Trust Management for E-Commerce

All human interaction is based on trust, meaning that we choose interaction partners and make commitment decisions based on how much we trust the other party. This applies to commerce as well as to ecommerce. In normal commerce, established frameworks, legal and other, provide protection and assurance upon which trust is built. Because e-commerce is largely based on information technology, IT security becomes a crucial trust factor. In fact we claim that a condition for e-commerce to be generally accepted is that the public trusts that appropriate security measures have been taken to protect businesses and consumers from misuse and fraud. This paper discusses management of trust related to IT security in the e-commerce environment. Security of E-Commerce E-commerce in open computer networks such as the Internet requires a set of security services in order to counter threats of misuse and fraud. The authentication security service shall provide proof of identity and thereby prevent an attacker from masquerading as a legitimate user. Nonrepudiation provides proof of expedition or receipt, so that it shall be impossible to falsely claim not having sent or received a digital message. Message confidentiality shall ensure that only legitimate users can read a message, and message integrity shall ensure that illegitimate modification, deletion, creation or replay of digital messages does not pass undetected. Availability shall ensure that an application is not disrupted by illegitimate actions. The security policy defines what is legitimate in every case. In practice security services are usually implemented by means of cryptographic mechanisms and one type of mechanism can often provide several security services. Encryption will for example provide both confidentiality and integrity. Public-key cryptography is the basis of several important security services such as non-repudiation and authentication and is an essential building block in SSL (Secure Sockets Layer) that is used for securing Web communication. A public/private key pair is used for encryption and digital signature and it is expected that every user and e-commerce player will have its own public/private key pair which will form the basis for the user’s or organisation’s digital identity in the e-commerce * Appears at Virtual Banking 2000, a virtual conference located at: http://virtualbanking2000.com environment. This requires the secure generation and distribution of potentially hundreds of millions of public/private key pairs, which poses a formidable key management challenge. Public-key infrastructures (PKI) simplify key management and distribution but create trust management problems. A PKI refers to an infrastructure for distributing public keys where the authenticity of public keys is certified by Certification Authorities (CA). A certificate basically consists of the CA’s digital signature on the public key together with the owner identity, thereby linking the two together in an unambiguous way. The structure of digital certificates is standardised by the ITU X.509 standard [X509]. In order to verify a certificate the CA’s public key is needed, thereby creating an identical authentication problem. The CA’s public key can be certified by another CA etc., but in the end you need to receive the public key of some CA, usually called the root CA, out-of-band in a secure way, an various solutions can be imagined for that purpose. However, there is a problem in this design. What happens if a CA issues a certificate but does not properly check the identity of the owner, or worse, what happens if a CA deliberately issues a certificate to someone with a false owner identity? Furthermore, what happens if a private key with a corresponding public-key certificate is leaked to the public domain by accident, or worse, by intent? Such events could lead to systems and users making totally wrong assumptions about identities in computer networks. Clearly CAs must be trusted to be honest and to do their job properly and users must be trusted to protect their private keys. Trust management includes methods for assessing policies regarding issuance and handling of public-key certificates and for determining whether these policies are adhered to by CAs and users. Digital certificates and PKIs represent an attempt to mimic real-world human assessment of identity and trustworthiness in an automated and mechanical fashion, but present implementations are based on a very limited trust model making them inadequate as a general tool for trust assessment and decision making. We will first explain how present PKIs are managed. Web PKIs and Managed PKIs The cryptographic aspects of PKIs are relatively well understood. The practical deployment of PKIs on the other hand requires management, and so far we have seen the emergence of two types of PKI management. The Internet uses a particular type of PKI that we will simply call the Web PKI. All root CA public keys are delivered with the Web browsers as self signed X.509 certificates, i.e. the public key has been certified by the corresponding private key. The only purpose of self certification is to simplify the certificate handling; the application always deals with public keys in the form of digital certificates. Self certification provides no additional trust in the public key, and as such the term “self certification” can be misleading. Since root certificates are distributed with the browsers they can not easily be upgraded. Root key management must in fact follow the pace of browser releases and distribution. Not only must changes be shipped with the next release of the most popular browsers, the users must continuously upgrade their computers with the newest release. If for example public key revocation shall be useful it must be possible to enforce it relatively rapidly. Because this is not possible for root certificates it is in practice not possible to revoke them. The most popular application of digital certificates is presently to establish secure Web connections using the SSL protocol. SSL provides confidentiality and server authentication, with client authentication as an option. Another popular application is email encryption and signing. Digitally encrypting the body of email messages with the recipient’s public key provides confidentiality. Digitally signing the message with the sender’s private key provides sender authentication. A third application is to digitally sign SW components in order to authenticate SW component manufacturers. The security problem users are facing regarding active components such as Java applets and Microsoft's ActiveX components is whether such imported programs can be safely executed. One way this can be solved in Web browsers is to have the components digitally signed by the manufacturer's public key, but this only indicates the SW manufacturer's identity and does in principle not say whether it is safe to let the SW component be executed. Indeed, safe execution of software components requires much more than authentication of the software’s manufacturers and origin. This is a crucial problem with software engineering in general. But it is particularly relevant in e-commerce as software components facilitating electronic transactions on the network are more and more dynamic in nature. In traditional systems, system testing increase the confidence that the system will execute safely. In e-commerce systems, software components come and go dynamically and the opportunity for thorough integration testing lessens if not diminishes. In contrast to Web PKIs, a so-called managed PKI does not distribute root public keys piggybacked with Web browsers, but is based on separate out-of-band procedures managed by the organisation that operates the PKI. This organisation usually operates CA servers from which user certificates can be downloaded. Managed PKIs are operated by an organisation to meet specific needs within the organisation or as a business activity. The organisation will have full control over the trust structure in the PKI hierarchy, but without being Web-born managed PKIs do not easily get global coverage. Managed PKIs can provide high trust and thus be suitable for high value transactions. Organisations operating managed PKIs can decide to, or be enforced by law in a particular country, to establish cross certification to other managed PKIs and in that way create a PKI consisting of several interlinked certification hierarchies. Secure distribution of the root public key is essential for managed PKIs, and a typical solution is to equip each user with a smart card containing the users private key in addition to the root public key.