Roger Clarke's Web-Site
© Xamax Consultancy Pty Ltd, 1995-2017
|Identity Matters||Other Topics||Waltzing Matilda||What's New|
Roger Clarke **
Principal, Xamax Consultancy Pty Ltd, Canberra
Visiting Fellow, Department of Computer Science, Australian National University
Notes for a Panel Session on 'PKI in Health' at the Health Informatics Conference, Canberra, 30 July 2001
Version of 30 July 2001
© Xamax Consultancy Pty Ltd, 2001
This document is at http://www.anu.edu.au/people/Roger.Clarke/EC/PKIHlth01.html
The PowerPoint slides to accompany the presentation are at http://www.anu.edu.au/people/Roger.Clarke/EC/PKIHlth01.ppt
On the Internet, so we're told, 'no-one knows that you're a dog'. But in various circumstances, and with widely varying degrees of justification, some Internet users would like to know:
This is challenging. See Clarke et al. (1998) for an analysis of the difficulties involved in gathering information of evidentiary quality about Internet messages.
During the 1970s, the need was identified for a new form of cryptography called 'asymmetric' or 'public key' cryptography. Mathematicians soon delivered algorithms that satisfied the statement of requirements. This was hailed as a breakthrough in the security of data communications. For a tutorial on cryptography, see Clarke (1996).
Conventional digital signature technologies use public key cryptography. They are claimed to enable individuals to be reliably identified as being the originators of messages. A considerable industry has been built up around the technology.
Regrettably, the emperor of conventional PKI has no clothes; the industry is built on mythology; no-one has built, or is ever likely to build, an effective scheme based on conventional technology; and if they ever did it would be horrendously privacy-invasive.
Many warnings have been issued over the last five years that things were seriously amiss with conventional PKI (e.g. Davis 1996, Greenleaf & Clarke 1997). But it is only during the last year or so that catalogues of the fundamental deficiencies have been widely disseminated. See , Ellison & Schneier (2000a, 2000b), Winn (2001), Clarke (2001).
Here is an outline of some key deficiencies:
Conventional PKI provides the recipient of a message with assurance about nothing more about the identity of the sender than that the device that signed the message had access to a particular private key. Conventional certificates are all-but worthless, and the image of trustworthiness illusory.
Given the extent of their deficiencies, it is unsurprising that very few conventional digital signature schemes have been successfully deployed.
If conventional PKI technologies are applied in the health care sector, some narrowly-based suppliers will manage to survive a bit longer; but it will be to the serious detriment of health care professionals and patients, as projects burn up vast amounts of time, are subject to substantial mid-course corrections, but eventually go down in flames.
Are digital signatures and PKI to be avoided at all costs?
If all you're being offered is conventional, heirarchical technology and architecture, by purveyors and designers bereft of understanding of the real world you work in, then the answer is an emphatic 'yes'. Unfortunately, most suppliers are still peddling the same tired old ideas and products. Leave them to sell to Departments of Defence and the Vatican. (No, that isn't meant to be funny. Those are precisely the kinds of customers that are buying the products; and maybe they're hierarchical enough that conventional technology isn't too bad a fit).
It is entirely possible to abandon the dated and ill-fitted X.509 standard, and the architectural cul de sac that it has led designers into. Alternative approaches exist, in the form of a 'web of trust' among the providers of certificates (long derided by the mainstream industry, but recently re-birthed with institutional approval as 'mesh architecture'), and SPKI / SDSI. Other possibilities include the Account Authority Digital Signature model (AADS), enhanced loginid-and-password schemes (such as one-time passwords stored on a chip-card, which are protected by a biometric), Brandsian certificates and Blazian Trust Management.
What is critical is that designers learn something about stakeholders and their needs before they devise their schemes. They need to have much gentler features such as the following:
I'm listening intently to my fellow-panellists, to gauge the extent to which the appreciation of the non-viability of conventional PKI, and the shape of a tenable future PKI, are coming to be understood.
Clarke R. (1996) 'Message Transmission Security (or 'Cryptography in Plain Text')' Privacy Law & Policy Reporter 3, 2 (May 1996), pp. 24-27, at http://www.anu.edu.au/people/Roger.Clarke/II/CryptoSecy.html
Clarke R. (1998) 'Public Key Infrastructure: Position Statement', May 1998, at http://www.anu.edu.au/people/Roger.Clarke/DV/PKIPosn.html
Clarke R. (2000) 'Privacy Requirements of Public Key Infrastructure' Proc. IIR IT Security Conference, Canberra, 14 March 2000. Republished in Internet Law Bulletin 3, 1 (April 2000) 2-6. Republished in 'Global Electronic Commerce', published by the World Markets Research Centre in collaboration with the UN/ECE's e-Commerce Forum on 'Electronic Commerce for Transition Economies in the Digital Age', 19-20 June 2000, at http://www.anu.edu.au/people/Roger.Clarke/DV/PKI2000.html
Clarke R. (2001) 'The Fundamental Inadequacies of Conventional Public Key Infrastructure' Proc. Conf. ECIS'2001, Bled, Slovenia, 27-29 June 2001 , at http://www.anu.edu.au/people/Roger.Clarke/II/ECIS2001.html
Clarke R., Dempsey G., Ooi C.N. & O'Connor R.F. (1998) 'Technological Aspects of Internet Crime Prevention' Proc. Australian Institute for Criminology's Conference on 'Internet Crime', Melbourne University, 16-17 February 1998, at http://www.anu.edu.au/people/Roger.Clarke/II/ICrimPrev.html
Davis D. (1996) `Compliance Defects in Public-Key Cryptography` Proc. 6th Usenix Security Symp., San Jose CA, 1996, pp.171-178, at http://world.std.com/~dtd/compliance/compliance.pdf
Ellison C. & Schneier B. (2000a) 'Risks of PKI: Electronic Commerce' Inside Risks 116, Commun. ACM 43, 2 (February 2000), at http://www.counterpane.com/insiderisks5.html
Ellison C. & Schneier B. (2000b) 'Ten Risks of PKI: What You're Not Being Told About Public Key Infrastructure' Computer Security Journal, v 16, n 1, 2000, pp. 1-7, at http://www.counterpane.com/pki-risks.html
Greenleaf G.W. & Clarke R. (1997) `Privacy Implications of Digital Signatures', IBC Conference on Digital Signatures, Sydney (March 1997), at http://www.anu.edu.au/people/Roger.Clarke/DV/DigSig.html
Sneddon M. (2000) ,Legal Liability and e-Transactions` National Electronic Authentication Council, Canberra, Australia, August 2000, at http://www.noie.gov.au/publications/NOIE/NEAC/publication_utz1508.pdf
Wheeler L. (1998) 'Account Authority Digital Signature Model (AADS)', at http://www.garlic.com/~lynn/aadsover.htm
Winn J.K. (2001) ,The Emperor's New Clothes: The Shocking Truth About Ditial Signatures and Internet Commerce` forthcoming, Idaho Law Review, 2001, at http://www.smu.edu/~jwinn/shocking-truth.htm
The content and infrastructure for these community service pages are provided by Roger Clarke through his consultancy company, Xamax.
From the site's beginnings in August 1994 until February 2009, the infrastructure was provided by the Australian National University. During that time, the site accumulated close to 30 million hits. It passed 50 million in early 2015.
Sponsored by Bunhybee Grasslands, the extended Clarke Family, Knights of the Spatchcock and their drummer
Xamax Consultancy Pty Ltd
ACN: 002 360 456
78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 6916
Created: 27 July 2001 - Last Amended: 30 July 2001 by Roger Clarke - Site Last Verified: 15 February 2009
This document is at www.rogerclarke.com/EC/PKIHlth01.html