Public Key Infrastructures For Secure Electronic ... - CiteSeerX

9 downloads 425 Views 48KB Size Report
symmetric session keys for data encryption and digital signatures). For an ... authorisation to be supported using a PKI, in current systems it is usually provided ...
Public Key Infrastructures For Secure Electronic Commerce in Australia Dean Povey and Tim Redhead Security Unit CRC for Distributed Systems Technology (DSTC) Level 12 S(ITE) Block Queensland University of Technology Brisbane, Australia {povey, redhead}@dstc.edu.au Abstract Electronic commerce promises to provide consumers, traders and vendors with unparalleled choice and convenience, in an environment without geographical and temporal restrictions. In reality however, many technological, legal and political prerequisites are yet to be met. This paper details how Public Key Infrastructures address the technological challenges presented by electronic commerce, and how the work of Australian government and other bodies is helping to provide a framework for deploying this technology in Australia. Keywords Public Key Infrastructure. Security. Electronic Commerce. Australian Government. INTRODUCTION Electronic commerce can be simply defined as the conducting of commercial transactions electronically. This encompasses a wide range of applications, from consumer-oriented services such as electronic banking and on-line purchasing, to complex business processes such as electronic contracts, “just-in-time” inventory and financial trading. With e-commerce comes the promise of lower overheads and increased efficiency, together with the ability to extend operations globally through the use of a ubiquitous communications medium such as the Internet. However, there are many challenges to be faced before e-commerce will become widely adopted as an alternative to its paper based counterpart. Electronic transactions for the purpose of e-commerce have a number of requirements. These can be broadly divided into three areas: (i)

Requirements for security – The traditional security concerns of confidentiality, integrity, availability and non-repudiation apply to e-commerce applications in order to ensure privacy, and prevent misuse and fraud. While these aspects are discussed in more detail in the following sections of this paper, some key points can be briefly noted here. Communications over a public network, such as the Internet, are susceptible to eavesdropping and tampering. Therefore, mechanisms

must be implemented which ensure the integrity and privacy of electronic transactions. In addition, it must be impossible for parties to repudiate valid agreements and contracts, in order that these may be afforded the same degree of confidence as their paper based counterparts. All of these security considerations rely on the provision of strong authentication mechanisms, so that the identity of parties and services can be strongly guaranteed. (ii)

Requirements for agreed standards - In order to provide a global system for ecommerce, there needs to be agreement with all parties on how particular transactions should take place. Standards therefore, form an integral part of any e-commerce system.

(iii)

Requirements for a stable legislative framework – E-commerce creates a number of social, political and legal issues that must be resolved. These issues are made even more complex by the fact that transactions may occur across geopolitical boundaries, and that location on the Internet is sometimes ethereal, making the determination of legal jurisdiction difficult.

None of these requirements exist in isolation. Systems that provide security for electronic transactions require standards so that differing implementations will interoperate, and a stable legislative framework is required to ensure that the systems are used appropriately, and that disputes can be successfully arbitrated. This paper describes how these requirements are being satisfied in Australia by the deployment of Public Key Infrastructures (PKIs). Section 2 describes how PKIs fulfil the security requirements for e-commerce, and section 3 discusses the relevant standards that are required to deploy these systems. In section 4, we introduce some of the legal issues raised by the implementation of PKIs and e-commerce, and describe how Australian and other International bodies, are attempting to address these questions. A brief look at the involvement of the Australian commonwealth government and other agencies to deploy PKIs in Australia is given in section 5 and we conclude with a summary of the issues addressed. SECURE E-COMMERCE BASED ON PUBLIC KEY INFRASTRUCTURES 1.1

Public Key Infrastructures

Public key cryptography is one mechanism that is often used to fulfil the security requirements necessary to conduct electronic transactions over public networks. In a public key cryptosystem there is an asymmetry between the encryption and decryption keys that allows one key to be published, while the other remains private. This scheme can be used for a wide variety of applications applicable to e-commerce (e.g. exchange of symmetric session keys for data encryption and digital signatures). For an in-depth discussion of public key cryptography and its applications see (Schneier, 1996). The successful utilisation of public key cryptography requires that: (a) users are able to obtain the appropriate public key to communicate with another party, or to verify any digital signatures generated by that party; and

(b) users are able to cryptographically prove that the public key they obtain is the correct one for the party with whom they wish to conduct a transaction. These two requirements can be termed the processes of distribution, and certification of public keys, and the infrastructure that fulfils these requirements is known as a public key infrastructure (PKI). When conducting a transaction with another party, the distribution requirement can be achieved by a number of methods, including ad hoc, negotiation as part of a secure protocol, or by using a public directory service such as the Lightweight Directory Access Protocol (LDAP) (Wahl et al, 1997) or X.500 (ITU-T, 1993). Certification is most commonly achieved by creating a certificate that binds the public key to some other information (such as an identity or privilege) and is digitally signed by a trusted third party called a Certificate Authority or CA. 1.2

Security requirements and PKIs

E-commerce applications have five basic security requirements that can be fulfilled by a PKI: (i)

Authentication – provides the means by which a party can verify the identity of another party in an electronic transaction. This can be achieved using digital signatures. This is because only the holder of a given private key can generate a valid signature for the corresponding public key, and this public key is bound to an identity through the process of certification. In a PKI we are trusting that the CA has verified that this binding between the public and private key and an identity is correct. This usually involves a person physically authenticating themselves, (e.g. by presenting a valid driver’s licence). CAs will usually issue certificates under a given policy which indicates things like the level of physical authentication required for a certificate to be issued, and the obligations of the CA in terms of protecting their certifying keys. The CA will also issue a certification practice statement (CPS) which indicates how they meet the requirements outlined in the certificate policy.

(ii)

Confidentiality – is required to conduct a transaction without the possibility of a third party obtaining sensitive information. Although public keys can often be used to encrypt data, because they are much less efficient than symmetric key algorithms, they are often used to negotiate a symmetric session key

(iii)

Integrity – is necessary to ensure that messages are not altered, deleted or inserted by a third party during transit. PKIs support integrity by allowing the messages to be digitally signed. The receiver can then use this signature to verify that the message has been unaltered in transit.

(iv)

Non-repudiation – is a property that prevents a party from later denying that they took place in a transaction. Strong authentication is usually a pre-requisite for non-repudiation, as this enables proof that a particular private key was used in a transaction. However, non-repudiation is sometimes difficult, as it also requires the ability to prove that the intended party was actually the one that used this private key. If this private key is stolen, or is kept in an insecure environment (such as simple disk file) it may be argued that it may have been another

individual who used the key to participate in the transaction. In general complete assurance of non-repudiation is impossible; however trusted hardware tokens such as smart cards enable parties to make much stronger assertions about nonrepudiation as they are easier to secure. Usually, the policy under which a particular transaction is conducted will express the obligations of users to protect their private key, and indicate who is liable if the key is broken or misused under given circumstances. Non-repudiation is particularly important in the case of electronic contracts, where it may be required for the contract to have legal effect (v)

Authorisation – is the process of attributing certain privileges or rights to a third party for the purpose of controlling access to a resource. While it is possible for authorisation to be supported using a PKI, in current systems it is usually provided by secondary services (e.g. middleware environments such as DCE (Hu, 1995) and CORBA (OMG, 1997)). However, future work such as SPKI (Ellision et al, 1997) will provide support for authorisation as an integral part of the PKI.

PUBLIC KEY INFRASTRUCTURE STANDARDS The rise in popularity of public key cryptography has contributed a plethora of public key and PKI de facto, de jure and draft standards. This section presents a brief overview of some of the standards that are being used to deploy systems for e-commerce. This is by no means an exhaustive list, but does present some of the more important technologies and standards to be considered. 1.3

Public Key Cryptography Standards (PKCS)

The Public Key Cryptography Standards (PKCS) (RSADSI, 1993) are a set of standards covering many aspects of public key cryptography including the format of encrypted/signed messages, private and public keys, certificate request messages along with standards for cryptographic tokens. The standards are largely RSA centric (which is understandable since PKCS was developed by RSA Data Security Incorporated), however they do cover general aspects of public key cryptography. Other standards such as the draft IEEE P1363 standard build on PKCS and cover a broader range of public key cryptosystems (e.g. Elliptic Curve systems). 1.4

X.509

X.509 (ITU-T, 1997) was a development which grew out of the International Telecommunications Union (formerly CCITT) X.500 directory services project. Initially designed as a means to use public key technology for authentication in the directory, X.509 has since been adopted as a more a general mechanism for a PKI. X.509 certificates bind a distinguished name to a public key. The distinguished name is a set of name-value pairs which is used by the X.500 directory to globally identify a user (e.g. country=AU, organization=DSTC, common name=fred). The certificates also contain validity dates, and a mechanism is provided for extending the certificate structure to add other information such as alternative names or information about the policy under

which the certificate was issued. X.509 supports the revocation of certificates using a certificate revocation list (CRL). This is a list of all those certificates that have been revoked that is updated regularly by a CA. X.509 is a very flexible and extensible mechanism, and this coupled with the backing of an international organisation such as the ITU-T have contributed to X.509’s success as the PKI of choice for e-commerce. Despite the lack of a global directory based on X.500, X.509 now forms the basis of many existing schemes for secure communication and ecommerce such as SET (SET, 1997) and S/MIME. However, X.509 is not the only PKI mechanism available. For a survey of others see (Braunchaud, 1997). 1.5

IETF PKIX

The PKIX working group was formed by the Internet Engineering Taskforce (IETF) in order to profile an X.509 PKI for the Internet. It is also based on a number of other standards such as PKCS and the ANSI X.9 group of standards. There are a number of draft standards which have been developed by PKIX including: •

a profile for X.509 certificates and CRLs;



certificate management protocols including the Online Certificate Status Protocol (OCSP);



guidelines for certificate policies and certification practice statements;



timestamping services;



notary services; and



profiles for accessing certificates using FTP, HTTP and LDAP

At the time of writing, some of these draft documents are in their last call period and are likely to be adopted by the IETF as Internet standards. 1.6

PKAF and Australian Standard AS IT/12/4/1

In 1996, Standards Australia released its “Strategies for the Implementation of a Pubic Key Authentication Framework (PKAF) in Australia” (Standards Australia, 1996). The PKAF aims to provide standards to support an infrastructure for the creation, management and distribution of public-key (authentication) certificates.

Figure 2: PKAF Structure

Figure 2 shows the preferred structure of the PKAF; the roles shown in the diagram are defined as follows: §

PARRA: Policy and Root Registration Authority. This is the root authority of the whole PKAF. The PARRA’s tasks would include establishment and publication of policies relating to the PKAF, and certification of lower level CAs. The Australian

Federal Minister for Communication, the Information Economy and the Arts, Senator Richard Alston announced plans for the government to establish a working group for the purpose of deploying this authority (Alston, 1997a). This working group is being coordinated by NOIE (see below), and at the time of writing, their report is expected to be released shortly. §

Other Country Root. The PKIs of other countries may be integrated into PKAF by cross certification of the corresponding root authorities with the PARRA

§

ICA: Intermediate Certification Authority and OCA: Organisational Certification Authority A hierarchy of CAs is intended to ensure scalability and extensibility of the PKAF. These two levels of CA would perhaps exist at the regional and organisational levels.

§

ORA: Organisational Registration Authority. Registration Authorities would exist in order to perform authentication functions (such as the identity checks that banks perform on customers opening new accounts) on behalf of their respective CAs. Registration Authorities would probably be the most publicly visible elements of the PKAF.

(Note that the level of nesting of ORAs and OCAs is not specified.) Standards Australia have also formed the IT/12/4/1 working group, responsible for developing standards to implement the PKAF described in the strategy document. The IT/12/4/1 group consists of a broad cross-section of industry and government representatives including NOIE and OGIT (see below). The working group is broken into a number of sub-groups focusing on: §

Mechanisms

§

Requirements for organisational registration authorities

§

Dispute resolution procedures

§

Accreditation and audit

§

Certification Practice Statements

The standards developed will be based on many existing international standards such as PKIX, but will be designed to reflect the needs of government and industry in Australia. 1.7

DSTC’s PKI

To understand and demonstrate how these standards work together, we have implemented a PKI that is based on the standards listed in this section (with particular reference to PKIX). It provides libraries and utilities for generation of certificates and public key pairs, use of these keys for signing and encryption, and publishing of certificates in an LDAP directory (DSTC, 1997). LEGAL FRAMEWORK One of the most important and more difficult aspects of deploying e-commerce systems based on PKIs is the existence of a stable legal framework in which to operate. Because legislation designed to facilitate trading and resolution of disputes has a traditional focus

on paper based documentation, translating these laws to e-commerce requires that electronic documents, messages and signatures be given the same legal effect as their physical counterparts. This legal framework has to be robust and general enough to operate in a global environment, hence legislation which will be enacted in Australia will need to remain effective within the context of the global trading environment. 1.8

UNCITRAL Model law on Electronic Commerce

One of the more important works examining the legal issues for international ecommerce is the Model Law on Electronic Commerce developed by the United Nations Commission on International Trade Law (UNCITRAL, 1997). The UNCITRAL Model Law aims to provide for the legal enforceability of electronic documents and digital signatures via model legislation to: §

Legally recognise data messages. Specifically the Model law states that “Information shall not be denied legal effect, validity or enforceability solely on the grounds that it is in the form of a data message”. This applies to admissibility of data messages as evidence in legal proceedings; the use of electronic messages wherever a law requires that the information be in writing; retaining data messages where the law requires that certain documents, records or information be kept; the declaration of will or other statements electronically; and the use of data messages as transport documents for the carriage of goods.

§

Legally recognise digital signatures. This recognition requires that a method is used that identifies the person and indicates that person approves of the contents of the message they have signed.

§

Consider an electronic document “original” if there is reasonable assurance of the integrity of that document, and that it has remained unchanged from the time when it was issued

§

Form electronic contracts.

§

Determine the time and place of receipt and dispatch of electronic communications.

1.9

Attorney General’s Electronic Commerce Expert Group (ECEG)

The Electronic Commerce Expert Group (ECEG) was established by the Attorney General in July 1997 to investigate legislation to support the national implementation of e-commerce within the framework of international standards (Attorney General, 1997a). Its stated objective is to “consider the appropriate means of updating the law to take account of technological change so as to ensure that Australia has the appropriate framework within which business and consumers can undertake commercial transactions with confidence and certainty”. This process involved a wide consultation with industry and interest groups and consideration of existing work such as the UNCITRAL Model law. The ECEG‘s report “Electronic Commerce: Building the Legal Framework” (Attorney General, 1998) was released on the 31st of March, 1998. In the report, the ECEG discusses a number issues including:

§

whether legislation is the best approach for resolving legal uncertainties, or whether it should be resolved by contractual agreements or litigation;

§

if legislation is needed, what form it should take – e.g. whether it should be Commonwealth or uniform state legislation; and

§

how the law should address the requirements of the UNCITRAL Model law.

The report makes 17 recommendations to the Attorney General for the establishment of electronic commerce legislation. The general approach taken by the ECEG was that while legislation is necessary, that it be minimal rather than a “legislative electronic signature regime” similar that developed in other legal jurisdictions considering law for electronic commerce. Underlying the recommendations are two main goals identified by the ECEG: §

to recommend legislation that ensures that e-commerce is neither advantaged nor disadvantaged with reference to paper based commerce, and that the law considers the two forms equivalent; and

§

to ensure that any legislation is “technologically neutral”, i.e. it does not discriminate between forms of technology.

The main recommendations are: §

Adoption of Commonwealth legislation to remove the legal uncertainties in electronic commerce

§

Focus on minimal legislation rather than a broad regime or a framework for specific technologies.

§

Legal recognition of electronic signatures and documents.

§

Adoption of the other general principles of the UNCITRAL Model law (where appropriate) and a recommendation that this approach be actively promoted in international fora.

SUPPORT FOR PKI TECHNOLOGY BY THE AUSTRALIAN FEDERAL GOVERNMENT The Australian Federal Government supports a number of projects that are directly concerned with e-commerce and Public Key technology, many of which are interrelated. This section presents two of the more important groups that are working on the deployment of this technology within Australia. 1.10 National Office of the Information Economy (NOIE) The National Office for the Information Economy was established in September 1997 to develop, coordinate and overview policy relating to the online economy and electronic commerce. A working group within NOIE comprising industry representatives, peak user bodies and Commonwealth and State government officials is currently developing recommendations for the establishment of the PARRA described by the PKAF strategies document (Alston, 1997b). The role of this body will include that of providing accreditation to certification authorities that comply with defined standards and

procedures. It is intended that the work of NOIE and the work done by Standards Australia on IT/12/4/1 will be complimentary. 1.11 Office of Government Information Technology (OGIT) and Project GATEKEEPER OGIT was formed in July 1995 as a direct result of the report “Client’s First: The Challenge for Government Information Technology” (OGIT, 1997a). OGIT’s role is to develop IT strategic plans to support the delivery of government services, and to advise and support government in the development of policy relating to IT. In addition, OGIT is a member of the NOIE working group to examine public key technology in Australia, and has been given the task of ensuring that public key technology is deployed effectively within government. Because the need for such deployment is immediate, OGIT has deployed Project GATEKEEPER to establish a rationalised voluntary mechanism for the implementation of public key technology by government agencies (OGIT, 1997b). Project GATEKEEPER is initially a stop-gap measure, and will be closely monitoring the work of NOIE and AS IT/12/4/1 to ensure that any current or future deployment of PKIs will be compatible with these efforts. OGIT released a comprehensive report outlining the GATEKEEPER strategy in May 1998 (OGIT, 1998). This report includes a number of recommendations and strategies for the establishment of a Government PKI (GPKI) and identifies a number of issues such as: §

the need for consistency between the GPKI and the PKAF;

§

the use of appropriate technological standards;

§

a high degree of confidence in the security of the system;

§

the ability to operate seamlessly under the PARRA when it is established;

§

the establishment of a Government Authority to make decisions for the GPKI until the PARRA is established;

§

the legal issues associated with digital signatures and the liability of service providers within the framework; and

§

interoperabilitity between agencies.

In addition, the GATEKEEPER report attempts to address privacy concerns raised during the consultation process about the use of public key technology within government by: §

allowing the user to generate their own key pairs;

§

allowing the use of multiple key pairs by a user; and

§

allowing the use of different labels of pseudonyms with different key pairs

1.12 GPKA One of the major recommendations of the GATEKEEPER report is the establishment of a Government Public Key Authority (GPKA). The major function of this authority is to act as policy approval and accreditation body for organisations and individuals wishing to participate in the delivery of PKIs and associate evaluation services for government use

(OGIT, 1998). Service providers wishing to issue certificates under the GPKI will need to be accredited by the GPKA. Such accreditation involves a number of requirements such as: §

the preparation and publication of Certificate policies and Certification Practice Statements; and

§

a commitment to using products which certified to level E3 under the ITSEC Common Criteria guidelines.

The establishment of the GPKA was announced by the Minister for Finance and Administration, the Hon John Fahey in May 1998 (Fahey, 1998). SUMMARY The potential benefits of e-commerce to both industry and government can be clearly evidenced by the effort and investment which is being undertaken in order to enable this technology in the marketplace. This paper has demonstrated that public key infrastructures form the basis of a solution to many of the security issues related to e-commerce. However, while fundamental technologies such as public key cryptography are fairly mature, and standards are becoming firmly established, there is a need to address many of the other issues that use of such technologies raises. Therefore initiatives such as AS IT/12/4/1, NOIE and project GATEKEEPER are needed so that Australia can achieve the rapid uptake of PKIs and ecommerce which will be necessary for it to compete in the area of international trade and commerce. REFERENCES Advance Bank (1997). Advance Ecash. URL: http://www.advance.com.au/ecash/ Alston, Senator R., (Minister for Communications, the Information Economy and the Arts) (1997a). Speech to Internet World Australia Pacific Conference, Sydney, 13 August 1997. URL: http://www.dca.gov.au/speeches/inet.html Alston, Senator R., (Minister for Communications, the Information Economy and the Arts) (1997b). Speech to Tradegate ECA Plenary session (Electronic Commerce Directions for 2000 and Beyond), World Trade Centre, Melbourne, 29 October 1997. URL: http://www.dca.gov.au/speeches/tradegate2.html Attorney General (1997a) Attorney General’s Electronic Commerce Expert Group (ECEG). URL: http://law.gov.au/aghome/advisory/eceg/eceg.htm Attorney General (1998) Electronic Commerce: Building the Legal Framework – Report of the Electronic Commerce Expert Group to the Attorney General. URL: http://www.law.gov.au/aghome/advisory/eceg/ecegreport.html Braunchaud, M. (1997) A Survey of Public-Key Infrastructures. Masters Thesis. URL: http://www.xcert.com/~marcnarc/PKI/thesis/. Drummond, R, Jansson M & Shih C (1997), MIME-based Secure EDI, Internet Draft draft-ietf-ediint-as1-05.txt

DSTC (1997). Oscar – DSTC’s Public http://www.dstc.qut.edu.au/-MSU/projects/pki/

Key

Infrastructure

Project.

URL:

Ellison, CM, Frantz, B, Lampson B, Rivest, R., Thomas, B.M. & Ylonen, T. (1997) SPKI Certificate Theory. Internet Draft draft-ietf-spki-cert-theory-00.txt. Fahey, J. (1998). Media Release: GATEKEEPER Public Key Technology Strategy. 6 May. URL: http://www.dofa.gov.au/media/press/gatekeeper_pubit.html Hu, W. (1995) DCE Security Programming. O’Reilly & Associates Inc. Sebastopol CA. ITU-T (1993) Information Technology – Open Systems Interconnection – The Directory: Overview of Concepts, Models and Services. ITU-T Recommendation X.500. International Telecommunication Union. ITU-T (1997) Information Technology – Open Systems Interconnection – The Directory: Authentication Framework. ITU-T Recommendation X.509. International Telecommunication Union. OGIT (1997a) Organisation Structure. Office of Government Information Technology. URL: http://www.ogit.gov.au/aboutus/orgstruc.html OGIT (1997b) Project GATEKEEPER – Government Public Key Implementation Project Overview. Office of Government Information Technology. URL: http://www.ogit.gov.au/activities/projectgatekeeper/Project%20/GATEKEEPER%20OVERVIEW.html OGIT (1998) GATEKEEPER – A Strategy for Public Key Technology use in the Governement. URL: http://www.ogit.gov.au/gatekeeper/index.html OMG (1997). CORBA services: Common Object Services Specification. Object Management Group. Ramsdell, B (1997) S/MIME Version 3 Message Specification, Internet Draft draft-ietfsmime-msg-00.txt. RSADSI (1993) An Overview of the PKCS Standards. RSA Data Security Inc. URL: http://www.rsa.com/rsalabs/pubs/PKCS Schneier, B. (1996) Applied Cryptography Second Edition: Protocols, Algorithms and Source Code in C. John Wiley & Sons, Inc. SET (1997). Secure Electronic Transaction (SET) Specification – Business Description. URL: http://www.visa.com/cgi-bin/vee/nt/ecomm/set/downloads.htm Standards Australia (1996) Strategies for the Implementation of a Public Key Authentication Framework (PKAF) in Australia. SAA MP75-1996. Wahl M., Howes, T, & Kille S. (1997) Lightweight Directory Access Protocol (v3). RFC2251. UNCITRAL (1997) UNCITRAL Model Law on Electronic Commerce. United Nations Commission on International Trade Law. URL: http://eclips.osc.edu/eclips/undocs/model_law.htm

ACKNOWLEDGEMENTS The work reported in this paper has been funded in part by the Co-operative Research Centre Program through the Department of the Prime Minister and Cabinet of Australia. COPYRIGHT Distributed Systems Technology Centre © 1998. The Authors assign to ACS and nonprofit institutions a non-exclusive licence to use this document for personal use and in courses of instruction provided that the article is used in full and this copyright statement is reproduced. The authors also grant a non-exclusive licence to ACS to publish this document in full on the World Wide Web and on CD-ROM and in printed form with the SEARCC’98 conference papers, and for the documents to be published on mirrors on the World Wide Web. Any other usage is prohibited without the express permission of the authors.