TTP concepts

Information Security Technical Report, Vol. 1, No. 1 (1996) lo-18

TTP Concepts

John Leach, Principal Consultant, Zergo Ltd.

This article introduces the general concept of TTPs, the services that might be provided by TTPs and the benefits that users will gain. The examples described are possible ways in which TTPs might operate and are not intended to be definitive. The contents have been drawn from a Zergo report produced for the UK Department of Trade and Industry (DTI) which examined ways to introduce a Licensing scheme for TTPs in the UK. The material is reproduced with permission from the DTI.

A generalized network of TTPs

The diagram below shows a general network of TTPs linked together and supporting a wide

range of different users. The generalized network of TTPs can be expected to comprise many different TTPs, and many different types of user.

Users could be: ?? Private individuals conducting private

business.

?? Staff within a commercial organization exchanging internal business-related traffic.

?? Customers being supported by the TTP in doing business with the TTP provider or associated company (e.g. bank customers doing electronic banking, with the Bank’s TTP providing the support).

lTP Registration l7P

. , --i i

-.__ . .

< Network of TTPs

GMC-lTP

Publics who are also Solicitors Bank A of Bank A Users Notary Publics Staff

Private Individuals

Figure 1: A schematic of the Network of TTPs

10 0167-4048/96/$15.00 0 1996, Elsevier Science Ltd

TTP Concepts

?? Customers that have asked their Internet Service Provider (ISI’) to provide them with a Virtual Private network (VPN).

?? Commercial organizations exchanging electronic commerce traffic of a wide variety (General E-mail, Enquiries, Proposals, orders and advices, Reports, Bills, Payments, Credit notes, etc.).

?? Individual professionals practising a licensed profession (e.g. solicitors, Notary Publics).

The general scenario is where one user wishes to exchange traffic (possibly personal E-mail, electronic commerce transactions, a client/server session) with another user, for which the traffic may need to have either one or a combination of the following protections: ?? Authentication of the user when a session is

established.

?? Proof of origination of the message.

?? An Electronic Signature on the message.

?? Confidentiality for the message.

The two users would, at a minimum, need to exchange authentication certificates so that they could each be confident of the identity of the other. Depending on the nature of the traffic, they might also wish to establish cryptographic keys for message protection or, if they were about to engage in an electronic transaction, possibly verify the other’s credit line from a bank, or perform some other type of verification.

It is taken as read that each of these requirements can be supported by the exchange between the two parties of suitable certificates that the other

could recognize and verify. Each person’s certificate would be provided to it by the TTP with which they were associated . The two users would exchange their certificates openly over the same communications links they would be using for their electronic traffic.

Just as there will be several different types of user of the network of TTPs, there could be many different types of TTI? Many of those TTPs would serve only their own special community of users whereas others might be more general, for example providing services to the public at large.

Examples of TTPs serving the public at large might include: ?? A Local Government Authority TTP,

certifying a local resident’s public key allowing him or her to sign documents with a unique Electronic Signature.

?? A local Internet Service Provider (ISI?), providing E-mail services for private individuals and issuing each with a certified public key to go with their E-mail address.

Examples of TTPs serving only their own community of users include Registration Bodies such as (UK examples are given): ?? The General Medical Council, which could

run what we might call the GMC-TTP for issuing certificates to registered GPs (family doctors). Registered GPs would be given a certificate signed by the GMC-TTP for their Public Electronic Signature keys. Pharmacists would be able to verify the GP’s signature on a prescription before fulfilling it.

?? The Society of Notary Publics, which could run the SNP-TTP for issuing Electronic Signature certificates to registered Notary Publics (NPs).

Information Security Technical Report, Vol. 1, No. 1 11

TTP Concepts

?? The Law Society, which could run the LS-TTP for issuing certificates to registered solicitors.

?? The Personal Investment Association (HA), which could run the PIA-TTP for issuing certificates to Independent Financial Advisers (IFAs).

One TTP which stands apart from all the other TTPs described so far, is the one shown in Figure 1 as the TTP Registration TTP. If there is to be a licensing scheme for TTPs, one way to effect that within the TTP architecture would be to establish a Registration TTP under the control of which all the other TTPs on the network would operate.

Different types of network

Each TTP would need to be connected to the network of TTPs if it were to support the mutual verification of certificates between people who, for whatever reason, are not connected to the same TTl? But, at the same time, the TTP might wish to support other traffic which needed to remain within a closed group of users, or it might be providing services to only a limited or bounded set of users.

This leads us to consider different types of TTP networks. There could be:

Stand-alone TTPs - where, for example, a corporate might have its own 1st Party TTP to support only its own staff and used only for internal traffic. This stand-alone TTP would not need to be connected to the pqblic network of TTPs as there would be no need for the certificates it issued to be verified outside its domain.

A public network of TTPs - the open worldwide network of TTPs, each able to

recognize certificates issued by any other TTl?

?? Private networks of TTPs - each comprising a sub-set of TTPs where a number of TTPs would form a closed community for the exchange of certain types of traffic.

Possible lTP services and functions

Direct and indirect lTP services

There is a wide range of services that users might want that would lead them to use the network of TTPs. These services are of two fundamentally different types. There are some services which are provided directly by TTPs, and there are others which are enabled by the TTPs, that is they are value-added services offered by some users of the network drawing on the infrastructure support provided by the TTPs.

The services provided directly by the TTPs (in their role as a TTP) all relate to the verification of users and the management and protection of users’ keys (for example, creating certificates for users’ Public Keys, providing a Directory service for public keys, or helping in the secure exchange of secret keys). The value-added services provided by some users of the network all relate to the use by those users of their certified keys (for example, a Notary Public signing a document using his certified key) and should never involve the protection of others’ keys. Some TTPs might choose, themselves, to provide additional value-added services in cooperation with their normal, directly provided TTP services. Indeed, these extra services might well be the primary reason for the operator having established the TTP in the first place, as they might be expected to provide strong opportunities for revenue generation from the TTI? The Bank A TTP shown in Figtlre

12 Information Security Technical Report, Vol. 1, No. 1

TTP Concepts

1 is an example of just this. The Bank, as well as providing the TTP, uses it to support its range of electronic banking services with its customer base.

There are many different services that TTPs could offer. By looking at the functions the TTPs would perform in order to deliver these services, we find that we can categorize TTP services into two classes. These two service classes are the Authentication class (all based on the function of certifying a user’s Public Key) and the Confidentiality class (all based on the function of protecting a user’s secret key material). The TTP always provides some form of Authentication service. It may also provide some form of Confidentiality service, depending on, say, commercial interest. Consequently, we can view the Authentication services as being the fundamental services and the Confidentiality services as being optional further services.

The Authentication class of services

The fundamental function underpinning the Authentication services is the certifying of a user’s Public Key. The user might use this key and its associated Private Key for any of a number of further functions:

Authenticating itself to its correspondents (for example, for any electronic commerce traffic).

Signing value-bearing or critical data (for example, a GP signing a prescription, a bank’s customer sending the bank a funds transfer instruction).

Establishing, exchanging or agreeing a secret key for message or data confidentiality.

In using this function to provide an

Authentication service, the way in which the function is performed by the TTP can be qualified - the TTP is not going to provide Public Key certificates to just anyone who requests them for then the authentication value of the certificate would be nullified.

For example, a method might be that a certificate will be issued by the TTP to a user only after the TTP has verified: ?? The identity of the user, and

?? That the user possesses the Private Key to match the Public Key being certified.

These are necessary and unavoidable steps if the certificate is to carry any authentication value within electronic commerce. Some TTPs might go to greater lengths to verify the user’s identity than others. This would give users greater confidence in the authentication that was implied by the user’s possession of the certificate. Hence, there will be different levels of service according to the strictness of the verification checks employed.

The TTP might also check that other criteria had been satisfied by the user. In the GMC example, the GMC-TTP would check before it generated the certificate that the verified requester was a registered GP and that there was no reason not to issue the GP a certificate. Clearly, the resultant certificate would need to contain sufficient information to demonstrate that that additional check had been performed. For example, it would need to show the GPs registration number as well as his name. Hence, we can conceive of a variety of Authentication services according to the nature of these additional criteria employed.

This idea, of qualifying the certification function according to the levels of proof or check employed, allows us to see how a range of services could be built on the one fundamental


TTP Concepts

function. By varying the level of authentication employed of the user, of the user’s possession of the Private Key, and by introducing any chosen further criteria, the TTP could provide any of the following services: ?? A basic level of user authentication service.

?? A stronger level of user authentication service.

. A key certification service for licensed professionals.

?? An electronic Credit Guarantee to support multi-million dollar global trades.

In this way we can see how the idea of an Authentication service might manifest itself in any number of actual services delivered to different communities of user according to the commercial interest of the provider. These different flavours of the basic service provide the necessary opportunities for differentiation between commercially provided TTPs.

An issue still to be addressed is the revocation of key certificates.

The Confidentiality class of services

A similar discussion could be had for the Confidentiality services. These services involve the TTP providing some form of protection for the user’s secret key material. They differ fundamentally from the Authentication services, where the TTP is providing only integrity protection of the user‘s non-secret key material. Here, the TTP is providing a different type of protection, mainly confidentiality protection, for the user’s secret key material.

The primary context for the Confidentiality services is the desire to support a Key Recovery scheme. Exactly how the TTP obtains the user’s secret key material, what that key material is

(the user’s entire secret key or just a fragment of it), how it protects it, the conditions under which it releases it, and so forth, will depend upon the particular type of Key Recovery scheme being supported.

Key or Data Recovery, as a set of functions performed by a TTP according to a particular Key Recovery scheme for an authorized law enforcement agency (LEA) in support of a warranted interception, must be distinguished from the possible service provided by a TTP to paying users to enable them, for example, to recover keys after equipment failure or to access the keys used by individual members of staff. Given its established use, the term Key Recovery should be reserved for the former item. Key Backup can be used for the latter.

Examples of lTP-based services

A TTP can provide the following services directly: ?? A Baseline Authentication Service.

?? Advanced Authentication Services, and

?? Confidentiality Services.

It may also provide further services capitalizing upon its role as a TTP: ?? Value-Added Services.

Baseline Authentication service

Here the TTP would be vouching for the identity of the user. It would be saying that the holder of the Private Key associated with the certified Public Key is believed with whatever level of confidence to be the user named in the certificate. In this service, the TTP might also qualify the use to which the Public/ Private key pair may be put. For example, it may state in some form within the certificate that the key pair


TTP Concepts

may be used only for the creation and verification of electronic signatures and may not be used for the exchange of secret confidentiality keys.

Examples of this service would include: ?? Providing the user with a certificate for use

with general E-mail.

?? Certifying the user’s general-purpose Electronic Signature keys.

In addition, the TTP may offer: ?? Directory services for users’ Public Keys.

?? Key Generation for users that are not equipped or minded to generate their own keys.

Advanced Authentication services

Here the TTP would be vouching for the identity of the user and saying that, because the user had satisfied further specified criteria, the user is permitted to use a particular Public/Private key pair to conduct specified further business. Examples include:

The user might have satisfied the criteria for practising as a Notary Public. Then the TTP would be saying that the user is permitted to use the Public/Private Key pair to conduct its profession as a Notary Public.

The user might be known as a member of staff of a particular corporate entity. Then the TTP could be saying that the user is permitted to use the Public/Private key pair to authenticate itself and gain access to that corporate’s VPN.

The user might have reached a certain level of seniority within his organization. Then the TTP would be saying that the user is

permitted to use its Public/Private key pair to sign off or authorise orders to a given threshold value.

?? The user might have satisfied the criteria for an unsecured credit line. Then the TTP would be saying that the user is permitted to incur charges up to a value with the TTP providing a credit guarantee to that level of liability

TTP Confidentiality services

Here, depending on the Key Recovery scheme in use, the TTP might be: ?? Providing trusted generation of the user’s

secret key according to the rules of the scheme.

?? Secure storage for the user’s secret key.

?? The controlled disclosure of the user’s secret key.

The TTP might, depending on the scheme, also be reflecting the entitlement of the user to employ certain types of data confidentiality mechanisms. The user’s public key certificate would specify the Key Recovery scheme and encryption algorithms that the key is permitted to be used with. For example, in the context of the Royal Holloway / Vodafone Key Recovery scheme (see article by Chris Mitchell in the Report) the certificate would state that the public key referred to in the certificate is the user’s Public Send Key and that the corresponding Private Send Key has been generated and is controlled according to the rules specified by the scheme. The certificate would also state that the Public / Private Send Key pair may be used to agree symmetric Send encryption keys for use with only a specified encryption algorithm.


TTP Concepts

The value-added services

There are very many value-added services that could be provided on the back of the TTP infrastructure and we can but provide a hint of the diversity of these. For some of these, the Trusted Intermediate User will have been given a certificate for his public key having satisfied the TTP that he is, as necessary, a qualified and registered professional. The user would then be permitted to use his Public/Private key pair in the execution of his profession. For many, if not all of the examples, the user will use the key pair to sign documents in the context of his profession. For some services, that is all that is required: .

.

.

.

.

.

.

.

.

.

.

.

Prescriptions (for a Doctor).

Affidavits (for a NP).

Engineering Reports (for a Chartered Engineer).

Financial advice (for a registered advisor).

Birth certificates (for a Registrar of Births).

School reports (for a teacher).

Wedding certificates (for a Registrar of Marriages).

Social Security Entitlements (for the Welfare Officer).

Death Certificates (for a Doctor or Coroner).

Passports (for a Consular Official).

Firearms Licences (for a Police Officer).

Probation Reports (for a Probation Officer).

?? Golf Club Handicap Certificates (for the golf club Professional).

For other services, the service provider will perform other functions in addition, such as: ?? Secure File Storage and Retrieval.

?? Time Stamping (e.g. of Tax returns, patent applications, tender submissions).

?? Controlled Dissemination of information.

?? Trusted event archival.

. and so forth.

User benefits

The user benefits come both directly and indirectly from the services provided by the TTPs or Trusted Intermediate Users. (Indirect benefits include such things as improved response times to customer needs, cheaper and more efficient exchange of documents, the general enhancement to the growth in GNP). These will be the drivers for the TTP services that emerge. These will identify which areas of activity are likely to lead to commercially operated TTPs coming into existence. They will also help in identifying when the logic of the application will lead to the creation of stand-alone TTPs and when it will lead to TTPs connecting together to form a TTP network.

In the following we shall consider first the interests of the business user engaging in Electronic commerce rather than the private user engaging in private correspondence. This is because these are likely to be the stronger drivers for the emergence of commercial TTP services.

There are many possible benefits that a business user engaging in electronic commerce might


TTP Concepts

want to obtain from a TTP, depending on the context in which the user purchases the services.

From the Baseline Authentication service

Confidence in the identity of the counterparty - protection against spoofing or masquerade.

?? For the licensed professionals acting as Trusted Intermediate Users, there are the general benefits that arise from the greater use of IT within their business areas (faster and cheaper conveyancing for solicitors, faster document exchange for NPs, speedier conclusion of contracts or deals, etc.).

From the Confidentiality services

Confidence that the counterparty is able to authenticate the user and should not, in error, misdirect important traffic intended for the user to someone else, act on a fraudulent business instruction, or refuse to provide the user with a desired or needed service.

?? Access to stronger levels of confidentiality algorithms and higher levels of confidence that sensitive data will not be disclosed in transit between counterparties increasingly required given the increasing reliance on sophisticated networking to stay ahead of competitive pressures).

Convenience - where an electronic link for commerce or private correspondence is more convenient than paper-based methods.

?? Access to a Key Management infrastructure that will allow the user to establish secret confidentiality keys with the intended correspondent.

Improved use of IT and electronic ??

communications (authentication will be Protection against lost private keys or the

essential if UK Plc is to realize the benefits user’s staff misusing the crypt0 tools

of IT). provided to them for their own private (criminal or otherwise) ends.

From the Advanced Authentication service

?? Confidence that the counterparty will behave in a business-like manner to certain standards (perhaps that the counterparty has achieved IS0 9000 standards or complies with BS 7799, or that it has no prior conviction for shady commercial practice.)

?? Confidence in the authority of the second party to act as it does (e.g. that it is in fact a registered professional if it needs to be).

?? Confidence in the firmness of an order (that the order has been authorized by a Director empowered to bind his company, etc.).

From the value-added services

?? Confidence in the dependability of the presented document (e.g. that the document -for example a contract-has been signed by someone with the authority to commit the counterparty).

?? Reliable and secure storage - escrow but for files, audit trails or evidence (rather than for cryptographic keys).

?? Trusted timestamps or proofs (e.g. on time-critical tenders).

?? Arbitration - a reliable means to resolve disputes between counterparties.


TTP Concepts

?? Credit guarantees to underpin electronic trade between unfamiliar counterparties (the electronic Letter of Credit).

. and so on.

There are still many issues to be resolved, and solutions will evolve as experiences are gained and working models develop. Practicalities relating to legal, regulatory and commercial issues will have to be tackled. A balance must be found between the freedom required by individuals, and the needs of law enforcement agencies.


TTP concepts

Documents

Transcript of TTP concepts