.
  • 40.
  • 41.
  • 42.
  • 43.
  • 44.
  • 45. 27. USE OF THE SEAL OF THE UNIVERSITY In accordance with the provisions of Section 17.27 of the Statutes, power to affix the Seal of the University to a document may be exercised and witnessed either by two Members of the Council of the University or by one Member of the Council and the University Secretary (or, in the absence of the University Secretary, the Vice- Chancellor or Director of Finance). The Academic Registrar shall maintain a register of documents sealed in the name of the University under the terms of this Ordinance showing: (i) the identity of the document; (ii) the date the document was sealed; (iii) the names of the persons witnessing the use of the Seal in the name of the University and shall report each such transaction to Finance Committee on behalf of Council. Approved by Council 1st August 2010
  • 47. Formally, this is a mess How do I know what the seal of the University looks like?
  • 48. Formally, this is a mess How do I know what the seal of the University looks like? How do I know who the members of Council are?
  • 49. Formally, this is a mess How do I know what the seal of the University looks like? How do I know who the members of Council are? How do I know who the University Secretary is?
  • 50. Formally, this is a mess How do I know what the seal of the University looks like? How do I know who the members of Council are? How do I know who the University Secretary is? How do I know who the Directorof Finance is?
  • 51. Formally, this is a mess How do I know what the seal of the University looks like? How do I know who the members of Council are? How do I know who the University Secretary is? How do I know who the Directorof Finance is? How do I know the University Secretary is absent?
  • 52. Formally, this is a mess How do I know what the seal of the University looks like? How do I know who the members of Council are? How do I know who the University Secretary is? How do I know who the Directorof Finance is? How do I know the University Secretary is absent? How do I know what their signatures are?
  • 53. Formally, this is a mess How do I know what the seal of the University looks like? How do I know who the members of Council are? How do I know who the University Secretary is? How do I know who the Directorof Finance is? How do I know the University Secretary is absent? How do I know what their signatures are?
  • 54. Formally, this is a mess How do I know what the seal of the University looks like? How do I know who the members of Council are? How do I know who the University Secretary is? How do I know who the Directorof Finance is? How do I know the University Secretary is absent? How do I know what their signatures are? Note that the same objections could be raised about the other company
  • 55. Formally, this is a mess How do I know what the seal of the University looks like? How do I know who the members of Council are? How do I know who the University Secretary is? How do I know who the Directorof Finance is? How do I know the University Secretary is absent? How do I know what their signatures are? Note that the same objections could be raised about the other company, though the names of the Directors are on record
  • 56. Formally, this is a mess How do I know what the seal of the University looks like? How do I know who the members of Council are? How do I know who the University Secretary is? How do I know who the Directorof Finance is? How do I know the University Secretary is absent? How do I know what their signatures are? Note that the same objections could be raised about the other company, though the names of the Directors are on record The point of this is to establish intention
  • 57. If we did want to use Cryptography
  • 58. If we did want to use Cryptography “Member of Council” — probably an attribute Γ
  • 59. If we did want to use Cryptography “Member of Council” — probably an attribute Γ “University Secretary” — probably an attribute ∆
  • 60. If we did want to use Cryptography “Member of Council” — probably an attribute Γ “University Secretary” — probably an attribute ∆ “Director of Finance” — probably an attribute Ω
  • 61. If we did want to use Cryptography “Member of Council” — probably an attribute Γ “University Secretary” — probably an attribute ∆ “Director of Finance” — probably an attribute Ω
  • 62. If we did want to use Cryptography “Member of Council” — probably an attribute Γ “University Secretary” — probably an attribute ∆ “Director of Finance” — probably an attribute Ω Then attribute mechanisms [see Khader] can handle (Γ ∧ ∆) ∨ (Γ ∧ Ω)
  • 63. If we did want to use Cryptography “Member of Council” — probably an attribute Γ “University Secretary” — probably an attribute ∆ “Director of Finance” — probably an attribute Ω Then attribute mechanisms [see Khader] can handle (Γ ∧ ∆) ∨ (Γ ∧ Ω), but Γ ∧ Γ is currently an unsolved problem
  • 64. If we did want to use Cryptography “Member of Council” — probably an attribute Γ “University Secretary” — probably an attribute ∆ “Director of Finance” — probably an attribute Ω Then attribute mechanisms [see Khader] can handle (Γ ∧ ∆) ∨ (Γ ∧ Ω), but Γ ∧ Γ is currently an unsolved problem However, is it worth it?
  • 65. In fact, many ‘signatures’ are really attributes
  • 66. In fact, many ‘signatures’ are really attributes An order to issue rum to a unit must be signed by an officer in the chain of command above the unit and by a doctor [Queen’s Regulations]
  • 67. In fact, many ‘signatures’ are really attributes An order to issue rum to a unit must be signed by an officer in the chain of command above the unit and by a doctor [Queen’s Regulations] The form is in triplicate:
  • 68. In fact, many ‘signatures’ are really attributes An order to issue rum to a unit must be signed by an officer in the chain of command above the unit and by a doctor [Queen’s Regulations] The form is in triplicate: 1 Unit records
  • 69. In fact, many ‘signatures’ are really attributes An order to issue rum to a unit must be signed by an officer in the chain of command above the unit and by a doctor [Queen’s Regulations] The form is in triplicate: 1 Unit records 2 Stores depot (for the issue)
  • 70. In fact, many ‘signatures’ are really attributes An order to issue rum to a unit must be signed by an officer in the chain of command above the unit and by a doctor [Queen’s Regulations] The form is in triplicate: 1 Unit records 2 Stores depot (for the issue) 3 Medical Corps records
  • 71. In fact, many ‘signatures’ are really attributes An order to issue rum to a unit must be signed by an officer in the chain of command above the unit and by a doctor [Queen’s Regulations] The form is in triplicate: 1 Unit records 2 Stores depot (for the issue) 3 Medical Corps records
  • 72. In fact, many ‘signatures’ are really attributes An order to issue rum to a unit must be signed by an officer in the chain of command above the unit and by a doctor [Queen’s Regulations] The form is in triplicate: 1 Unit records 2 Stores depot (for the issue) 3 Medical Corps records In fact the (paper) order is malleable
  • 73. In fact, many ‘signatures’ are really attributes An order to issue rum to a unit must be signed by an officer in the chain of command above the unit and by a doctor [Queen’s Regulations] The form is in triplicate: 1 Unit records 2 Stores depot (for the issue) 3 Medical Corps records In fact the (paper) order is malleable, JHD signed 1 and 2, the unit got the rum, and the (medical) doctor signed 3 later
  • 74. In fact, many ‘signatures’ are really attributes An order to issue rum to a unit must be signed by an officer in the chain of command above the unit and by a doctor [Queen’s Regulations] The form is in triplicate: 1 Unit records 2 Stores depot (for the issue) 3 Medical Corps records In fact the (paper) order is malleable, JHD signed 1 and 2, the unit got the rum, and the (medical) doctor signed 3 later There are inconsistent forms in the system, but no suspicions were raised
  • 75. How does one establish/verify attributes?
  • 76. How does one establish/verify attributes? The attribute “ability to cast X’s vote in person”
  • 77. How does one establish/verify attributes? The attribute “ability to cast X’s vote in person” Note that votes can only be cast at X’s polling station (normally based on where X lives)
  • 78. How does one establish/verify attributes? The attribute “ability to cast X’s vote in person” Note that votes can only be cast at X’s polling station (normally based on where X lives) A Claim to be X. If you have X’s polling card (sent by post) and aren’t implausible (e.g. wrong sex) this is trivial
  • 79. How does one establish/verify attributes? The attribute “ability to cast X’s vote in person” Note that votes can only be cast at X’s polling station (normally based on where X lives) A Claim to be X. If you have X’s polling card (sent by post) and aren’t implausible (e.g. wrong sex) this is trivial If you don’t have the polling card, it requires knowing address, and possibly more
  • 80. How does one establish/verify attributes? The attribute “ability to cast X’s vote in person” Note that votes can only be cast at X’s polling station (normally based on where X lives) A Claim to be X. If you have X’s polling card (sent by post) and aren’t implausible (e.g. wrong sex) this is trivial If you don’t have the polling card, it requires knowing address, and possibly more If the real X turns up later, there’s an investigation, and your ballot found and removed
  • 81. How does one establish/verify attributes? The attribute “ability to cast X’s vote in person” Note that votes can only be cast at X’s polling station (normally based on where X lives) A Claim to be X. If you have X’s polling card (sent by post) and aren’t implausible (e.g. wrong sex) this is trivial If you don’t have the polling card, it requires knowing address, and possibly more If the real X turns up later, there’s an investigation, and your ballot found and removed B Get a proxy vote. Write in, saying “I, X, am currently at Y, please send me a proxy form”. There is then some to/fro with forms, and you have a form saying “Z is allowed to vote as X’s proxy”
  • 82. How does one establish/verify attributes? The attribute “ability to cast X’s vote in person” Note that votes can only be cast at X’s polling station (normally based on where X lives) A Claim to be X. If you have X’s polling card (sent by post) and aren’t implausible (e.g. wrong sex) this is trivial If you don’t have the polling card, it requires knowing address, and possibly more If the real X turns up later, there’s an investigation, and your ballot found and removed B Get a proxy vote. Write in, saying “I, X, am currently at Y, please send me a proxy form”. There is then some to/fro with forms, and you have a form saying “Z is allowed to vote as X’s proxy” You need to forge X’s signature on the forms, but no-one has a master to check it against!
  • 83. How does one establish/verify attributes? The attribute “ability to cast X’s vote in person” Note that votes can only be cast at X’s polling station (normally based on where X lives) A Claim to be X. If you have X’s polling card (sent by post) and aren’t implausible (e.g. wrong sex) this is trivial If you don’t have the polling card, it requires knowing address, and possibly more If the real X turns up later, there’s an investigation, and your ballot found and removed B Get a proxy vote. Write in, saying “I, X, am currently at Y, please send me a proxy form”. There is then some to/fro with forms, and you have a form saying “Z is allowed to vote as X’s proxy” You need to forge X’s signature on the forms, but no-one has a master to check it against! Again, an investigation if X turns up later
  • 85. Voting continued However, the proxy has to turn up at X’s polling station
  • 86. Voting continued However, the proxy has to turn up at X’s polling station You can get round this with a ‘postal proxy’
  • 87. Voting continued However, the proxy has to turn up at X’s polling station You can get round this with a ‘postal proxy’, but why bother, just use postal votes
  • 88. Voting continued However, the proxy has to turn up at X’s polling station You can get round this with a ‘postal proxy’, but why bother, just use postal votes “sack loads of postal votes were driven to a ‘vote-rigging factory’
  • 89. Voting continued However, the proxy has to turn up at X’s polling station You can get round this with a ‘postal proxy’, but why bother, just use postal votes “sack loads of postal votes were driven to a ‘vote-rigging factory’ . . . A box of postal ballots also ‘mysteriously appeared’ at a count
  • 90. Voting continued However, the proxy has to turn up at X’s polling station You can get round this with a ‘postal proxy’, but why bother, just use postal votes “sack loads of postal votes were driven to a ‘vote-rigging factory’ . . . A box of postal ballots also ‘mysteriously appeared’ at a count . . . the postal voting system was ‘wide open’ to criminals”
  • 91. Voting continued However, the proxy has to turn up at X’s polling station You can get round this with a ‘postal proxy’, but why bother, just use postal votes “sack loads of postal votes were driven to a ‘vote-rigging factory’ . . . A box of postal ballots also ‘mysteriously appeared’ at a count . . . the postal voting system was ‘wide open’ to criminals” http://news.bbc.co.uk/2/hi/uk_news/politics/election_ 2010/england/8649379.stm
  • 92. Voting continued However, the proxy has to turn up at X’s polling station You can get round this with a ‘postal proxy’, but why bother, just use postal votes “sack loads of postal votes were driven to a ‘vote-rigging factory’ . . . A box of postal ballots also ‘mysteriously appeared’ at a count . . . the postal voting system was ‘wide open’ to criminals” http://news.bbc.co.uk/2/hi/uk_news/politics/election_ 2010/england/8649379.stm “More than 30 allegations of postal vote irregularities have been reported to police forces in England” [2010]
  • 93. UK Voting — Summary As with so much else, we have a system based on neighbourhoods and physical interaction, which is
  • 94. UK Voting — Summary As with so much else, we have a system based on neighbourhoods and physical interaction, which is Easy to use One has to wonder how long this can continue
  • 95. UK Voting — Summary As with so much else, we have a system based on neighbourhoods and physical interaction, which is Easy to use Easy to abuse One has to wonder how long this can continue
  • 96. UK Voting — Summary As with so much else, we have a system based on neighbourhoods and physical interaction, which is Easy to use Easy to abuse reliant on detection One has to wonder how long this can continue
  • 97. UK Voting — Summary As with so much else, we have a system based on neighbourhoods and physical interaction, which is Easy to use Easy to abuse reliant on detection × which is rare except in blatant cases One has to wonder how long this can continue
  • 98. Other sorts of attributes If a student asks for a reference, I write one
  • 99. Other sorts of attributes If a student asks for a reference, I write one generally on laser-printed letterhead
  • 100. Other sorts of attributes If a student asks for a reference, I write one generally on laser-printed letterhead and often faxed or e-mailed
  • 101. Other sorts of attributes If a student asks for a reference, I write one generally on laser-printed letterhead and often faxed or e-mailed × hence no physical clues
  • 102. Other sorts of attributes If a student asks for a reference, I write one generally on laser-printed letterhead and often faxed or e-mailed × hence no physical clues and anyway, does the recipient know me
  • 103. Other sorts of attributes If a student asks for a reference, I write one generally on laser-printed letterhead and often faxed or e-mailed × hence no physical clues and anyway, does the recipient know me or know my signature?
  • 104. Other sorts of attributes If a student asks for a reference, I write one generally on laser-printed letterhead and often faxed or e-mailed × hence no physical clues and anyway, does the recipient know me or know my signature?
  • 105. Other sorts of attributes If a student asks for a reference, I write one generally on laser-printed letterhead and often faxed or e-mailed × hence no physical clues and anyway, does the recipient know me or know my signature? Again, the “reference” culture is based on detection and investigation, and works because there’s a physical person in the job
  • 106. Other sorts of attributes If a student asks for a reference, I write one generally on laser-printed letterhead and often faxed or e-mailed × hence no physical clues and anyway, does the recipient know me or know my signature? Again, the “reference” culture is based on detection and investigation, and works because there’s a physical person in the job If they can do the job, who cares? If they can’t, finding a forged reference or lie on CV is the easiest way to sack them
  • 108. Conclusions The physical world has a presumption of honesty (just like the early Internet)
  • 109. Conclusions The physical world has a presumption of honesty (just like the early Internet) (specific sub-areas, e.g. ATM, credit cards, have own rules)
  • 110. Conclusions The physical world has a presumption of honesty (just like the early Internet) (specific sub-areas, e.g. ATM, credit cards, have own rules) This is enforced largely by fear of punishment
  • 111. Conclusions The physical world has a presumption of honesty (just like the early Internet) (specific sub-areas, e.g. ATM, credit cards, have own rules) This is enforced largely by fear of punishment which relies on feasibility of punishment, generally through physical presence
  • 112. Conclusions The physical world has a presumption of honesty (just like the early Internet) (specific sub-areas, e.g. ATM, credit cards, have own rules) This is enforced largely by fear of punishment which relies on feasibility of punishment, generally through physical presence
  • 113. Conclusions The physical world has a presumption of honesty (just like the early Internet) (specific sub-areas, e.g. ATM, credit cards, have own rules) This is enforced largely by fear of punishment which relies on feasibility of punishment, generally through physical presence This world model sits ill with ‘Formal Methods’
  • 114. Conclusions The physical world has a presumption of honesty (just like the early Internet) (specific sub-areas, e.g. ATM, credit cards, have own rules) This is enforced largely by fear of punishment which relies on feasibility of punishment, generally through physical presence This world model sits ill with ‘Formal Methods’, and even less well with the cryptographic mindset