Building Trust in Digital Identities - European Commission Building Trust in Digital Identities Secure

  • View
    1

  • Download
    0

Embed Size (px)

Text of Building Trust in Digital Identities - European Commission Building Trust in Digital Identities...

  • Building Trust in Digital Identities

    Secure Digital identities for a Digital Single Market in Europe

    Frederic Jacobs

  • What is trust?

    “the willingness of a party to be vulnerable to the actions of another party based on the expectation

    that the other will perform a particular action important to the trustor, irrespective of the agility to

    monitor or control that other party”

    (Mayer et al., 1995)

  • What is trust?

    “the willingness of a party to be vulnerable to the actions of another party based on the expectation

    that the other will perform a particular action important to the trustor, irrespective of the agility to

    monitor or control that other party”

    (Mayer et al., 1995)

  • Trusting is accepting some vulnerability

  • Major Concerns Related to Online Privacy and Security Risks,

    Percent of Households with Internet Users, 2015

    Source: NTIA - US Dept of Commerce

    https://www.ntia.doc.gov/blog/2016/lack-trust-internet-privacy-and-security-may-deter-economic-and-other-online-activities

  • Eurobarometer on Data Protection

    Source: European Commission Special Eurobarometer 431

    http://www.apple.com

  • Threat Modeling • Is the eventual risk of compromise not outbalancing

    the advantages yielded by the trust relationship?

    • Can I mitigate misplaced trust?

    • Maybe there is an entity I trust enough? (Centralized)

    • Maybe trust should be distributed to a quorum? (Federated)

    • Maybe trust should be completely distributed without central nodes? (Decentralized)

  • What enables trust?

  • User Experience

  • Social Engineering Trust

  • Warning fatigue

  • –Russian proverb taught by Suzanne Massie to Ronald Reagan

    “Доверяй, но проверяй” (trust, but verify)

  • Standards • Security Management Standards

    • ISO27K, IETF RFC 2196, NIST 800-53, BSI 100-1, BSI 100-3

    • Technical Security Standards

    • AES, TLS, RADIUS, OpenID

    • Vulnerability Management Standards

    • ITU-T X.1520, CVE

    • Security Assurance Standards

    • ISO 15408

    • Regional and Domain-specific Standards

  • Compliance & Security • Getting compliance on software updates takes

    time. Meanwhile .gov or hospitals might be vulnerable

    • Data localization doesn’t matter. Where are the keys stored?

    • Are standards kept up-to-date?

    • Studies show that password policies (rotation, restrictions …) make users less secure

  • Audits / Penetration Testing

    • How effective? Hard to say

    • Usually, easy to find the low-hanging fruit. Raising costs for attacker to find vulnerabilities

    • Most large tech companies have a “red team” that is constantly looking for vulnerabilities before the “bad guys” find them

  • Open-Source • Software being open-source enables easier third-

    party auditing of the software by security researchers and academics

    • Why easier?

    • No need for reverse engineering

    • Builds can be instrumented for analysis techniques (such as static analysis, fuzzing, constraint solving…)

  • Funding OSS as critical infrastructure

    • Important to identify and support open-source software that constitutes critical infrastructure for the EU

    • EU-FOSSA: Pilot Project for auditing of Open Source Software at the European Institutions

  • Reproducible Builds

    • What good is it that the source code of an application is online if it can’t be reproduced?

    • Reproducibility efforts supported by (containerized) deterministic build processes

  • Key Transparency • Certificate transparency

    holds certificate authorities accountable

    • Can be applied in other areas including software updates, end-to-end encrypted messaging (CONIKS) …

    • Distributed ledger community is working on solving similar problems

  • –Vladimir Lenin

    “Trust is good, control is better”

  • End-to-end Encryption

    ✉ “Trust us, we won’t read or mine your chats.”

    ✉🔒 “You don’t have to trust us, we can’t read your chats”

  • Zero-Knowledge Systems “we know nothing about the encrypted data you

    store on our servers”

  • Formally verified software • Advances in formal methods helps us build safer

    software that operates matching a given formal specification

    • Still out of reach for large & fast-moving code bases

  • Proofs and Voting Can we trust them?

    • Let’s assume we have a formally verified implementation of a voting protocol that comes with strong security proofs

    • Should we be using it?

    • Lack of widespread understanding of how the voting system fundamentally works

    • “The election is gonna be rigged” feeling

    • There might be lower-level attacks

    • Does it run in a trusted environment?

    • How do we verify the silicon?

  • Thanks.

    Contact: me@fredericjacobs.com

    mailto:me@fredericjacobs.com