GW vs E2E Security. Was: Call for input: Asia PKIF Forum Panel Discussion

["Anders Rundgren" <anders.rundgren@telia.com>]

>I have to say that I think you construct a caricature of security, then
>shoot it down, and then extrapolate to reach some fairly extreme
>conclusions!  

Stephen,

This must be a compilation on many other messages because the question to the Asian PKI forum was not that exciting :-)

 

Anyway, your response contains a theme worth commenting on as it is really a thing that to date has been poorly analyzed in general.

 

Secure e-mail, a caricature of security

If I would ever use the phrase caricature of security, I would refer to the security architecture for Internet mail.   The deficiency of this model have costed, and is still costing businesses over the world, many billions of dollars lost yearly, due to spam, viruses and phishing.

Most of the problems above, would have been thwarted in their infancy if the architects behind secure e-mail had realized the difference between a limited set of mutually trusted government agencies and the billion+ users now on the Internet. 

 

As hardly nobody on the entire planet could have guessed this development, I think it would be highly incorrect to blame the authors of S/MIME for this situation.  However, it is equally incorrect not to acknowledge this situation and ways of dealing with it. 

 

Solving e-mail security step by step

It might be of interest to know that "Internet-scale" companies Yahoo and Cisco have teamed-up to create a new e-mail security model not based on E2E security.   It will certainly not cure all problems we have today (too late), but it is based on a domain signature scheme that will allow stepwise improvements instead of the "flag-day" syndrome imposed by the end-to-end approach.

 

GW/E2E security in enterprise transactions
>I agree with you Anders that a great many enterprise transactions are best
>secured at the gateway (especially from an encryption point of view). 
>This is a good model indeed, but not the only one, and not a "competitor"
>to end-to-end security.

Regarding "competition", may I repeat my request (that I have also forwarded to the organizers of PKI Workshop 2006)?  I have to date not seen a single description of an existing end-to-end secured multi-user purchasing system, which I claim is because there probably is no such system.  If I'm wrong I would like to get some evidence of this including reasonably clear descriptions on how messages are secured between the large number of parties that are involved in such processes.  Since the purchasing process actually can be mapped to many other multi-party processes, I feel this is a generic issue.

 

BTW, there are IMHO at least as many reasons for using GW signatures as there are for using GW encryption.  In the B2B world I believe the requirement that an E2E secured message must be in the true destination format also in the sender's client is the biggest hurdle, as it excludes current, mostly web-based systems.  There simply is not enough money available for funding the development of thousands and thousands of unique "fat clients", particularly as "the other solution" is readily available as well as being inherently more flexible.  Client-side authentication using SSL fills the security bill in a much less intrusive way.  However, that security does not have to reach beyond the business system as the business system is an entity itself in a GW-world.

>I know from a New Zealand project several years ago that they implemented
>government-wide gateway PKI only because they couldn't get smartcards and
>client software as they existed back then to work.  They viewed gateway
>PKI as effective BUT a compromise, because they lost strong authentication
>of individuals.  That is not a bad compromise in many cases; and there are
>other ways to get individually auditable proof of origin.  But it is a
>compromise nevertheless.

That is a rather one-dimensional way of describing this system. Seen from another angle, I note that SEEMail enabled domain-encrypted and -authenticated mail communication to EVERYBODY within the government network with minimal costs including virtually no end-user training.  The US government OTOH have not reached that goal even today by a long shot as they are stuck with a system that does not scale trustwise (end-to-end security using S/MIME).  Apparently, the New Zeeland government is now extending this concept to include citizens and businesses as well: http://www.e-government.govt.nz/see/mail/index.asp

Germany's e-Government adopts the GW approach

I just returned from a conference in Hungary called ISSE 2005 (Information Security Systems Europe) where I presented an authentication solution on behalf on my employer.  Fortunately, I was also able to attend a presentation by a BSI (the NIST of Germany) delegate who presented their gateway approach for e-government transactions and messaging.  The person started with a slide containing the line: "End-to-end security died even before it even was alive".  I could not have put it better myself.  This was not a research report but a real system based on a set of new BSI standards, and coming from the country that more than any other country has been associated with legally binding signatures, qualified certificates and similar.

 

Based on publicly available information, the governments in the US and in Asia have (apparently) concluded that they do not need a security architecture for interacting with the society at large.  This is a pity, since HSPD-12/PIV does neither address (in the original text at least), cross-agency messaging nor G2B messaging, it is rather designed to secure access to federal resources.  The original use-case should work just fine, while the extended use-case often does not.  "How do you send an encrypted message to the tax department" (which the BSI representative mentioned as an example), is in its extreme simplicity showing that this is not simply a matter of using smart cards or not, it is rather a security architecture issue.  The BSI question also indicates that there are privacy issues that are not particularly well addressed by the E2E model (while definitely by its challenger).

 

The way ahead?

The extreme positions taken by different "PKI theologists" (unfortunately including myself), have so far created a huge gap benefiting nobody.  It is however, indeed possible combining these two diverging paths creating a very potent security architecture that as a bare bone minimum uses GW security for organization-to-organization messaging, while it underneath can tunnel an individual's signatures for the rather few cases where such are needed.  In fact, this super-simple scheme can address authorization in a way that E2E security cannot, by making the semantics of a GW-signature indicate "archived", "checked", and "authorized".  A standalone E2E signature OTOH, does not look any different whether it has passed directly from the desktop of the individual or have gone the "proper way" trough internal systems.  That is, E2E-signatures seem most suited for internal consumption, while GW-signatures mainly have external applicability.   Last but not least, a combined GW+E2E-signature would denote an authorized signature by an individual representative of an organization, where the signature is intended for external consumption.  Since the outer GW signature may not only embed the E2E signature, but any number of applicable authorization attributes, this scheme offers an "in-transaction" alternative to the virtually non-existent X.509 attribute certificates.

 

Once again, I would like to emphasize that a security architecture and smart cards are not equivalent, smart cards are rather a potentially vital piece of such an architecture.  By adopting a migrative approach to security, I believe smart cards will be much more quickly adopted (=used) than approaches requiring that not only your organization switch to full-blown PKI deployment, but also requiring every organization you want to interact with does this as well and at the same time, using the same policies etc.  That's at least what most governments and banks are thinking in the EU.

 

Anders Rundgren

Located in the EU, working for a major US computer security company, but here only representing myself.