A Comparison of Trust Models

Marc Sel

Director

PwC

Agenda

• Introduction• Trust• Overview of selected trust models

• ICAO PKD (PKI Directory) • EU LOTL (List of Trusted Lists)• US FICAM (Federal Identity, Credential, and Access Management)• POW models (Proof Of Work)

• Comparison

• Appendix• Abbreviations • Further references

2

Introduction

• Scope of this presentation: application level trust models

• This encompasses components in different categories:• Computational trust• Technical/operational trust• Legal/regulatory

• Trust model typically combines components from these categories

• For this presentation the ‘rest of the service stack’, i.e. hardware, OS, etc. are excluded

3

Trust

“Trust (or, symmetrically, distrust) is a particular level of the subjective probability with which an agent assesses that another agent or group of agents will perform a particular action, both before he can monitor such action (or independently of his capacity ever to be able to monitor it) and in a context in which it affects his own action. When we say we trust someone or that someone is trustworthy, we implicitly mean that the probability that he will perform an action that is beneficial or at least not detrimental to us is high enough for us to consider engaging in some form of cooperation with him.”

Source: Diego Gambetta. Trust: Making and breaking cooperative relations - can we trust trust? 1988.

4

Trust model 1: ICAO PKD

ICAO Council

ICAO PKD

created

ICAO PKD Board

PKD Board Rules of ProcedureProcedure to Determine the PKD Board Composition Replacement of PKD Board Members Procedure for MOU Amendments

PKD MOU

Governance

Operation

Netrust (SG)

ICAO Members

Procedure for Handling Operational ComplaintsProcedure for PKD Fee Schedule Procedures for the ICAO PKDRegulations for the ICAO PKD

Established in 2007 to support global interoperability of ePassport validation to act as a central broker to manage the exchange of certificates and certificate revocation lists.

5

Trust model 1: ICAO PKD ICAO scheme for chip integrity through PA

Issuing State A Relying State B

CSCA

DSCA

ICAO PKD IS [BAC]PASAC [AA][EAC]

eMRTD from

Issuing State A

DS CertificatesDS CRL

Issuing Authority

Signs

DSCA certificate

Signs SOD

Verifies SOD

CS CertificatesCS revocation

May optionally contain

DS certificate ISO/IEC 14443 ISO/IEC 7816-4

6

Trust model 2: EU LOTL

National Accreditation

Body

Conformity Assessment Body (CAB)

Accredits

TSP

Assess

Supervisory Body (SB)

Supervises

Trust Lists per Member State

Report

EU LOTL

List of Trusted Lists

EA

7

Trust model 3: US FICAM

8

Trust Model 3 - US FICAM

WHAT - Federal Identity, Credential, and Access Management (FICAM) Program tasked with aligning the Identity Management activities of the US Government. FICAM’s focus is to assure the security and privacy of Government to Citizen (G2C), Government to Business (G2B) and Government to Government (G2G) digital interactions and services.

WHY - HSPD-12 - Information Sharing Environment ISE - Need for Federal HOW

• Federal CIO Council established an ICAM Subcommittee, and a ICAM Segmented Architecture was established as per the Federal Enterprise Architecture (FEA), in a 5 layer Segmented Architecture (Performance, Business, Technology, Services, Data)

• General Services Administration (GSA) operates FICAM testing program with oversight from the Office of Management and Budget (OMB)

• Concept of Trust Framework Providers (TFP)

• The TFPAP defines a process whereby the government can assess the efficacy of the Trust Frameworks for federal purposes so that an Agency service can trust an electronic identity credential provided to it at a known Level of Assurance (LOA)

• LOAs originate from OMB Memorandum M-04-04, E-Authentication Guidance for Federal agencies, 2003, supplemented by NIST SP 800-63-2

9

Source: http://www.idmanagement.gov/approved-identity-services

@GSA

Trust Model 4 POW - Bitcoin

• The Bitcoin Ecosystem allegedly originated from software developed by Satoshi Nakamoto and released in January 2009

• With regard to cryptography, based on a combination of Elliptic Curve Cryptography, RIPEMD and SHA256 hashing.

• Bitcoin Reference Client = ‘full client’ with wallet, miner, blockchain copy and network node

• Various versions of ‘partial clients’ are implemented too• The BTC software is now maintained by volunteer open-source

community coordinated by four core developers. • As of April 2013, Satoshi Nakamoto was estimated to have

obtained 1,814,400 BTC, of which he still owned 1,148,800 BTC.

11

How does Bitcoin work?Core model

P2P

WalletKeypair (ECC)

Address RIPEMD/SHA256

MinerPrepare candidate block

Attempt to find nonce

Blockchain (full copy) Network node Propagation

Exchange

Reference Client (‘Full node’)

Persistent Temporary

Wallet’s new trx

Miner’s candidate

block

12

Why Trust Bitcoin?

“Distributed Consensus based on Proof of Work”

Without a central repository or trusted administrator, why should any person

accept BTC? BTC is designed to address three challenges to BTC authenticity:

1) Is this BTC really from the payor?

– BTC’s include a digital signature with payor identification (similar to those

used to authenticate typical Internet transactions)

2) Is the payee receiving a “real” BTC?

– BTC’s must contain data meeting certain mathematical rules. The data is

easily validated as meeting the rules, but fabricating this data requires

immense computing power.

3) Has the payor used the same BTC to pay another payee?

– The BTC data contains a history of its use, so payee’s can easily validate

that the BTC has not been used multiple times by the same payor.

13

Comparison

ICAO PKD eIDAS US FICAM Bitcoin(blockchain)

Actor: initiator ICAO Council European Commission / European Parliament (legislative)

Fed CIO Council (administrative)

"Satoshi Nakamoto"

Actor:governor/oversight

PKD Board EC/EP OMB P2P model with reference implementation

Actor: operator Netrust (SG) EC and Member States

GSA and TFS program

Individual nodes and exchanges

Actor: assessors Self-assessment SB, EA and CABs GSA-TFPAP, TFP AAs n/aActor: subscribers Travellers from ICAO

membersEU Citizens C2G/B2G Anyone

Actor: relyingparties

IS of visited countries Primarily PS Fed Agencies Anyone

14

ComparisonICAO PKD eIDAS US FICAM Bitcoin

(blockchain)Objective Worldwide authenticity

of travel document & bearer

Enhance trust in electronic transactions (EU eID and Trust Services) for the Internal Market, for Natural and Legal Persons

US electronic Identity plus management of credentials and access, of NP for Federal Gov

Worldwide dematerialised money (fiduciary)

Mechanism MOU EU Regulation (mandatory for Member States) + ESO M460

FICAM Program (ICAM, FPKI, TFS, HSPD-12, FIPS 201) -"rules for participation"

Voluntary participation

Impacts Participating States EU-based IdPs that want to have their credentials recognised by MS public sector Relying Parties. TSPs that want their services to have legal effect.

US Fed Agencies and private sector TFPs that want to have their credentials trusted by US Fed Agencies

Payer/payees willing to accept bitcoins

15

Comparison

ICAO PKD eIDAS US FICAM Bitcoin(blockchain)

Structuringprinciple

Participation by eMRTD Authority (EMA)

Notification for eID (low, substantial, high), discretionary qualification of TS (electronic, advanced, qualified) with supervision

Authority To Offer Services (ATOS) through TFS program for service delivery to FedGov

Mining (finding a hashvalue that meets specific constraints)

Conformitymechanism

Registration procedure and test bench procedure

MS notification of eID to EC/MS SB registration in LOTL, MS SB's TL

TFS ATOS and TFP (OIX, Kantara, …) assessment

n/a

Supportinghw/sw/standards

ISO/X.509 ETSI/CEN M460 ISPPAP, NIST SP 800 series and FIPS 201 (PIV)

Compliance to reference implementation

Regulations PKD Regulations EU 910/2014 + IAs FICAM (supported by SP 800-63) - FISMA (supported by SP 800-53)

Electronic money regulations

16

Comparison

ICAO PKD eIDAS US FICAM Bitcoin(blockchain)

Machine readableinformation

Machine readable error codes for non-conformant entries in the PKD

LOTL and TLs TFP metadata Blockchain

Liability ICAO MOU Art 6: ICAO exempt, participants for their own errors/omissions

Identity (Art. 11): in X-border trx, notifying MS, issuer, operator of the authentication procedure. Trust Services (Art. 13): TSPs

Identity proofing: CAB, but TFPAP limited to technical compliance

Own responsibility. When using a service provider, some contractual liability may be provided

17

Conclusion• At cryptographic level, there are no business semantics involved, hence the technical trust model is simple• Application level trust models have been created to solve a particular problem, not a generic one• Defining and comparing such trust models is not simple• In a nutshell:

• ICAO PKD distributes certificates on the basis of a MOU• EU eIDAS aims at providing the legal foundation for STORK and

at providing legal effect for electronic trust services artefacts• US FICAM offers an identity framework with no legal effect as it

is limited to the technical aspect• POW schemes are different, both in their technology and in their

(lack of) liability and legal effect

18

Appendix

Abbreviations• AAs – Assurance Assessors (US CAB for FICAM)

• CAB – Conformity Assessment Body (ISO concept)

• EC – European Commission

• EP – European Parliament

• ESO – European Standard Organisations (CEN/CENELEC/ETSI)

• GSA –

• IA – Implementing Acts

• ICAM – Identity, Credentials and Access Management

• ICAO – International Civil Aviation Authority

• MOU – Memorandum Of Understanding

• MS – Member State

• M460 – Mandate 460 from EC to ESO

• OMB – Office of Management and Budget

• PKD – PKI Directory

• P2P – Peer to Peer

• SB – Supervisory Body

Further references• ICAO PKD http://www.icao.int/security/mrtd/pages/ICAOPKD.aspx• eIDAS - Regulation 910/2014 of the European Parliament and of

the Council of 23 July 2014 on electronic identification and trust services for electronic transactions in the internal market and repealing Directive 1999/93/EC

• European LOTL - https://ec.europa.eu/digital-agenda/en/eu-trusted-lists-certification-service-providers

• US - Idmanagement.gov - HSPD-12, PIV, ICAM (Identity, Credentials, Access Management), ...

• US - Idecosystem.org - ID Ecosystem Steering Group - the NSTIC ecosystem - IDESG

• Bitcoin - https://bitcoin.org/en/