Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers...
Transcript of Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers...
![Page 1: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/1.jpg)
John Zic
CSIRO ICT Centre
INCO TRUST, New York, May 2010
Trust in the Internet:
Observations on Being Highly Connected
![Page 2: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/2.jpg)
![Page 3: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/3.jpg)
“the soul invariably travels
at the speed of a camel”
![Page 4: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/4.jpg)
“the soul invariably travels
at the speed of a camel”
BBC NEWS: http://news.bbc.co.uk/go/pr/fr/-/today/hi/today/newsid_8626000/8626927.stm Published: 2010/04/17 10:13:07 GMT
Photo: Sigurberg Hauksson, Eyjafjallajökull eruption April 2010, http://www.flickr.com/photos/sigurberg/4541269813/sizes/l/
Our desire to communicate
is greater
![Page 5: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/5.jpg)
Dec 1969
4 destinationsUniversity of California Santa Barbara; UCLA;
SRI; University of Utah
•8 IP addresses
•4 IP links
http://www.computerhistory.org/timeline/?year=1970
So we built the Internet
![Page 6: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/6.jpg)
Dec 1969
4 destinationsUniversity of California Santa Barbara; UCLA;
SRI; University of Utah
•8 IP addresses
•4 IP links
http://www.computerhistory.org/timeline/?year=1970
Jan 2000
154,104 destinations
• 220,533 IP addresses
• 374,013 IP links
• 5,107 Autonomous Systems
So we built the Internet
![Page 7: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/7.jpg)
Dec 1969
4 destinationsUniversity of California Santa Barbara; UCLA;
SRI; University of Utah
•8 IP addresses
•4 IP links
http://www.computerhistory.org/timeline/?year=1970
Jan 2000
154,104 destinations
• 220,533 IP addresses
• 374,013 IP links
• 5,107 Autonomous Systems
Jan 2008
~ 48,000,000 destinations
• 4,853,991 IP addresses
• 5,682,419 IP links
• 17,791 Autonomous Systems
So we built the Internet
![Page 8: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/8.jpg)
With growth comes complexity
![Page 9: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/9.jpg)
With growth comes complexity
http://www.caida.org/research/topology/as_core_network
/
![Page 10: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/10.jpg)
With growth comes complexity
http://www.caida.org/research/topology/as_core_network
/
Easy, rapid interchange and
aquisition of vast amounts of data
![Page 11: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/11.jpg)
Driver (1) - What are the major issues and problems
faced by your organisations? **
Control of information across and within organisations (including departments) when collaborating!
Realising solutions requires establishment and maintenance of:
• Trust relationships
• Information privacy
• Security
between collaborators.
** From members of CeNTIE2 Project Enterprise Systems Focus Group, September 2005 (2 major Australian banks & 2 government departments)
![Page 12: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/12.jpg)
Driver (2)
So: who/what is going to save us?
CSIRO.
“It's every man for himself,” he says,
grinning.
In the end, it seems every machine
has to defend itself.
The Internet was designed that way.”
http://www.guardian.co.uk/technology/2008/oct/02/interviews.internet
Jack Schofield meets Vint Cerf, the 'father of the internet'
This article was published on guardian.co.uk at 00.01 BST on Wednesday 1 October 2008. A version appeared on p1 of the Technology Guardian
section of the Guardian on Thursday 2 October 2008. It was last modified at 00.09 BST on Thursday 2 October 2008.
Vint Cerf, 1 Oct 2008
![Page 13: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/13.jpg)
Working together requires trust
CSIRO Sydney
DSTO Adelaide
HxI project, 2008
NICTA, CSIRO, DSTO
![Page 14: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/14.jpg)
“On the Internet,
nobody knows
you're a dog”
Peter Steiner, The New Yorker Vol.69 (LXIX) no. 20, July 5, 1993 p61
The Internet Dog
![Page 15: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/15.jpg)
“On the Internet,
nobody knows
you're a dog”
Peter Steiner, The New Yorker Vol.69 (LXIX) no. 20, July 5, 1993 p61
The Internet Dog
Let alone breed …
![Page 16: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/16.jpg)
“On the Internet,
nobody knows
you're a dog”
Peter Steiner, The New Yorker Vol.69 (LXIX) no. 20, July 5, 1993 p61
The Internet Dog
Let alone breed …
or temperament …
![Page 17: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/17.jpg)
Refining the meaning of trust
Something can be trusted when
• It can be unambiguously identified
• It operates unhindered
• A user has access to either:
• First hand experience of its consistent good behaviour
or
• Someone who can vouch for its consistent good behaviour.
Graham Proudler, HP Labs Bristol;
See also IETF RFC4949 Internet Security Glossary, Version 2
![Page 18: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/18.jpg)
Trust from the systems viewpoint
• A Trusted System behaves exactly as specified and no
more, despite
• Disruptions by environmental factors
• Errors cause by human or automated interaction, or
• Hostile attacks on the system.
![Page 19: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/19.jpg)
Examining the elements of trust
• Identity
• Unhindered operation
• Proof of good behaviour
CSIRO
![Page 20: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/20.jpg)
Examining the elements of trust
• Identity
• Unhindered operation
• Proof of good behaviour
CSIRO
![Page 21: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/21.jpg)
Examining the elements of trust
• Identity
• Unhindered operation
• Proof of good behaviour
CSIRO
Operational
![Page 22: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/22.jpg)
Identity
![Page 23: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/23.jpg)
Identity
Complete identity
• Relation over a set of all
information associated with an
entity that can be used to
describe the entitity’s
distinguishing features in all
possible contexts of use.
Relative identity
• Relation over a subset of
information associated with an
entity in a particular context that
can be used to uniquely
characterise that entity
![Page 24: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/24.jpg)
Nyms
• Term coined by Ian Goldberg** to represent the types of
identifiers used on the Internet and the amount of information
that they reveal about your identity.
• Taxonomy
• Verinym
• Persistent Pseudonym
• Anonym
• Linkable
• Unlinkable
** Ian Goldberg, “A Pseudonymous Communications
Infrastructure for the Internet”, PhD thesis, University of
California at Berkeley, 2001
![Page 25: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/25.jpg)
Taxonomy of identifiers and identities
Verinym
• “true name” - an identifier that links to a sufficiently large subgraph
of (complete) identity.
• Linkable, Persistent
• Examples (for humans) may include:
• Passport
• Driver’s License
• Credit card number
Persistent pseudonym
• No linkage to a relative identity graph
• New “node” in complete identity graph
• Persistent; can determine that the same thing or individual carried
out prior activities
CSIRO
![Page 26: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/26.jpg)
Nyms
Anonym (no links to identity graph)
• Linkable
• Limited, non-persistent identifier;
• Can however determine that same thing individual carried out prior
activity or transactions e.g.
• Prepaid SIM card using cash to purchase
• Loyalty cards in some circumstances
• Unlinkable
• No identifier;
• No way of finding out if same individual carried out some prior activity
or transaction
• Cash payment for shopping
![Page 27: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/27.jpg)
Managing Identity Information
• Complex!
• Needs a set of processes associated with creation, use and verification of information that links to an identity graph.
• Includes processes for:
• Verification of supplied identifying information.
• Authentication of a claimed identity.
• Access control mechanisms for the control of available information based on authenticated identity.
• The configuration of applications or systems to provide the access required in response to the provision of authenticated identity information.
• The provision and registration of authentication credentials
• The secure storage of identity information ensuring the availability of this information where and when it is needed.
• The safe storage of identity information, including the ability to recover any information that may be lost, damaged, or corrupted.
CSIRO
![Page 28: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/28.jpg)
Review
Something can be trusted when
• It can be unambiguously identified
• It operates unhindered
• The user has either:
• First hand experience of consistent good behaviour
or
• Someone who can vouch for consistent good behaviour.
![Page 29: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/29.jpg)
Unhindered operation
• Unhindered operation is synonymous with fault tolerance
• System/component needs to operate as specified, despite faults
caused by errors that are a result of human or automatic
responses, or deliberate malicious acts, or environmental factors
• Requirement: identification of faults to be tolerated
• Requirement: Need to understand and distinguish between
potential adversaries
![Page 30: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/30.jpg)
Operates unhindered despite …
“… there are known knowns. There are things
we know that we know.
There are known unknowns. That is to say
there are things that we now know we don't
know.
But there are also unknown unknowns.
There are things we do not know we don't
know.”http://en.wikiquote.org/wiki/Donald_Rumsfeld -- sourced 23/09/09
![Page 31: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/31.jpg)
Unhindered operation…
• Relies on critical examination of expected faults and attacks on
the system
• Take appropriate counter measures when designing the system
to allow it to progress despite the presence of faults
• Requires understanding of expected, or known, attacks and
other misbehaviours
• In short: good architecture, design and careful engineering
required to assure that Quality of Service metrics are met
![Page 32: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/32.jpg)
Review
Something can be trusted when
• It can be unambiguously identified
• It operates unhindered
• The user has either:
• First hand experience of consistent good behaviour
or
• Someone who can vouch for consistent good behaviour.
![Page 33: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/33.jpg)
Consistent good behaviour
![Page 34: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/34.jpg)
Consistent good behaviour
Example: A claims to B that it always behaves well.
How can B be assured that this is true?
Possible approaches:• Previous experience of A
• Complete characterisation of A by B (and v.v.)
• Current agreement between A and B as to terms and conditions of exactly constitutes “good behaviour”
• Define and agree on “good behaviours”
• Manage “bad behaviours” or exceptions
• Combination of the above
• Any of these may be done • by B directly or
• another third party who B already knows and trusts.
![Page 35: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/35.jpg)
Consistent good behaviour
Example: A claims to B that it always behaves well.
How can B be assured that this is true?
Possible approaches:• Previous experience of A
• Complete characterisation of A by B (and v.v.)
• Current agreement between A and B as to terms and conditions of exactly constitutes “good behaviour”
• Define and agree on “good behaviours”
• Manage “bad behaviours” or exceptions
• Combination of the above
• Any of these may be done • by B directly or
• another third party who B already knows and trusts.
Past
![Page 36: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/36.jpg)
Consistent good behaviour
Example: A claims to B that it always behaves well.
How can B be assured that this is true?
Possible approaches:• Previous experience of A
• Complete characterisation of A by B (and v.v.)
• Current agreement between A and B as to terms and conditions of exactly constitutes “good behaviour”
• Define and agree on “good behaviours”
• Manage “bad behaviours” or exceptions
• Combination of the above
• Any of these may be done • by B directly or
• another third party who B already knows and trusts.
Past
Present
![Page 37: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/37.jpg)
Consistent good behaviour
Example: A claims to B that it always behaves well.
How can B be assured that this is true?
Possible approaches:• Previous experience of A
• Complete characterisation of A by B (and v.v.)
• Current agreement between A and B as to terms and conditions of exactly constitutes “good behaviour”
• Define and agree on “good behaviours”
• Manage “bad behaviours” or exceptions
• Combination of the above
• Any of these may be done • by B directly or
• another third party who B already knows and trusts.
Past
Present
Future
![Page 38: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/38.jpg)
Previous experience…
• A record of a set of actions that A performs is kept for B• What actions are recorded, and what actions can be ignored?
• Need for an agreement to be reached as to what is “good behaviour”
• Where are the actions recorded?
• Who records the actions?
• From this record, and agreed upon measure of good behaviour, B then assigns some confidence in the truth the claim that A always behaves well.
• The record can be used to develop a measure of reputation• Reputation based systems for vendors on eBay or Amazon
• The record can also be used to find, and act upon, misbehaviours
• Accountability system
• Provide undeniable evidence for resolving disputes
![Page 39: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/39.jpg)
Example
• A Contract-based Accountability Service [ICWS 2009]
• A schema for specifying accountable contracts between service
providers.
• A contract defined based on the schema is auditable in an automatic
way
• Protocols to support this model and define mechanisms for
evidence management.
• What is in a contract?
• The set of identified participants
• A set of states that can be observed by all parties
• A set of activity logging events
• A set of specifications that relate activities to state transitions
![Page 40: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/40.jpg)
Example misbehaviours
Misbehaviour Defense mechanism
1. The service provider ignores or fails to
commit a valid data state change request.
Ac & Ap remain in the old data state after the corresponding
“put_started” activity log expires. The faulty party is not
distinguishable. It can be caused by either a service
consumer does not submit the request in time, or the
service provider ignores the request.
2. The service consumer fails to submit a
proposed operation.
3. The service provider reverts or tampers data
created by a service consumer.
Ac & Ap can detect that the data is not consistent with the
data state they observe when the data is requested via an
accountable-get operation. The faulty party can be
identified as c is provable not initiate the operation.
4. The service consumer denies that it has
submitted an operation.
As a service request is signed by the service consumer, the
fact is undeniable by its signature.
5. The service consumer denies that it has
submitted an put operation to the service
provider at data state T.
As the service provider needs a token from Ac & Ap to
submit an accountable-put. The fact is undeniable through
the logs in Ac & Ap.
6. The service provider uses old tokens to
revert data states (replay attack).
A token carries a data state and a timestamp. The contract
specifies the timeout value for a party to acknowledge a
token. They can be used to defend replay attack.
7. The service provider allows unauthorized
get access from other parties to the data.
Not detectable in our model.
![Page 41: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/41.jpg)
Complete characterisation
• Before any transaction between two parties A and B, an exchange of information is made characterising all their possible behaviours to each other.
• Requires secure transfer of information
• Requires authentication
If measure is as expected
• transaction proceeds
Else
• transaction is cancelled.
• Fundamental basis for the widely deployed (but not utilised) Trusted Platform Module
• Cryptographic microcontroller chip in most PCs
• Needs supporting infrastructure and protocols between components of the infrastructure to be effective
![Page 42: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/42.jpg)
Example use of complete characterisation
![Page 43: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/43.jpg)
Example use of complete characterisation
![Page 44: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/44.jpg)
Example use of complete characterisation
Secure, trusted transfer of
medical records using
Trusted Platform Module
![Page 45: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/45.jpg)
Complete characterisation -- issues
• Any change to the operational environment requires updating
all characterisation information
• Applications -- new or versions
• Operating System -- updates and patches
• Device drivers -- new or revised
• Hardware
• OK for extremely well managed systems
• Not good on general purpose machines
• Alternative – small, dedicated and controlled environment
known by each participant
• e.g. Trust Extension Device (TED); sensor network node
(SecFleck)
![Page 46: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/46.jpg)
Trust Extension Device (TED)
• One solution to end-point trust
• Two instantiations: software TED + hardware TED
• Both identity and operational integrity (behaviour) are proven
before any transaction or information is exchanged
![Page 47: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/47.jpg)
Trust Extension Device (TED)
• One solution to end-point trust
• Two instantiations: software TED + hardware TED
• Both identity and operational integrity (behaviour) are proven
before any transaction or information is exchanged
Cryptographic controller (TPM)Power Supply
Subsystem
Daughterboard
(CPU, memory --
reverse side)
![Page 48: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/48.jpg)
TED Enterprise Architecture
Privacy
Certifying
AuthorityIssuer
Application Server
Host Machine
TEDOwned by
issuer
Mutual attestation protocol between TED, PCA and App server:
Before each transaction, each entity proves to each other that their apps, OS, drivers and hardware are
• unaltered and • operating as specified
![Page 49: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/49.jpg)
Future behaviour agreement
• Again requires a Contract between participants, managed by
• Either the participants themselves,
or
• a trusted third party
• Recall that a contract contains:
• The set of identified participants
• A set of states that can be observed by all parties
• A set of activity logging events
• A set of specifications that relate activities to state transitions
• Requires a complementary monitoring and accountability system
• Contractual obligations are always satisfied
• Exceptions (misbehaviours) are captured in an irrefutable manner
![Page 50: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/50.jpg)
Examples
• A Contract-based Accountability Service [ICWS 2009, SCC 2010]
• Set up between multi-party collaborations between enterprises
• Identities known
• Contract expresses agreed upon:• Policies for sharing
• Workflows for collaboration
• Work flows agreed
• Accountable Internet Protocol [SIGCOMM’08]
• Self-certifying IP address
• Routers are trusted parties
• Accountable Network Storage (CATS) [TOS 2007]
• Use an external publishing medium to store evidence
• Ensuring correctness over untrusted private database [EDBT’07]
• Periodically freezes the values of data items to generate proofs
• The proofs guarantee the authenticity of the frozen values.
CSIRO
![Page 51: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/51.jpg)
Conclusions
• Trusted interactions rely on three components:
• Identity information
• Assuring reliable operation despite outside interference or
environment
• Proofs that the system will always behave in a known manner
• The amount of interconnectedness, and ease with which
information is accessible, offers many research challenges how
to do this on a sufficient scale.
![Page 52: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/52.jpg)
Conclusions
• Trusted interactions rely on three components:
• Identity information
• Assuring reliable operation despite outside interference or
environment
• Proofs that the system will always behave in a known manner
• The amount of interconnectedness, and ease with which
information is accessible, offers many research challenges how
to do this on a sufficient scale.
“It's every man for himself,” he says,
grinning. In the end, it seems every
machine has to defend itself. The
Internet was designed that way.”
![Page 53: Trust in the Internet: Observations on Being Highly Connectedrebecca.wright/INCO... · identifiers used on the Internet and the amount of information that they reveal about your identity.](https://reader036.fdocuments.net/reader036/viewer/2022071116/5ffd6141a1ab173cea406bcb/html5/thumbnails/53.jpg)