Transcript Digital Signatures, Certification Authorities and the Law

Encryption and the Law: The
need for a legal regulatory
framework for PKI
Yee Fen Lim
Department of Law
Macquarie University
Outline
•
•
•
•
•
•
•
•
Introduction
Handwritten signatures
Requirements of electronic signatures
Digital Signatures
Public Key Cryptography
Public Key Infrastructure
Digital Certificates
Allocation of Liability
Yee Fen Lim
2
Introduction
• Signature issues in the digital
environment
• Importance
– Commercial: e-commerce (all sectors)
– Non-commercial
Yee Fen Lim
3
Handwritten Signatures
• Signature v. autograph
– Intention of the signer
• Signature is any mark that has been affixed
by the signer with the intent to be bound by
the contents of the document
• Once affixed, the signature and the document
becomes one composite thing
Integrity
Yee Fen Lim
4
Proof of Handwritten
Signatures
• If a handwritten signature is disputed,
then call on the following:
– witness to the signature
– a person with intimate knowledge of the
person’s signature
– handwriting expert
Authentication and Non-repudiation
Yee Fen Lim
5
Requirements of Electronic
Signatures – “legal status”
• Integrity
– “I love you” does not become “I love you not”
• Non-repudiation
– “Not me!”
• Authentication
– Did Superman really write the message?
• Confidentiality
– Superman wants to keep his messages private
Yee Fen Lim
6
Types of
Electronic Signatures
• Biometric signatures
– eg iris scans, finger-prints, voice (none
totally perfect yet).
• Non-biometric signatures
– eg digital signatures
Yee Fen Lim
7
Digital Signatures
• Insecure
– eg initials at the end of emails
• Secure
– Uses encryption to code and decode
– Ensures confidentiality
– but what about integrity, authentication,
non-repudiation?
Yee Fen Lim
8
Public Key Cryptography
• 2 key pairs: 1 private key and an
associated public key
• Private key kept secret by owner
• Public key published widely
• Golden rule: anything encrypted with a
public key can only be decoded with the
private key, and vice versa
Yee Fen Lim
9
Public Key Cryptography:
Superman example
• Superman writes: “I love you”
• Superman encrypts message with his
private key
• Anyone with Superman’s public key can
decode the message
Authenticity
Yee Fen Lim
10
Public Key Cryptography:
Superman example
• How does Superman ensure only Lois Lane
can read his message?
• Superman encrypts his already encrypted
message with Lois Lane’s public key
• Only Lois Lane can decode the message as
she is the one with the private key
Confidentiality
Yee Fen Lim
11
Public Key Cryptography:
Superman example
• What about integrity?
• Include a pre-agreed one-way hash function
with the original message
• eg “I love you”
–
–
–
–
Use a=1 b=2 c=3 ….z=26
i=9 l=12 o=15 v=22 e=5 y=25 o=15 u=21
Use sum: 9+12+15+22+5+25+15+21=124
Hash is 124
Yee Fen Lim
12
Public Key Cryptography:
Superman example
• Include the hash of 124 in the message that
is double encrypted.
• When Lois Lane receives the message, she
can run the message through the pre-agreed
hash function
• If she gets 124 as the result, then integrity is
ensured. If not, then the message may have
been tampered with.
Yee Fen Lim
13
Public Key Cryptography:
Superman example
• To save on processing, rather than encrypt
the full message with the private key, most
systems just encrypt the hash with the
private key, and this becomes the digital
signature ie different every time
• The private-key-encrypted hash plus the
message is then encrypted with the
recipient’s public key to ensure only the
recipient can read the message.
Yee Fen Lim
14
Public Key Cryptography:
Superman example
•
•
•
•
What about non-repudiation?
Who is the signer?
Was it really Superman?
Related to authentication
Public key infrastructure (PKI)
Yee Fen Lim
15
Public Key Infrastructure (PKI)
• System for distribution of public keys
– Reliability
• eg a web page simply listing the public keys of
persons is not reliable as to source
• “Web of trust”
• Trusted third party to verify that the
public key really does belong to whom
it is said to belong
Yee Fen Lim
16
Public Key Infrastructure (PKI)
• Trusted third party is Certification
Authority (CA)
• CA issues digital certificate verifying the
owner of the public key
• A CA may use a third-party, a
Registration Authority (RA), to perform
the necessary checks on the person or
entity requesting the certificate
Yee Fen Lim
17
Public Key Infrastructure (PKI)
• Can we trust the CA?
• Higher CA, Root CA (self-authenticates)
• Cross-verification creating certificate
chain - web of trust
Yee Fen Lim
18
Public Key Infrastructure
(PKI): Digital Certificates
•
•
•
•
•
•
•
•
•
Serial number - unique number from CA
Key length
Signature algorithm – identity of algorithm
Hashing algorithm
Issuer name
Validity period
Subscriber – details of owner of public key
Subject public key - actual key certified
Signature of CA
Yee Fen Lim
19
Public Key Infrastructure
(PKI): Digital Certificates
Digital Certificates should:
• provide strong and substantial evidence of
the identity of the owner of public key
(signer)
• Be used during operational period of valid
digital certificate
• Have the rebuttable presumption that the
digital signature on the digital certificate is
that of the subscriber listed
Yee Fen Lim
20
PKI: Rebutting the
presumption
• Was the CA in the wrong?
• Was it an imposter’s public key that the
CA has registered?
• Did someone else use Superman’s
public/private key without permission?
• Did Superman safeguard his private key
properly?
Yee Fen Lim
21
PKI: Revocation of Digital
Certificates
Credit card analogy:
• If Superman’s private key has been
compromised, he should notify the CA
• CA can revoke Superman’s digital certificate
• CA then posts the certificate on the certificate
revocation list (CRL)
• Limitations upon the right of a recipient of a
digital certificate to rely upon them
• Unreliable Digital Signatures; Reasonable of
Reliance
Yee Fen Lim
22
PKI: Allocation of Liability
• Hardest Legal Issues involve the allocation of
liability among Subscriber (key owner), CA
and Relying Party
– eg1 Liability of CA to a Relying Party for binding
the wrong public key to the identity of the
subscriber named in the certificate.
– eg2 Liability of the Subscriber to the Relying Party
upon unauthorised use of Subscriber’s private key
following compromise of the private key
Yee Fen Lim
23
PKI: Allocation of Liability
• For a Relying Party, the allocation of
liability is paramount
• If a Relying Party does not know
whether the CA can be trusted, or if the
Subscriber is genuinely who they claim
to be, then the Relying Party would not
rely on the Digital Certificate
Yee Fen Lim
24
PKI: Allocation of Liability
Examples of where problems arise:
• Inaccuracies in the Certificate
• Misrepresentation in the Certificate
• CA fails to revoke an invalid Certificate
Yee Fen Lim
25
PKI: Allocation of Liability
• Closed systems
• Open systems (Internet)
Yee Fen Lim
26
PKI: Allocation of Liability –
closed system example
• Gatekeeper
Health eSignature Authority (RA)
– Betrusted (formerly Securenet) is CA
– Individual certificates, location certificates
– Referrals, reports
Yee Fen Lim
27
PKI: Allocation of Liability –
closed system example
• 5.4 Keys and Certificates should only be
used for Health related messages
• in transactions with HIC, or
• in transactions created by subscribers within
the Health Sector but not where the transaction
value is greater than $10,000
• Lists obligations and duties for each
party
• Limit on liability - $1,000/$5,000
Yee Fen Lim
28
PKI – Australia
• Contract law (if there is a contract)
– including protection against unfair contractual
liability allocation eg undue influence,
unconscionable dealing, Contracts Review Act,
ss51AA, 51AB & 51AC TPA
• Law of negligence
• s52 Trade Practices Act
• Consumer protection legislation
$500 transaction?
Yee Fen Lim
29
PKI Regulation – Preferred
approach
• Strict liability
– avoidance of concepts of negligence
• Reliance limits
• Actions key can be used for
Yee Fen Lim
30
Thank you
[email protected]
Yee Fen Lim
31