Identity and Authentication: A computer scientist looks at the analogue world
1. Identity and Authentication:
A computer scientist looks at the analogue world
James Davenport
Hebron & Medlock Professor of Information Technology
University of Bath (U.K.)
10 November 2010
6. Thesis
Cryptography is very concerned (and rightly so!) with issues like
Correctness
Provability
Revocation
Non-repudiability and so on
7. Thesis
Cryptography is very concerned (and rightly so!) with issues like
Correctness
Provability
Revocation
Non-repudiability and so on
8. Thesis
Cryptography is very concerned (and rightly so!) with issues like
Correctness
Provability
Revocation
Non-repudiability and so on
What happens if we look at the analogue world around us this way?
9. Signatures/ Seals/ . . .
For people, signatures have largely replaced seals in the West,
whereas in other cultures personal seals are much more common
10. Signatures/ Seals/ . . .
For people, signatures have largely replaced seals in the West,
whereas in other cultures personal seals are much more common
By cryptographic standards, both are easy to forge, or dispute
11. Signatures/ Seals/ . . .
For people, signatures have largely replaced seals in the West,
whereas in other cultures personal seals are much more common
By cryptographic standards, both are easy to forge, or dispute
Professional document examiners have a 6.5% error rate (at least)
12. Signatures/ Seals/ . . .
For people, signatures have largely replaced seals in the West,
whereas in other cultures personal seals are much more common
By cryptographic standards, both are easy to forge, or dispute
Professional document examiners have a 6.5% error rate (at least)
we have a very weak biometric mechanism that works
fairly well in practice [Anderson]
13. Signatures/ Seals/ . . .
For people, signatures have largely replaced seals in the West,
whereas in other cultures personal seals are much more common
By cryptographic standards, both are easy to forge, or dispute
Professional document examiners have a 6.5% error rate (at least)
we have a very weak biometric mechanism that works
fairly well in practice [Anderson]
It is comparatively rare for signatures to be disputed in court:
essentially a combination of context, and retrospective
investigation
16. [English] Common Law
A contract is just an accepted offer
Example: shop putting coffee on shelf at £2 is an offer; customer
bringing it to the checkout is an acceptance
17. [English] Common Law
A contract is just an accepted offer
Example: shop putting coffee on shelf at £2 is an offer; customer
bringing it to the checkout is an acceptance
(Contrary to belief, there is no special law “it’s the price on the
shelf, not the price in the computer, that counts”)
18. [English] Common Law
A contract is just an accepted offer
Example: shop putting coffee on shelf at £2 is an offer; customer
bringing it to the checkout is an acceptance
(Contrary to belief, there is no special law “it’s the price on the
shelf, not the price in the computer, that counts”)
Note that nothing is in writing
19. [English] Common Law
A contract is just an accepted offer
Example: shop putting coffee on shelf at £2 is an offer; customer
bringing it to the checkout is an acceptance
(Contrary to belief, there is no special law “it’s the price on the
shelf, not the price in the computer, that counts”)
Note that nothing is in writing
An exchange of ASCII e-mails can constitute a contract
20. [English] Common Law
A contract is just an accepted offer
Example: shop putting coffee on shelf at £2 is an offer; customer
bringing it to the checkout is an acceptance
(Contrary to belief, there is no special law “it’s the price on the
shelf, not the price in the computer, that counts”)
Note that nothing is in writing
An exchange of ASCII e-mails can constitute a contract
If cryptography is necessary to make email contracts
legal, then we ask more of digital media than we do of its
predecessors [Wright1994]
22. Is this the death of cryptography?
Of course not!
23. Is this the death of cryptography?
Of course not! Cryptography may not be necessary, but it may be
very useful
24. Is this the death of cryptography?
Of course not! Cryptography may not be necessary, but it may be
very useful
Just because I make you an offer does not mean that I can, or
intend to carry it out
25. Is this the death of cryptography?
Of course not! Cryptography may not be necessary, but it may be
very useful
Just because I make you an offer does not mean that I can, or
intend to carry it out
(Ask anyone who’s purchased Viagra on the Internet!)
26. Is this the death of cryptography?
Of course not! Cryptography may not be necessary, but it may be
very useful
Just because I make you an offer does not mean that I can, or
intend to carry it out
(Ask anyone who’s purchased Viagra on the Internet!)
Human face-to-face contracts rely heavily on implicit trust
27. Is this the death of cryptography?
Of course not! Cryptography may not be necessary, but it may be
very useful
Just because I make you an offer does not mean that I can, or
intend to carry it out
(Ask anyone who’s purchased Viagra on the Internet!)
Human face-to-face contracts rely heavily on implicit trust, which
is the main problem with all distance transactions (not necessarily
Internet) — hence the U.S. term “wire fraud”
30. Why, then, signatures?
Essentially, to create a connection between the offeror and the
offer (acceptor and acceptance)
The less physical the contract, the more important this becomes
31. Why, then, signatures?
Essentially, to create a connection between the offeror and the
offer (acceptor and acceptance)
The less physical the contract, the more important this becomes
There are other reasons: English law requires the transfer of land
to be in a special form in writing
32. Why, then, signatures?
Essentially, to create a connection between the offeror and the
offer (acceptor and acceptance)
The less physical the contract, the more important this becomes
There are other reasons: English law requires the transfer of land
to be in a special form in writing so that it can be taxed — 4%
33. Why, then, signatures?
Essentially, to create a connection between the offeror and the
offer (acceptor and acceptance)
The less physical the contract, the more important this becomes
There are other reasons: English law requires the transfer of land
to be in a special form in writing so that it can be taxed — 4%
It’s also very important when the offeror/acceptor is compound
34. Why, then, signatures?
Essentially, to create a connection between the offeror and the
offer (acceptor and acceptance)
The less physical the contract, the more important this becomes
There are other reasons: English law requires the transfer of land
to be in a special form in writing so that it can be taxed — 4%
It’s also very important when the offeror/acceptor is compound:
what doe sit mean for a University to offer, or accept?
35. Statutes: 17.27 To select a Seal and a Mace for the University and
to have the sole custody and use of the Seal and under detailed
provisions to be contained in the Ordinances to provide that the
use of the Seal and its witnessing or the execution of deeds on
behalf of the University by Officers of the University and those
persons nominated by the Council for this purpose may be dealt
with as if the University was a Company incorporated under the
provisions of the Companies Act 1985 or under any legislation in
substitution therefor and in accordance with any resolution of the
Council relating to the use of the Seal or the execution of deeds
36. 27. USE OF THE SEAL OF THE UNIVERSITY
In accordance with the provisions of Section 17.27 of the Statutes, power to affix the
Seal of the University to a document may be exercised and witnessed either by two
Members of the Council of the University or by one Member of the Council and the
University Secretary (or, in the absence of the University Secretary, the Vice-
Chancellor or Director of Finance).
The Academic Registrar shall maintain a register of documents sealed in the name of
the University under the terms of this Ordinance showing:
(i) the identity of the document;
(ii) the date the document was sealed;
(iii) the names of the persons witnessing the use of the Seal in the name of the
University and shall report each such transaction to Finance Committee on
behalf of Council.
Approved by Council
1st August 2010
37.
38.
39.
40.
41.
42.
43.
44.
45. 27. USE OF THE SEAL OF THE UNIVERSITY
In accordance with the provisions of Section 17.27 of the Statutes, power to affix the
Seal of the University to a document may be exercised and witnessed either by two
Members of the Council of the University or by one Member of the Council and the
University Secretary (or, in the absence of the University Secretary, the Vice-
Chancellor or Director of Finance).
The Academic Registrar shall maintain a register of documents sealed in the name of
the University under the terms of this Ordinance showing:
(i) the identity of the document;
(ii) the date the document was sealed;
(iii) the names of the persons witnessing the use of the Seal in the name of the
University and shall report each such transaction to Finance Committee on
behalf of Council.
Approved by Council
1st August 2010
47. Formally, this is a mess
How do I know what the seal of the University looks like?
48. Formally, this is a mess
How do I know what the seal of the University looks like?
How do I know who the members of Council are?
49. Formally, this is a mess
How do I know what the seal of the University looks like?
How do I know who the members of Council are?
How do I know who the University Secretary is?
50. Formally, this is a mess
How do I know what the seal of the University looks like?
How do I know who the members of Council are?
How do I know who the University Secretary is?
How do I know who the Directorof Finance is?
51. Formally, this is a mess
How do I know what the seal of the University looks like?
How do I know who the members of Council are?
How do I know who the University Secretary is?
How do I know who the Directorof Finance is?
How do I know the University Secretary is absent?
52. Formally, this is a mess
How do I know what the seal of the University looks like?
How do I know who the members of Council are?
How do I know who the University Secretary is?
How do I know who the Directorof Finance is?
How do I know the University Secretary is absent?
How do I know what their signatures are?
53. Formally, this is a mess
How do I know what the seal of the University looks like?
How do I know who the members of Council are?
How do I know who the University Secretary is?
How do I know who the Directorof Finance is?
How do I know the University Secretary is absent?
How do I know what their signatures are?
54. Formally, this is a mess
How do I know what the seal of the University looks like?
How do I know who the members of Council are?
How do I know who the University Secretary is?
How do I know who the Directorof Finance is?
How do I know the University Secretary is absent?
How do I know what their signatures are?
Note that the same objections could be raised about the other
company
55. Formally, this is a mess
How do I know what the seal of the University looks like?
How do I know who the members of Council are?
How do I know who the University Secretary is?
How do I know who the Directorof Finance is?
How do I know the University Secretary is absent?
How do I know what their signatures are?
Note that the same objections could be raised about the other
company, though the names of the Directors are on record
56. Formally, this is a mess
How do I know what the seal of the University looks like?
How do I know who the members of Council are?
How do I know who the University Secretary is?
How do I know who the Directorof Finance is?
How do I know the University Secretary is absent?
How do I know what their signatures are?
Note that the same objections could be raised about the other
company, though the names of the Directors are on record
The point of this is to establish intention
58. If we did want to use Cryptography
“Member of Council” — probably an attribute Γ
59. If we did want to use Cryptography
“Member of Council” — probably an attribute Γ
“University Secretary” — probably an attribute ∆
60. If we did want to use Cryptography
“Member of Council” — probably an attribute Γ
“University Secretary” — probably an attribute ∆
“Director of Finance” — probably an attribute Ω
61. If we did want to use Cryptography
“Member of Council” — probably an attribute Γ
“University Secretary” — probably an attribute ∆
“Director of Finance” — probably an attribute Ω
62. If we did want to use Cryptography
“Member of Council” — probably an attribute Γ
“University Secretary” — probably an attribute ∆
“Director of Finance” — probably an attribute Ω
Then attribute mechanisms [see Khader] can handle
(Γ ∧ ∆) ∨ (Γ ∧ Ω)
63. If we did want to use Cryptography
“Member of Council” — probably an attribute Γ
“University Secretary” — probably an attribute ∆
“Director of Finance” — probably an attribute Ω
Then attribute mechanisms [see Khader] can handle
(Γ ∧ ∆) ∨ (Γ ∧ Ω), but Γ ∧ Γ is currently an unsolved problem
64. If we did want to use Cryptography
“Member of Council” — probably an attribute Γ
“University Secretary” — probably an attribute ∆
“Director of Finance” — probably an attribute Ω
Then attribute mechanisms [see Khader] can handle
(Γ ∧ ∆) ∨ (Γ ∧ Ω), but Γ ∧ Γ is currently an unsolved problem
However, is it worth it?
66. In fact, many ‘signatures’ are really attributes
An order to issue rum to a unit must be signed by an
officer in the chain of command above the unit and by a
doctor [Queen’s Regulations]
67. In fact, many ‘signatures’ are really attributes
An order to issue rum to a unit must be signed by an
officer in the chain of command above the unit and by a
doctor [Queen’s Regulations]
The form is in triplicate:
68. In fact, many ‘signatures’ are really attributes
An order to issue rum to a unit must be signed by an
officer in the chain of command above the unit and by a
doctor [Queen’s Regulations]
The form is in triplicate:
1 Unit records
69. In fact, many ‘signatures’ are really attributes
An order to issue rum to a unit must be signed by an
officer in the chain of command above the unit and by a
doctor [Queen’s Regulations]
The form is in triplicate:
1 Unit records
2 Stores depot (for the issue)
70. In fact, many ‘signatures’ are really attributes
An order to issue rum to a unit must be signed by an
officer in the chain of command above the unit and by a
doctor [Queen’s Regulations]
The form is in triplicate:
1 Unit records
2 Stores depot (for the issue)
3 Medical Corps records
71. In fact, many ‘signatures’ are really attributes
An order to issue rum to a unit must be signed by an
officer in the chain of command above the unit and by a
doctor [Queen’s Regulations]
The form is in triplicate:
1 Unit records
2 Stores depot (for the issue)
3 Medical Corps records
72. In fact, many ‘signatures’ are really attributes
An order to issue rum to a unit must be signed by an
officer in the chain of command above the unit and by a
doctor [Queen’s Regulations]
The form is in triplicate:
1 Unit records
2 Stores depot (for the issue)
3 Medical Corps records
In fact the (paper) order is malleable
73. In fact, many ‘signatures’ are really attributes
An order to issue rum to a unit must be signed by an
officer in the chain of command above the unit and by a
doctor [Queen’s Regulations]
The form is in triplicate:
1 Unit records
2 Stores depot (for the issue)
3 Medical Corps records
In fact the (paper) order is malleable, JHD signed 1 and 2, the unit
got the rum, and the (medical) doctor signed 3 later
74. In fact, many ‘signatures’ are really attributes
An order to issue rum to a unit must be signed by an
officer in the chain of command above the unit and by a
doctor [Queen’s Regulations]
The form is in triplicate:
1 Unit records
2 Stores depot (for the issue)
3 Medical Corps records
In fact the (paper) order is malleable, JHD signed 1 and 2, the unit
got the rum, and the (medical) doctor signed 3 later
There are inconsistent forms in the system, but no suspicions were
raised
76. How does one establish/verify attributes?
The attribute “ability to cast X’s vote in person”
77. How does one establish/verify attributes?
The attribute “ability to cast X’s vote in person”
Note that votes can only be cast at X’s polling station (normally
based on where X lives)
78. How does one establish/verify attributes?
The attribute “ability to cast X’s vote in person”
Note that votes can only be cast at X’s polling station (normally
based on where X lives)
A Claim to be X. If you have X’s polling card (sent by post) and
aren’t implausible (e.g. wrong sex) this is trivial
79. How does one establish/verify attributes?
The attribute “ability to cast X’s vote in person”
Note that votes can only be cast at X’s polling station (normally
based on where X lives)
A Claim to be X. If you have X’s polling card (sent by post) and
aren’t implausible (e.g. wrong sex) this is trivial
If you don’t have the polling card, it requires knowing address,
and possibly more
80. How does one establish/verify attributes?
The attribute “ability to cast X’s vote in person”
Note that votes can only be cast at X’s polling station (normally
based on where X lives)
A Claim to be X. If you have X’s polling card (sent by post) and
aren’t implausible (e.g. wrong sex) this is trivial
If you don’t have the polling card, it requires knowing address,
and possibly more
If the real X turns up later, there’s an investigation, and your
ballot found and removed
81. How does one establish/verify attributes?
The attribute “ability to cast X’s vote in person”
Note that votes can only be cast at X’s polling station (normally
based on where X lives)
A Claim to be X. If you have X’s polling card (sent by post) and
aren’t implausible (e.g. wrong sex) this is trivial
If you don’t have the polling card, it requires knowing address,
and possibly more
If the real X turns up later, there’s an investigation, and your
ballot found and removed
B Get a proxy vote. Write in, saying “I, X, am currently at Y,
please send me a proxy form”. There is then some to/fro with
forms, and you have a form saying “Z is allowed to vote as
X’s proxy”
82. How does one establish/verify attributes?
The attribute “ability to cast X’s vote in person”
Note that votes can only be cast at X’s polling station (normally
based on where X lives)
A Claim to be X. If you have X’s polling card (sent by post) and
aren’t implausible (e.g. wrong sex) this is trivial
If you don’t have the polling card, it requires knowing address,
and possibly more
If the real X turns up later, there’s an investigation, and your
ballot found and removed
B Get a proxy vote. Write in, saying “I, X, am currently at Y,
please send me a proxy form”. There is then some to/fro with
forms, and you have a form saying “Z is allowed to vote as
X’s proxy”
You need to forge X’s signature on the forms, but no-one has
a master to check it against!
83. How does one establish/verify attributes?
The attribute “ability to cast X’s vote in person”
Note that votes can only be cast at X’s polling station (normally
based on where X lives)
A Claim to be X. If you have X’s polling card (sent by post) and
aren’t implausible (e.g. wrong sex) this is trivial
If you don’t have the polling card, it requires knowing address,
and possibly more
If the real X turns up later, there’s an investigation, and your
ballot found and removed
B Get a proxy vote. Write in, saying “I, X, am currently at Y,
please send me a proxy form”. There is then some to/fro with
forms, and you have a form saying “Z is allowed to vote as
X’s proxy”
You need to forge X’s signature on the forms, but no-one has
a master to check it against!
Again, an investigation if X turns up later
86. Voting continued
However, the proxy has to turn up at X’s polling station
You can get round this with a ‘postal proxy’
87. Voting continued
However, the proxy has to turn up at X’s polling station
You can get round this with a ‘postal proxy’, but why bother, just
use postal votes
88. Voting continued
However, the proxy has to turn up at X’s polling station
You can get round this with a ‘postal proxy’, but why bother, just
use postal votes
“sack loads of postal votes were driven to a ‘vote-rigging factory’
89. Voting continued
However, the proxy has to turn up at X’s polling station
You can get round this with a ‘postal proxy’, but why bother, just
use postal votes
“sack loads of postal votes were driven to a ‘vote-rigging factory’
. . . A box of postal ballots also ‘mysteriously appeared’ at a count
90. Voting continued
However, the proxy has to turn up at X’s polling station
You can get round this with a ‘postal proxy’, but why bother, just
use postal votes
“sack loads of postal votes were driven to a ‘vote-rigging factory’
. . . A box of postal ballots also ‘mysteriously appeared’ at a count
. . . the postal voting system was ‘wide open’ to criminals”
91. Voting continued
However, the proxy has to turn up at X’s polling station
You can get round this with a ‘postal proxy’, but why bother, just
use postal votes
“sack loads of postal votes were driven to a ‘vote-rigging factory’
. . . A box of postal ballots also ‘mysteriously appeared’ at a count
. . . the postal voting system was ‘wide open’ to criminals”
http://news.bbc.co.uk/2/hi/uk_news/politics/election_
2010/england/8649379.stm
92. Voting continued
However, the proxy has to turn up at X’s polling station
You can get round this with a ‘postal proxy’, but why bother, just
use postal votes
“sack loads of postal votes were driven to a ‘vote-rigging factory’
. . . A box of postal ballots also ‘mysteriously appeared’ at a count
. . . the postal voting system was ‘wide open’ to criminals”
http://news.bbc.co.uk/2/hi/uk_news/politics/election_
2010/england/8649379.stm
“More than 30 allegations of postal vote irregularities have been
reported to police forces in England” [2010]
93. UK Voting — Summary
As with so much else, we have a system based on neighbourhoods
and physical interaction, which is
94. UK Voting — Summary
As with so much else, we have a system based on neighbourhoods
and physical interaction, which is
Easy to use
One has to wonder how long this can continue
95. UK Voting — Summary
As with so much else, we have a system based on neighbourhoods
and physical interaction, which is
Easy to use
Easy to abuse
One has to wonder how long this can continue
96. UK Voting — Summary
As with so much else, we have a system based on neighbourhoods
and physical interaction, which is
Easy to use
Easy to abuse
reliant on detection
One has to wonder how long this can continue
97. UK Voting — Summary
As with so much else, we have a system based on neighbourhoods
and physical interaction, which is
Easy to use
Easy to abuse
reliant on detection
× which is rare except in blatant cases
One has to wonder how long this can continue
98. Other sorts of attributes
If a student asks for a reference, I write one
99. Other sorts of attributes
If a student asks for a reference, I write one
generally on laser-printed letterhead
100. Other sorts of attributes
If a student asks for a reference, I write one
generally on laser-printed letterhead
and often faxed or e-mailed
101. Other sorts of attributes
If a student asks for a reference, I write one
generally on laser-printed letterhead
and often faxed or e-mailed
× hence no physical clues
102. Other sorts of attributes
If a student asks for a reference, I write one
generally on laser-printed letterhead
and often faxed or e-mailed
× hence no physical clues
and anyway, does the recipient know me
103. Other sorts of attributes
If a student asks for a reference, I write one
generally on laser-printed letterhead
and often faxed or e-mailed
× hence no physical clues
and anyway, does the recipient know me
or know my signature?
104. Other sorts of attributes
If a student asks for a reference, I write one
generally on laser-printed letterhead
and often faxed or e-mailed
× hence no physical clues
and anyway, does the recipient know me
or know my signature?
105. Other sorts of attributes
If a student asks for a reference, I write one
generally on laser-printed letterhead
and often faxed or e-mailed
× hence no physical clues
and anyway, does the recipient know me
or know my signature?
Again, the “reference” culture is based on detection and
investigation, and works because there’s a physical person in the
job
106. Other sorts of attributes
If a student asks for a reference, I write one
generally on laser-printed letterhead
and often faxed or e-mailed
× hence no physical clues
and anyway, does the recipient know me
or know my signature?
Again, the “reference” culture is based on detection and
investigation, and works because there’s a physical person in the
job
If they can do the job, who cares? If they can’t, finding a
forged reference or lie on CV is the easiest way to sack
them
109. Conclusions
The physical world has a presumption of honesty (just like the
early Internet)
(specific sub-areas, e.g. ATM, credit cards, have own rules)
110. Conclusions
The physical world has a presumption of honesty (just like the
early Internet)
(specific sub-areas, e.g. ATM, credit cards, have own rules)
This is enforced largely by fear of punishment
111. Conclusions
The physical world has a presumption of honesty (just like the
early Internet)
(specific sub-areas, e.g. ATM, credit cards, have own rules)
This is enforced largely by fear of punishment
which relies on feasibility of punishment, generally through
physical presence
112. Conclusions
The physical world has a presumption of honesty (just like the
early Internet)
(specific sub-areas, e.g. ATM, credit cards, have own rules)
This is enforced largely by fear of punishment
which relies on feasibility of punishment, generally through
physical presence
113. Conclusions
The physical world has a presumption of honesty (just like the
early Internet)
(specific sub-areas, e.g. ATM, credit cards, have own rules)
This is enforced largely by fear of punishment
which relies on feasibility of punishment, generally through
physical presence
This world model sits ill with ‘Formal Methods’
114. Conclusions
The physical world has a presumption of honesty (just like the
early Internet)
(specific sub-areas, e.g. ATM, credit cards, have own rules)
This is enforced largely by fear of punishment
which relies on feasibility of punishment, generally through
physical presence
This world model sits ill with ‘Formal Methods’, and even less well
with the cryptographic mindset