1 / 36

Electronic Signatures

Electronic Signatures. Legal and Technical Aspects of E-Commerce, Budapest, 7.-11.10.2002. ?. ?. Questions?. ?. ?. Please ask them immediately!. ?. ?. Content. Why the need? Cryptography basics Symmetric, asymmetric, hash; types of attacks Key distribution / Signature systems

kirti
Télécharger la présentation

Electronic Signatures

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Electronic Signatures Legal and Technical Aspects of E-Commerce, Budapest, 7.-11.10.2002

  2. ? ? Questions? ? ? Please ask them immediately! ? ?

  3. Content • Why the need? • Cryptography basics • Symmetric, asymmetric, hash; types of attacks • Key distribution / Signature systems • Requirements for and functions of signatures • Legal requirements • EU signature directive • Implementation in Austria • US Electronic Signatures Act

  4. Why electronic signatures? • Certain contracts / acts require a signature • These should be also available online • Secure identification of the partner • Allows prosecution in case of fraud • Create evidence of transactions • E-Mail can easily be forged (or claimed to be) Security & Trust Know, whom you communicated with, and be able to provide evidence accordingly

  5. Types of attacks System for public transmission of data must cope with the following attacks: • Eavesdropping: Reading data during transmission • Manipulation: Changing data during transmission • Replay: Copying (legitimate) data and sending it again • Pretending different identity: Claiming to be someone else • Repudiation: Denying to have sent/received some data • Denial of service: Cutting off communication • Traffic analysis: Analyzing patterns of communication

  6. Types of protection The following methods can be used for protecting systems for public transmission: • Authentication: Verifying the identity of a party • Isolation: Attributing rights of persons to objects and preventing unauthorized access • Encryption: Coding of data to be unreadable without some secret information • Checksums: Verifying no changes have been introduced • Signatures: Relating identities to messages • Steganography/Anonymizers: Hiding of a message

  7. Attacks vs. Protection D… Detection, P…Prevention, ()…restricted/partly/certain sense

  8. Secret key Plain Plain Cipher Encryption Decryption Cryptography basics:Symmetrical cryptosyst. Symmetrical cryptography uses the same key for encryption and decryption • This key MUST be kept secret! • (Relatively) short key length • Always vulnerable to brute-force attack • Only knowledge of the key allows encryption

  9. Public key Related Private key Plain Plain Cipher Encryption Decryption Cryptography basics:Asymmetrical cryptosyst. • Asymmetrical cryptography uses different (but related) keys for encryption and decryption • The public key is really PUBLIC (directories, ...) • Long key length • Most vulnerable to new mathematical methods • Everyone can encrypt, only intended receiver decrypt

  10. Cryptography basics:Hash functions • One-way functions (= No recreating the input)! • Loss of information • Examples: Checksums (CRC), MAC, /etc/passwd, … • Used to reduced the amount of data to be signed • Problems: • Must be hard to find a document matching the hash-value • Should be rather large (at least 128 bit) • Testing slight modifications for a matching hash-value! X Hash DATA DATA Hashing ???

  11. Cryptography basics:Encryption / Signatures • Based on asymmetric cryptography • Usually (e. g. RSA): Signing = Encryption with private key, verification = decryption with public key • Some signature algorithms DO NOT allow encryption, e. g. DSA! • Everyone can verify the signature’s validity • Two functions of a signature: • Verifying the knowledge of the private key = Identity of the signer • Checking that no later modifications took place • Problem: How do you verify the public key?

  12. Cryptography basics:Encryption / Signatures • Certificate = Connects a public key to a person • Must be from a trusted source • Is usually signed itself ( Verify this signature,  ...) • Different systems for distributing these certificates • See key distribution later! Certificate Private key Related Public key Valid Plain + Signature Verification Plain Invalid Signing Plain

  13. Key storage(1) • Keys for encryption/signatures should be... • stored encrypted to be useless if stolen • on physical tokens: Much harder to loose, importance of use is clearer if a card (or something else) is inserted • immediately marked as “invalid” if lost in any way • regularly changed to avoid too large sets of data • used only for one service: Encryption OR signatures; business OR private, door locks OR file encryption, ... • PBE: Passphrase Based Encryption • For avoiding the hen-egg problem when encrypting keys • Long (>20 characters) passwords are used as key

  14. Key storage(2) • Important areas in life-cycle of keys + examples: • Generation: Use “real” randomness (physical generator), who/where are they created • Distribution: How to publish public keys/transmit secret keys • Storage: Preventing unauthorized access (tokens, encryption; see above) • Usage: Is the software / environment secure, viewer problem, usability • Administration: Which key(s) are used/required for an operation • Disposal: Secure destroying of keys, access to backups, buffers, storage for random identical keys, ...

  15. Key distribution:Trusted channels • Easiest way of distributing keys: Trusted channels • Known to be secure / no eavesdropping • Examples: Couriers, personal meetings • Not usable for large groups, initially unknown partners, or when in a hurry • Can NEVER be exchanged using the untrusted channel on which they shall be used later • Except when a previous secret is shared, which is still secure • Only very rarely used • ONLY possibility for Vernam cipher

  16. Key distribution:Certificate Authorities (1) • Central authority vouches for the association of a public key to an individual • Depends on the trust of the users to this authority • Important to note, what the authority verifies/guarantees • Certification policy • E. g. Certificates for signing code DO NOT guarantee ANYTHING about the code; only the identity of the signer (which need NOT be the programmer!) • Usually under supervision by public administration • This model is used for signatures accepted by public administration in the EU  E-Government

  17. Certificates Root-CA CA 1 ... CA n User 1 ... User n Message Program Key distribution:Certificate Authorities (2) • In theory, the hierarchy can be very deep, but in practice, it’s rather shallow: • CA=Certification Authority

  18. Key distribution:Web of Trust • No central authority; replaced by the users • If you know someone personally, you sign his public key and publish this combination • This results in a chain/web of trust: • A knows&trusts B, B k&t C; therefore A knows&trusts C • Based on transitivity of trust • Problem, if malicious users sign keys; if trusted by a single person, illegal certificates are introduced • Works rather well; seems to be only minor problem in practice • Might be impossible to verify the key of an unknown user • Advantage: No single point of failure

  19. Re-Signing • Electronic signatures loose their reliability over time • Today’s secure keys can be broken/forged easily in several years • Some signatures must be valid for long periods • E. g. Austria: Statute of limitations 30/40 years • Contracts are still valid, but the proof is lost! Solution: Before method (not: certificate!) expires, a signature with a new (longer/more secure) key must be created, which includes a secure timestamp.

  20. Systems for el. signatures • An electronic signature cannot be easily created; a whole system is needed • Every chain is only as strong as its weakest link! • 2048 Bit RSA are of no use if the private key is secured with a 4 digit password! • Main problems: • Technical: Signature terminals must be secure • =Trusted hardware + trusted software • Organizational: Verifying persons for issuing certificates • Lots of trusted persons needed in any scheme • Legal: Reduction of needs for signatures • At least in Austria signature-requirements were reduced later

  21. Requirements for signatures What something must fulfill to be called “signature” • Dependence on document: The signature cannot be transferred to another document • Unchangeability: The document cannot be changed anymore after the signature was created • Association with person: The signature is associated with exactly one singular person • Verifiability: Anybody can verify whether the signer is the person he/she claims to be • Unforgeable: Can only be created by a single person. The signer cannot deny having signed it

  22. Functions of signatures What a signature should provide • Conclusion: Applying the signature changes the document from draft to final status (Unchangeability) • Authenticity: The signature serves as evidence that a certain person agreed with a declaration (=the content) (Association with person, legal presumptions) • Warning: Avoiding rashness by the signer; importance of the act • Identity: Allows identifying the person (Text of signature and non-repudiability, association with person, verifyability, unforgeable)

  23. EU Signature directive:Signatures • According to the directive, two major classes of signatures exist: • “El. signature”: Every data used for authentication • E. g. name at the end of an E-Mail • “Advanced el. signature”: Complicated, secure • Unique link to signatory • Cannot be forged • Capable of identifying the signator • Must include the name or some other characteristic • Created with means, which can be kept under sole control • Linked to data so no later changes are possible

  24. EU Signature directive:Certificates • Two types of certificates: • “Certificate” and “Qualified certificate” • “Qualified certificate”: Adv. signa. only with these • 10 requirements for the certificate itself • Issued by an CA for qualified certificates • 12 requirements + lots of rules • Allows limitations of scope or value of transactions • Pseudonym instead of name possible • Must contain country of CA (no central EU registry!) • Additional attributes can be incorporated • CA must explicitly verify those before issuing the certificate

  25. EU Signature directive:Revocation • Sometimes certificates must be revoked • Private key lost, chipcard stolen, password disclosed, ... • Technical problems • No generally agreed upon standard; different solutions • No offline check for revocation possible • Legal regulations (Austria): • EU: CA must provide “secure & immediate revocation service” • Must also be possible in (hand-)written form • At most after 3 hours completed • Two types: Preliminary (Lock) and final (Revocation)

  26. EU Signature directive: Legal effects (1) • Advanced signature + qualified certificate + secure signature-creation device: • Must satisfy legal requirements in same manner as handwritten signatures on paper • Can be used as a replacement • Must be admissible as evidence in legal proceedings • But might be of less or more “value” than signatures on paper! • NO legal presumptions • Austria: Presumption that signed content is from the signator • Certificates: Admissible in proceedings and non-discrimination

  27. EU Signature directive: Legal effects (2) • Area where el. signatures are equal to handwritten ones (and have the same effect) are open to states • Restrictions are in the E-Commerce directive: It must be possible to conclude everything electronically, except • All real estate contracts excluding rental rights • All contracts requiring courts, public authorities or professions exercising public authority (e.g. notaries) • Contracts of suretyship by persons acting for purposes outside their trade, business or profession • Contracts of family law or the law of succession

  28. EU Signature directive: Liability • CA is liable to ANYONE who reasonably relied on a qualified certificate, for • all information in the certificate at the time of issuing, • that it is a valid qualified certificate, • the signator held the private key • private and public key match unless the CA proves, he did not act negligently • failure to register revocation of a certificate • No liability over/outside limitations in the certificate

  29. EU Signature directive: Requirements for CA • General reliability • Ensure operation of secure and reliable directory and revocation services • Personnel with expert knowledge • Trustworthy systems and products • Sufficient financial resources • Extensive logging of all relevant actions • Informing customers  Requires a secure computing center, large organization and numerous experts  Rare!

  30. EU Signature directive: Accreditation • Purely optional • A kind of “official seal” • States can set higher standards than in the directive for these CA’s • Austria: Exactly the same • “Replacement” for model “no licensing required” • Seal is only awarded AFTER verification!

  31. EU Signature directive: Various • For public sector additional requirements for el. signatures can be prescribed • No prior authorization required for CA’s • CA’s may operate within the whole EU • Cert. from foreign CA’s are equal to national ones • Special rules for data protection • CA may collect ANY information ONLY from the subject itself • … See the directive and the local laws/ordinances!

  32. Implementation in Austria • RTR: Broadcast & Telecomm. Regulation Incorp. • Public supervision, registration of CA’s • A-SIT: Secure Inform. Technology Center-Austria • Technical part: Inspection of CA’s for RTR • Association: University Graz, Ministry of Finance, Austrian National Bank • Currently 5 CA’s; 2 offering advanced signatures • Few certificates in use • Lack of applications • Only very recently advanced signatures available

  33. US El. Signatures Act(1) • Much broader than EU directive, much less technical • Electronic records • Allows electronic archiving of papers • Transferable electronic records • Person stated in evidencing system is the current owner • Single authoritative copy • Electronic signatures • = Sound, symbol, process attached to or logically associated with a record and attached with the intent to sign the record. • Non-discrimination of both • No invalidity solely because of electronic form!

  34. US El. Signatures Act(2) • Exemptions: • Creation/Execution of wills, codicils or testamentary trusts • Adoption, divorce or other matters of family law • All commercial transactions except sales, leases, waivers of renunciation • Court documents (orders, notices, pleadings, …) • Cancellation or termination of utility services, health insurance or life insurance • Certain notices regarding primary residences of individuals (repossession, eviction, ...) • Accompanying documents for hazardous goods

  35. US El. Signatures Act(3) • Transferable records: • Prove for ownership of a right is a record • E. g. “classic” shares, cash, … • Problem of perfect copies: • “Authoritative” copy needed • Owner / Later owner must be shown on it • System for evidencing transactions required • Actual control needed • Unalterable • Changes only possible with consent of current owner • Can be solved by signatures and trusted systems Unknown whether actually in use or not!

  36. Literature/Links: • EU Signature directive: 1999/93/EC, L 13/12-20 19.1.2000 • EU E-Commerce directive:2000/31/EC, L 178/1-16 17.7.2000 • Austrian Signature Law:SigG BgBl I Nr. 190/1999 idF BgBl I Nr. 152/2001 • Austrian Signature Ordinance:SigVO BgBl II Nr. 30/2000 • US El. Signature Act: http://www.dud.de/dud/documents/usesignact0608.pdf • Mayr-Schönberger/Pilz/Reiser/Schmölzer: Praxiskommentar Signaturgesetz. Wien: Orac 1999

More Related