A Comparison of Trust Models - Semantic Scholar · hw/sw/standards ISO/X.509 ETSI/CEN M460 ISPPAP,...
Transcript of A Comparison of Trust Models - Semantic Scholar · hw/sw/standards ISO/X.509 ETSI/CEN M460 ISPPAP,...
A Comparison of Trust Models
Marc Sel
Director
PwC
Agenda
• Introduction• Trust• Overview of selected trust models
• ICAO PKD (PKI Directory) • EU LOTL (List of Trusted Lists)• US FICAM (Federal Identity, Credential, and Access Management)• POW models (Proof Of Work)
• Comparison
• Appendix• Abbreviations • Further references
2
Introduction
• Scope of this presentation: application level trust models
• This encompasses components in different categories:• Computational trust• Technical/operational trust• Legal/regulatory
• Trust model typically combines components from these categories
• For this presentation the ‘rest of the service stack’, i.e. hardware, OS, etc. are excluded
3
Trust
“Trust (or, symmetrically, distrust) is a particular level of the subjective probability with which an agent assesses that another agent or group of agents will perform a particular action, both before he can monitor such action (or independently of his capacity ever to be able to monitor it) and in a context in which it affects his own action. When we say we trust someone or that someone is trustworthy, we implicitly mean that the probability that he will perform an action that is beneficial or at least not detrimental to us is high enough for us to consider engaging in some form of cooperation with him.”
Source: Diego Gambetta. Trust: Making and breaking cooperative relations - can we trust trust? 1988.
4
Trust model 1: ICAO PKD
ICAO Council
ICAO PKD
created
ICAO PKD Board
PKD Board Rules of ProcedureProcedure to Determine the PKD Board Composition Replacement of PKD Board Members Procedure for MOU Amendments
PKD MOU
Governance
Operation
Netrust (SG)
ICAO Members
Procedure for Handling Operational ComplaintsProcedure for PKD Fee Schedule Procedures for the ICAO PKDRegulations for the ICAO PKD
Established in 2007 to support global interoperability of ePassport validation to act as a central broker to manage the exchange of certificates and certificate revocation lists.
5
Trust model 1: ICAO PKD ICAO scheme for chip integrity through PA
Issuing State A Relying State B
CSCA
DSCA
ICAO PKD IS [BAC]PASAC [AA][EAC]
eMRTD from
Issuing State A
DS CertificatesDS CRL
Issuing Authority
Signs
DSCA certificate
Signs SOD
Verifies SOD
CS CertificatesCS revocation
May optionally contain
DS certificate ISO/IEC 14443 ISO/IEC 7816-4
6
Trust model 2: EU LOTL
National Accreditation
Body
Conformity Assessment Body (CAB)
Accredits
TSP
Assess
Supervisory Body (SB)
Supervises
Trust Lists per Member State
Report
EU LOTL
List of Trusted Lists
EA
7
Trust model 3: US FICAM
8
Trust Model 3 - US FICAM
WHAT - Federal Identity, Credential, and Access Management (FICAM) Program tasked with aligning the Identity Management activities of the US Government. FICAM’s focus is to assure the security and privacy of Government to Citizen (G2C), Government to Business (G2B) and Government to Government (G2G) digital interactions and services.
WHY - HSPD-12 - Information Sharing Environment ISE - Need for Federal HOW
• Federal CIO Council established an ICAM Subcommittee, and a ICAM Segmented Architecture was established as per the Federal Enterprise Architecture (FEA), in a 5 layer Segmented Architecture (Performance, Business, Technology, Services, Data)
• General Services Administration (GSA) operates FICAM testing program with oversight from the Office of Management and Budget (OMB)
• Concept of Trust Framework Providers (TFP)
• The TFPAP defines a process whereby the government can assess the efficacy of the Trust Frameworks for federal purposes so that an Agency service can trust an electronic identity credential provided to it at a known Level of Assurance (LOA)
• LOAs originate from OMB Memorandum M-04-04, E-Authentication Guidance for Federal agencies, 2003, supplemented by NIST SP 800-63-2
9
Source: http://www.idmanagement.gov/approved-identity-services
@GSA
Trust Model 4 POW - Bitcoin
• The Bitcoin Ecosystem allegedly originated from software developed by Satoshi Nakamoto and released in January 2009
• With regard to cryptography, based on a combination of Elliptic Curve Cryptography, RIPEMD and SHA256 hashing.
• Bitcoin Reference Client = ‘full client’ with wallet, miner, blockchain copy and network node
• Various versions of ‘partial clients’ are implemented too• The BTC software is now maintained by volunteer open-source
community coordinated by four core developers. • As of April 2013, Satoshi Nakamoto was estimated to have
obtained 1,814,400 BTC, of which he still owned 1,148,800 BTC.
11
How does Bitcoin work?Core model
P2P
WalletKeypair (ECC)
Address RIPEMD/SHA256
MinerPrepare candidate block
Attempt to find nonce
Blockchain (full copy) Network node Propagation
Exchange
Reference Client (‘Full node’)
Persistent Temporary
Wallet’s new trx
Miner’s candidate
block
12
Why Trust Bitcoin?
“Distributed Consensus based on Proof of Work”
Without a central repository or trusted administrator, why should any person
accept BTC? BTC is designed to address three challenges to BTC authenticity:
1) Is this BTC really from the payor?
– BTC’s include a digital signature with payor identification (similar to those
used to authenticate typical Internet transactions)
2) Is the payee receiving a “real” BTC?
– BTC’s must contain data meeting certain mathematical rules. The data is
easily validated as meeting the rules, but fabricating this data requires
immense computing power.
3) Has the payor used the same BTC to pay another payee?
– The BTC data contains a history of its use, so payee’s can easily validate
that the BTC has not been used multiple times by the same payor.
13
Comparison
ICAO PKD eIDAS US FICAM Bitcoin(blockchain)
Actor: initiator ICAO Council European Commission / European Parliament (legislative)
Fed CIO Council (administrative)
"Satoshi Nakamoto"
Actor:governor/oversight
PKD Board EC/EP OMB P2P model with reference implementation
Actor: operator Netrust (SG) EC and Member States
GSA and TFS program
Individual nodes and exchanges
Actor: assessors Self-assessment SB, EA and CABs GSA-TFPAP, TFP AAs n/aActor: subscribers Travellers from ICAO
membersEU Citizens C2G/B2G Anyone
Actor: relyingparties
IS of visited countries Primarily PS Fed Agencies Anyone
14
ComparisonICAO PKD eIDAS US FICAM Bitcoin
(blockchain)Objective Worldwide authenticity
of travel document & bearer
Enhance trust in electronic transactions (EU eID and Trust Services) for the Internal Market, for Natural and Legal Persons
US electronic Identity plus management of credentials and access, of NP for Federal Gov
Worldwide dematerialised money (fiduciary)
Mechanism MOU EU Regulation (mandatory for Member States) + ESO M460
FICAM Program (ICAM, FPKI, TFS, HSPD-12, FIPS 201) -"rules for participation"
Voluntary participation
Impacts Participating States EU-based IdPs that want to have their credentials recognised by MS public sector Relying Parties. TSPs that want their services to have legal effect.
US Fed Agencies and private sector TFPs that want to have their credentials trusted by US Fed Agencies
Payer/payees willing to accept bitcoins
15
Comparison
ICAO PKD eIDAS US FICAM Bitcoin(blockchain)
Structuringprinciple
Participation by eMRTD Authority (EMA)
Notification for eID (low, substantial, high), discretionary qualification of TS (electronic, advanced, qualified) with supervision
Authority To Offer Services (ATOS) through TFS program for service delivery to FedGov
Mining (finding a hashvalue that meets specific constraints)
Conformitymechanism
Registration procedure and test bench procedure
MS notification of eID to EC/MS SB registration in LOTL, MS SB's TL
TFS ATOS and TFP (OIX, Kantara, …) assessment
n/a
Supportinghw/sw/standards
ISO/X.509 ETSI/CEN M460 ISPPAP, NIST SP 800 series and FIPS 201 (PIV)
Compliance to reference implementation
Regulations PKD Regulations EU 910/2014 + IAs FICAM (supported by SP 800-63) - FISMA (supported by SP 800-53)
Electronic money regulations
16
Comparison
ICAO PKD eIDAS US FICAM Bitcoin(blockchain)
Machine readableinformation
Machine readable error codes for non-conformant entries in the PKD
LOTL and TLs TFP metadata Blockchain
Liability ICAO MOU Art 6: ICAO exempt, participants for their own errors/omissions
Identity (Art. 11): in X-border trx, notifying MS, issuer, operator of the authentication procedure. Trust Services (Art. 13): TSPs
Identity proofing: CAB, but TFPAP limited to technical compliance
Own responsibility. When using a service provider, some contractual liability may be provided
17
Conclusion• At cryptographic level, there are no business semantics involved, hence the technical trust model is simple• Application level trust models have been created to solve a particular problem, not a generic one• Defining and comparing such trust models is not simple• In a nutshell:
• ICAO PKD distributes certificates on the basis of a MOU• EU eIDAS aims at providing the legal foundation for STORK and
at providing legal effect for electronic trust services artefacts• US FICAM offers an identity framework with no legal effect as it
is limited to the technical aspect• POW schemes are different, both in their technology and in their
(lack of) liability and legal effect
18
Appendix
Abbreviations• AAs – Assurance Assessors (US CAB for FICAM)
• CAB – Conformity Assessment Body (ISO concept)
• EC – European Commission
• EP – European Parliament
• ESO – European Standard Organisations (CEN/CENELEC/ETSI)
• GSA –
• IA – Implementing Acts
• ICAM – Identity, Credentials and Access Management
• ICAO – International Civil Aviation Authority
• MOU – Memorandum Of Understanding
• MS – Member State
• M460 – Mandate 460 from EC to ESO
• OMB – Office of Management and Budget
• PKD – PKI Directory
• P2P – Peer to Peer
• SB – Supervisory Body
Further references• ICAO PKD http://www.icao.int/security/mrtd/pages/ICAOPKD.aspx• eIDAS - Regulation 910/2014 of the European Parliament and of
the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC
• European LOTL - https://ec.europa.eu/digital-agenda/en/eu-trusted-lists-certification-service-providers
• US - Idmanagement.gov - HSPD-12, PIV, ICAM (Identity, Credentials, Access Management), ...
• US - Idecosystem.org - ID Ecosystem Steering Group - the NSTIC ecosystem - IDESG
• Bitcoin - https://bitcoin.org/en/