1. Identity and Authentication: A computer scientist looks at the analogue world James Davenport Hebron & Medlock Professor of Information Technology University of Bath (U.K.) 10 November 2010

2. Thesis Cryptography is very concerned (and rightly so!) with issues like 3. Thesis Cryptography is very concerned (and rightly so!) with issues like Correctness 4. Thesis Cryptography is very concerned (and rightly so!) with issues like Correctness Provability 5. Thesis Cryptography is very concerned (and rightly so!) with issues like Correctness Provability Revocation 6. Thesis Cryptography is very concerned (and rightly so!) with issues like Correctness Provability Revocation Non-repudiability and so on 7. Thesis Cryptography is very concerned (and rightly so!) with issues like Correctness Provability Revocation Non-repudiability and so on 8. Thesis Cryptography is very concerned (and rightly so!) with issues like Correctness Provability Revocation Non-repudiability and so on What happens if we look at the analogue world around us this way? 9. Signatures/ Seals/ . . . For people, signatures have largely replaced seals in the West, whereas in other cultures personal seals are much more common 10. Signatures/ Seals/ . . . For people, signatures have largely replaced seals in the West, whereas in other cultures personal seals are much more common By cryptographic standards, both are easy to forge, or dispute 11. Signatures/ Seals/ . . . For people, signatures have largely replaced seals in the West, whereas in other cultures personal seals are much more common By cryptographic standards, both are easy to forge, or dispute Professional document examiners have a 6.5% error rate (at least) 12. Signatures/ Seals/ . . . For people, signatures have largely replaced seals in the West, whereas in other cultures personal seals are much more common By cryptographic standards, both are easy to forge, or dispute Professional document examiners have a 6.5% error rate (at least) we have a very weak biometric mechanism that works fairly well in practice [Anderson] 13. Signatures/ Seals/ . . . For people, signatures have largely replaced seals in the West, whereas in other cultures personal seals are much more common By cryptographic standards, both are easy to forge, or dispute Professional document examiners have a 6.5% error rate (at least) we have a very weak biometric mechanism that works fairly well in practice [Anderson] It is comparatively rare for signatures to be disputed in court: essentially a combination of context, and retrospective investigation 14. [English] Common Law 15. [English] Common Law A contract is just an accepted oer 16. [English] Common Law A contract is just an accepted oer Example: shop putting coee on shelf at 2 is an oer; customer bringing it to the checkout is an acceptance 17. [English] Common Law A contract is just an accepted oer Example: shop putting coee on shelf at 2 is an oer; customer bringing it to the checkout is an acceptance (Contrary to belief, there is no special law its the price on the shelf, not the price in the computer, that counts) 18. [English] Common Law A contract is just an accepted oer Example: shop putting coee on shelf at 2 is an oer; customer bringing it to the checkout is an acceptance (Contrary to belief, there is no special law its the price on the shelf, not the price in the computer, that counts) Note that nothing is in writing 19. [English] Common Law A contract is just an accepted oer Example: shop putting coee on shelf at 2 is an oer; customer bringing it to the checkout is an acceptance (Contrary to belief, there is no special law its the price on the shelf, not the price in the computer, that counts) Note that nothing is in writing An exchange of ASCII e-mails can constitute a contract 20. [English] Common Law A contract is just an accepted oer Example: shop putting coee on shelf at 2 is an oer; customer bringing it to the checkout is an acceptance (Contrary to belief, there is no special law its the price on the shelf, not the price in the computer, that counts) Note that nothing is in writing An exchange of ASCII e-mails can constitute a contract If cryptography is necessary to make email contracts legal, then we ask more of digital media than we do of its predecessors [Wright1994] 21. Is this the death of cryptography? 22. Is this the death of cryptography? Of course not! 23. Is this the death of cryptography? Of course not! Cryptography may not be necessary, but it may be very useful 24. Is this the death of cryptography? Of course not! Cryptography may not be necessary, but it may be very useful Just because I make you an oer does not mean that I can, or intend to carry it out 25. Is this the death of cryptography? Of course not! Cryptography may not be necessary, but it may be very useful Just because I make you an oer does not mean that I can, or intend to carry it out (Ask anyone whos purchased Viagra on the Internet!) 26. Is this the death of cryptography? Of course not! Cryptography may not be necessary, but it may be very useful Just because I make you an oer does not mean that I can, or intend to carry it out (Ask anyone whos purchased Viagra on the Internet!) Human face-to-face contracts rely heavily on implicit trust 27. Is this the death of cryptography? Of course not! Cryptography may not be necessary, but it may be very useful Just because I make you an oer does not mean that I can, or intend to carry it out (Ask anyone whos purchased Viagra on the Internet!) Human face-to-face contracts rely heavily on implicit trust, which is the main problem with all distance transactions (not necessarily Internet) hence the U.S. term wire fraud 28. Why, then, signatures? 29. Why, then, signatures? Essentially, to create a connection between the oeror and the oer (acceptor and acceptance) 30. Why, then, signatures? Essentially, to create a connection between the oeror and the oer (acceptor and acceptance) The less physical the contract, the more important this becomes 31. Why, then, signatures? Essentially, to create a connection between the oeror and the oer (acceptor and acceptance) The less physical the contract, the more important this becomes There are other reasons: English law requires the transfer of land to be in a special form in writing 32. Why, then, signatures? Essentially, to create a connection between the oeror and the oer (acceptor and acceptance) The less physical the contract, the more important this becomes There are other reasons: English law requires the transfer of land to be in a special form in writing so that it can be taxed 4% 33. Why, then, signatures? Essentially, to create a connection between the oeror and the oer (acceptor and acceptance) The less physical the contract, the more important this becomes There are other reasons: English law requires the transfer of land to be in a special form in writing so that it can be taxed 4% Its also very important when the oeror/acceptor is compound 34. Why, then, signatures? Essentially, to create a connection between the oeror and the oer (acceptor and acceptance) The less physical the contract, the more important this becomes There are other reasons: English law requires the transfer of land to be in a special form in writing so that it can be taxed 4% Its also very important when the oeror/acceptor is compound: what doe sit mean for a University to oer, or accept? 35. Statutes: 17.27 To select a Seal and a Mace for the University and to have the sole custody and use of the Seal and under detailed provisions to be contained in the Ordinances to provide that the use of the Seal and its witnessing or the execution of deeds on behalf of the University by Ocers of the University and those persons nominated by the Council for this purpose may be dealt with as if the University was a Company incorporated under the provisions of the Companies Act 1985 or under any legislation in substitution therefor and in accordance with any resolution of the Council relating to the use of the Seal or the execution of deeds 36. 27. USE OF THE SEAL OF THE UNIVERSITY In accordance with the provisions of Section 17.27 of the Statutes, power to affix the Seal of the University to a document may be exercised and witnessed either by two Members of the Council of the University or by one Member of the Council and the University Secretary (or, in the absence of the University Secretary, the Vice- Chancellor or Director of Finance). The Academic Registrar shall maintain a register of documents sealed in the name of the University under the terms of this Ordinance showing: (i) the identity of the document; (ii) the date the document was sealed; (iii) the names of the persons witnessing the use of the Seal in the name of the University and shall report each such transaction to Finance Committee on behalf of Council. Approved by Council 1st August 2010 37. 27. USE OF THE SEAL OF THE UNIVERSITY In accordance with the provisions of Section 17.27 of the Statutes, power to affix the Seal of the University to a document may be exercised and witnessed either by two Members of the Council of the University or by one Member of the Council and the University Secretary (or, in the absence of the University Secretary, the Vice- Chancellor or Director of Finance). The Academic Registrar shall maintain a register of documents sealed in the name of the University under the terms of this Ordinance showing: (i) the identity of the document; (ii) the date the document was sealed; (iii) the names of the persons witnessing the use of the Seal in the name of the University and shall report each such transaction to Finance Committee on behalf of Council. Approved by Council 1st August 2010 38. Formally, this is a mess 39. Formally, this is a mess How do I know what the seal of the University looks like? 40. Formally, this is a mess How do I know what the seal of the University looks like? How do I know who the members of Council are? 41. Formally, this is a mess How do I know what the seal of the University looks like? How do I know who the members of Council are? How do I know who the University Secretary is? 42. Formally, this is a mess How do I know what the seal of the University looks like? How do I know who the members of Council are? How do I know who the University Secretary is? How do I know who the Directorof Finance is? 43. Formally, this is a mess How do I know what the seal of the University looks like? How do I know who the members of Council are? How do I know who the University Secretary is? How do I know who the Directorof Finance is? How do I know the University Secretary is absent? 44. Formally, this is a mess How do I know what the seal of the University looks like? How do I know who the members of Council are? How do I know who the University Secretary is? How do I know who the Directorof Finance is? How do I know the University Secretary is absent? How do I know what their signatures are? 45. Formally, this is a mess How do I know what the seal of the University looks like? How do I know who the members of Council are? How do I know who the University Secretary is? How do I know who the Directorof Finance is? How do I know the University Secretary is absent? How do I know what their signatures are? 46. Formally, this is a mess How do I know what the seal of the University looks like? How do I know who the members of Council are? How do I know who the University Secretary is? How do I know who the Directorof Finance is? How do I know the University Secretary is absent? How do I know what their signatures are? Note that the same objections could be raised about the other company 47. Formally, this is a mess How do I know what the seal of the University looks like? How do I know who the members of Council are? How do I know who the University Secretary is? How do I know who the Directorof Finance is? How do I know the University Secretary is absent? How do I know what their signatures are? Note that the same objections could be raised about the other company, though the names of the Directors are on record 48. Formally, this is a mess How do I know what the seal of the University looks like? How do I know who the members of Council are? How do I know who the University Secretary is? How do I know who the Directorof Finance is? How do I know the University Secretary is absent? How do I know what their signatures are? Note that the same objections could be raised about the other company, though the names of the Directors are on record The point of this is to establish intention 49. If we did want to use Cryptography 50. If we did want to use Cryptography Member of Council probably an attribute 51. If we did want to use Cryptography Member of Council probably an attribute University Secretary probably an attribute 52. If we did want to use Cryptography Member of Council probably an attribute University Secretary probably an attribute Director of Finance probably an attribute 53. If we did want to use Cryptography Member of Council probably an attribute University Secretary probably an attribute Director of Finance probably an attribute 54. If we did want to use Cryptography Member of Council probably an attribute University Secretary probably an attribute Director of Finance probably an attribute Then attribute mechanisms [see Khader] can handle ( ) ( ) 55. If we did want to use Cryptography Member of Council probably an attribute University Secretary probably an attribute Director of Finance probably an attribute Then attribute mechanisms [see Khader] can handle ( ) ( ), but is currently an unsolved problem 56. If we did want to use Cryptography Member of Council probably an attribute University Secretary probably an attribute Director of Finance probably an attribute Then attribute mechanisms [see Khader] can handle ( ) ( ), but is currently an unsolved problem However, is it worth it? 57. In fact, many signatures are really attributes 58. In fact, many signatures are really attributes An order to issue rum to a unit must be signed by an ocer in the chain of command above the unit and by a doctor [Queens Regulations] 59. In fact, many signatures are really attributes An order to issue rum to a unit must be signed by an ocer in the chain of command above the unit and by a doctor [Queens Regulations] The form is in triplicate: 60. In fact, many signatures are really attributes An order to issue rum to a unit must be signed by an ocer in the chain of command above the unit and by a doctor [Queens Regulations] The form is in triplicate: 1 Unit records 61. In fact, many signatures are really attributes An order to issue rum to a unit must be signed by an ocer in the chain of command above the unit and by a doctor [Queens Regulations] The form is in triplicate: 1 Unit records 2 Stores depot (for the issue) 62. In fact, many signatures are really attributes An order to issue rum to a unit must be signed by an ocer in the chain of command above the unit and by a doctor [Queens Regulations] The form is in triplicate: 1 Unit records 2 Stores depot (for the issue) 3 Medical Corps records 63. In fact, many signatures are really attributes An order to issue rum to a unit must be signed by an ocer in the chain of command above the unit and by a doctor [Queens Regulations] The form is in triplicate: 1 Unit records 2 Stores depot (for the issue) 3 Medical Corps records 64. In fact, many signatures are really attributes An order to issue rum to a unit must be signed by an ocer in the chain of command above the unit and by a doctor [Queens Regulations] The form is in triplicate: 1 Unit records 2 Stores depot (for the issue) 3 Medical Corps records In fact the (paper) order is malleable 65. In fact, many signatures are really attributes An order to issue rum to a unit must be signed by an ocer in the chain of command above the unit and by a doctor [Queens Regulations] The form is in triplicate: 1 Unit records 2 Stores depot (for the issue) 3 Medical Corps records In fact the (paper) order is malleable, JHD signed 1 and 2, the unit got the rum, and the (medical) doctor signed 3 later 66. In fact, many signatures are really attributes An order to issue rum to a unit must be signed by an ocer in the chain of command above the unit and by a doctor [Queens Regulations] The form is in triplicate: 1 Unit records 2 Stores depot (for the issue) 3 Medical Corps records In fact the (paper) order is malleable, JHD signed 1 and 2, the unit got the rum, and the (medical) doctor signed 3 later There are inconsistent forms in the system, but no suspicions were raised 67. How does one establish/verify attributes? 68. How does one establish/verify attributes? The attribute ability to cast Xs vote in person 69. How does one establish/verify attributes? The attribute ability to cast Xs vote in person Note that votes can only be cast at Xs polling station (normally based on where X lives) 70. How does one establish/verify attributes? The attribute ability to cast Xs vote in person Note that votes can only be cast at Xs polling station (normally based on where X lives) A Claim to be X. If you have Xs polling card (sent by post) and arent implausible (e.g. wrong sex) this is trivial 71. How does one establish/verify attributes? The attribute ability to cast Xs vote in person Note that votes can only be cast at Xs polling station (normally based on where X lives) A Claim to be X. If you have Xs polling card (sent by post) and arent implausible (e.g. wrong sex) this is trivial If you dont have the polling card, it requires knowing address, and possibly more 72. How does one establish/verify attributes? The attribute ability to cast Xs vote in person Note that votes can only be cast at Xs polling station (normally based on where X lives) A Claim to be X. If you have Xs polling card (sent by post) and arent implausible (e.g. wrong sex) this is trivial If you dont have the polling card, it requires knowing address, and possibly more If the real X turns up later, theres an investigation, and your ballot found and removed 73. How does one establish/verify attributes? The attribute ability to cast Xs vote in person Note that votes can only be cast at Xs polling station (normally based on where X lives) A Claim to be X. If you have Xs polling card (sent by post) and arent implausible (e.g. wrong sex) this is trivial If you dont have the polling card, it requires knowing address, and possibly more If the real X turns up later, theres an investigation, and your ballot found and removed B Get a proxy vote. Write in, saying I, X, am currently at Y, please send me a proxy form. There is then some to/fro with forms, and you have a form saying Z is allowed to vote as Xs proxy 74. How does one establish/verify attributes? The attribute ability to cast Xs vote in person Note that votes can only be cast at Xs polling station (normally based on where X lives) A Claim to be X. If you have Xs polling card (sent by post) and arent implausible (e.g. wrong sex) this is trivial If you dont have the polling card, it requires knowing address, and possibly more If the real X turns up later, theres an investigation, and your ballot found and removed B Get a proxy vote. Write in, saying I, X, am currently at Y, please send me a proxy form. There is then some to/fro with forms, and you have a form saying Z is allowed to vote as Xs proxy You need to forge Xs signature on the forms, but no-one has a master to check it against! 75. How does one establish/verify attributes? The attribute ability to cast Xs vote in person Note that votes can only be cast at Xs polling station (normally based on where X lives) A Claim to be X. If you have Xs polling card (sent by post) and arent implausible (e.g. wrong sex) this is trivial If you dont have the polling card, it requires knowing address, and possibly more If the real X turns up later, theres an investigation, and your ballot found and removed B Get a proxy vote. Write in, saying I, X, am currently at Y, please send me a proxy form. There is then some to/fro with forms, and you have a form saying Z is allowed to vote as Xs proxy You need to forge Xs signature on the forms, but no-one has a master to check it against! Again, an investigation if X turns up later 76. Voting continued 77. Voting continued However, the proxy has to turn up at Xs polling station 78. Voting continued However, the proxy has to turn up at Xs polling station You can get round this with a postal proxy 79. Voting continued However, the proxy has to turn up at Xs polling station You can get round this with a postal proxy, but why bother, just use postal votes 80. Voting continued However, the proxy has to turn up at Xs polling station You can get round this with a postal proxy, but why bother, just use postal votes sack loads of postal votes were driven to a vote-rigging factory 81. Voting continued However, the proxy has to turn up at Xs polling station You can get round this with a postal proxy, but why bother, just use postal votes sack loads of postal votes were driven to a vote-rigging factory . . . A box of postal ballots also mysteriously appeared at a count 82. Voting continued However, the proxy has to turn up at Xs polling station You can get round this with a postal proxy, but why bother, just use postal votes sack loads of postal votes were driven to a vote-rigging factory . . . A box of postal ballots also mysteriously appeared at a count . . . the postal voting system was wide open to criminals 83. Voting continued However, the proxy has to turn up at Xs polling station You can get round this with a postal proxy, but why bother, just use postal votes sack loads of postal votes were driven to a vote-rigging factory . . . A box of postal ballots also mysteriously appeared at a count . . . the postal voting system was wide open to criminals http://news.bbc.co.uk/2/hi/uk_news/politics/election_ 2010/england/8649379.stm 84. Voting continued However, the proxy has to turn up at Xs polling station You can get round this with a postal proxy, but why bother, just use postal votes sack loads of postal votes were driven to a vote-rigging factory . . . A box of postal ballots also mysteriously appeared at a count . . . the postal voting system was wide open to criminals http://news.bbc.co.uk/2/hi/uk_news/politics/election_ 2010/england/8649379.stm More than 30 allegations of postal vote irregularities have been reported to police forces in England [2010] 85. UK Voting Summary As with so much else, we have a system based on neighbourhoods and physical interaction, which is 86. UK Voting Summary As with so much else, we have a system based on neighbourhoods and physical interaction, which is Easy to use One has to wonder how long this can continue 87. UK Voting Summary As with so much else, we have a system based on neighbourhoods and physical interaction, which is Easy to use Easy to abuse One has to wonder how long this can continue 88. UK Voting Summary As with so much else, we have a system based on neighbourhoods and physical interaction, which is Easy to use Easy to abuse reliant on detection One has to wonder how long this can continue 89. UK Voting Summary As with so much else, we have a system based on neighbourhoods and physical interaction, which is Easy to use Easy to abuse reliant on detection which is rare except in blatant cases One has to wonder how long this can continue 90. Other sorts of attributes If a student asks for a reference, I write one 91. Other sorts of attributes If a student asks for a reference, I write one generally on laser-printed letterhead 92. Other sorts of attributes If a student asks for a reference, I write one generally on laser-printed letterhead and often faxed or e-mailed 93. Other sorts of attributes If a student asks for a reference, I write one generally on laser-printed letterhead and often faxed or e-mailed hence no physical clues 94. Other sorts of attributes If a student asks for a reference, I write one generally on laser-printed letterhead and often faxed or e-mailed hence no physical clues and anyway, does the recipient know me 95. Other sorts of attributes If a student asks for a reference, I write one generally on laser-printed letterhead and often faxed or e-mailed hence no physical clues and anyway, does the recipient know me or know my signature? 96. Other sorts of attributes If a student asks for a reference, I write one generally on laser-printed letterhead and often faxed or e-mailed hence no physical clues and anyway, does the recipient know me or know my signature? 97. Other sorts of attributes If a student asks for a reference, I write one generally on laser-printed letterhead and often faxed or e-mailed hence no physical clues and anyway, does the recipient know me or know my signature? Again, the reference culture is based on detection and investigation, and works because theres a physical person in the job 98. Other sorts of attributes If a student asks for a reference, I write one generally on laser-printed letterhead and often faxed or e-mailed hence no physical clues and anyway, does the recipient know me or know my signature? Again, the reference culture is based on detection and investigation, and works because theres a physical person in the job If they can do the job, who cares? If they cant, nding a forged reference or lie on CV is the easiest way to sack them 99. Conclusions 100. Conclusions The physical world has a presumption of honesty (just like the early Internet) 101. Conclusions The physical world has a presumption of honesty (just like the early Internet) (specic sub-areas, e.g. ATM, credit cards, have own rules) 102. Conclusions The physical world has a presumption of honesty (just like the early Internet) (specic sub-areas, e.g. ATM, credit cards, have own rules) This is enforced largely by fear of punishment 103. Conclusions The physical world has a presumption of honesty (just like the early Internet) (specic sub-areas, e.g. ATM, credit cards, have own rules) This is enforced largely by fear of punishment which relies on feasibility of punishment, generally through physical presence 104. Conclusions The physical world has a presumption of honesty (just like the early Internet) (specic sub-areas, e.g. ATM, credit cards, have own rules) This is enforced largely by fear of punishment which relies on feasibility of punishment, generally through physical presence 105. Conclusions The physical world has a presumption of honesty (just like the early Internet) (specic sub-areas, e.g. ATM, credit cards, have own rules) This is enforced largely by fear of punishment which relies on feasibility of punishment, generally through physical presence This world model sits ill with Formal Methods 106. Conclusions The physical world has a presumption of honesty (just like the early Internet) (specic sub-areas, e.g. ATM, credit cards, have own rules) This is enforced largely by fear of punishment which relies on feasibility of punishment, generally through physical presence This world model sits ill with Formal Methods, and even less well with the cryptographic mindset