authenticity

This page looks at online authentication frameworks and mechanisms.

It covers -

• introduction - some questions about authenticity and identity online
• technical and legal frameworks - Australian and overseas legislation, guidelines and studies
• authentication offline - pre-digital models for dealings online?
• what are electronic signatures - basis and definitions
• why are e-signatures significant? - questions about trust, risk and legislation
• steganography - digital watermarking
• validating sites through trust marks and site certificates
• special devices - thumbprint readers, keypads and other fixes

Later pages of the guide look at fraud and debate about geolocation technologies that might underpin authentication regimes. There are supplementary profiles on Identity theft, on Forgery & Forensics and on E-signatures.

     introduction

The mutability of digital content and the shape of the global information infrastructure means that there is considerable uncertainty about electronic documents and internet-based interaction.

Are people who they claim to be? Are messages from the supposed originator? Have documents been tampered with? Can information supplied via the net or commitments undertaken online (eg at a B2B or B2C site) be trusted? Does such information or commitments provide an effective basis for litigation or enforcement action? Should people rely on biometric tools - such as thumbprint scanners attached to their keyboard - rather than passwords, or even use special keypads for online payments rather than relying on "inherently unsafe" personal computers?

     frameworks

The OECD report on its Inventory of Approaches to Authentication & Certification in a Global Networked Society and papers from the June 1999 OECD-Private Sector Workshop on Electronic Authentication offer a point of entry to government strategies and regulatory issues.

The Internet Law & Policy Forum has published a complementary Analysis of International Electronic & Digital Signature Implementation Initiatives (IEDSII). There is an ongoing global inventory by Simone van der Hof, with a comparison by Christina Spyrelli in her 2002 paper on Electronic Signatures: A Transatlantic Bridge? An EU & US Legal Approach Towards Electronic Authentication. The American Bar Association's 1996 Digital Signature Guidelines are here.

The Australian Electronic Transactions Act 1999 (ETA) is perhaps the major achievement of the national government's 'strategic framework for the information economy' under the coordination of the National Office for the Information Economy (NOIE), giving electronic transactions involving Commonwealth government agencies the same status as those using paper.  

Because most contract law is a state responsibility, the Act is to be 'mirrored' by complementary state legislation.  As yet, similar acts have come into effect in Victoria and NSW; further progress is likely to be slow.  

The ETA reflects the September 1999 issues paper on the UNCITRAL Draft Uniform Rules on Electronic Signatures (Rules). In the US the Electronic Signatures In Global & National Commerce Act was signed by President Clinton and will come into effect in October 2000. 

In Australia the Government Public Key Authority (GPKA) deals with government aspects of PKA. 

The Commonwealth's Project Gatekeeper, with the same name as the very bad computer in a recent Hollywood dot com exploitation flick, resulted from the 1998 National Authentication Authority (NAA) Discussion Paper and the Strategy for an Australian National Electronic Authentication Framework, the detailed report by the National Public Key Infrastructure Working Party.

Clifford Lynch and others contributed to a significant report (PDF) by US libraries and archives on Authenticity in A Digital Environment in January 2000 and to the Coalition for Networked Information's earlier White Paper on Authentication & Access Management Issues in Cross-organizational Use of Networked Information Resources. The February 2001 report (PDF) by the US Government Accounting Office on Advances & Remaining Challenges to Adoption of Public Key Infrastructure is also recommended.

Stefan Brands' Rethinking Public Key Infrastructures & Digital Certificates (Cambridge: MIT Press 2000) proposes technical solutions reflecting some of the CNI questions about tradeoffs between privacy and identification. There is a broader perspective in Joseph Reagle's 1996 thesis on Trust in a Cryptographic Economy & Digital Security Deposits: Protocols and Policies.

Gail Grant's Understanding Digital Signatures: Establishing Trust over the Internet & Other Networks (New York: McGraw-Hill 1999) is less substantial than L Jean Camp's Trust & Risk In Internet Commerce (Cambridge: MIT Press 2000) and similar studies considered later in this guide. There's a useful overview in Adrian McCullagh's 2001 JILT article on Signature Stripping: A Digital Dilemma.

Richard Smith's Authentication: From Passwords to Public Keys (Reading: Addison-Wesley 2001) offers a concise introduction to authentication technology principles.

     offline

As the discussion of forgery and identity fraud elsewhere on this site suggests, uncertainties about identity and authenticity are not new. Responses have encompassed four forms -

• registration
• certification
• evidence legislation
• forensics

Governments throughout history have tacitly differentiated between significant and non-significant transactions, with major interactions between individuals or with the state (for example sale of land) being formally recorded in a way that identifies the specific activity and in many instances also provides a basis for administering obligations or entitlements. Land registers, for example, identified ownership of the main form of property in pre-industrial Europe and East Asia; they were also the foundation of schemes for payment by land owners of taxes in the form of salt, gold, animals or labour.

Certification schemes in many nations have have involved authentication of documents through inclusion of an official stamp or a personal seal. Personal seals in much of Asia, for example the hang-ko in Japan, were purchased specially by individuals, registered with local government and used in preference to handwritten signatures for identifying documents involving major transactions such as land sales. If a transaction was subsequently challenged the validity of a signature might be determined by bringing each party's seal to court, repeating the sealing process and comparing the two seals.

Evidence legislation has sought to address uncertainties about authentication in two ways. Firstly it has codified principles for determining the genuineness of documents and other evidence, embodying a jurisdiction's recognition of forensics. Secondly it has sought to provide boundaries for identifying risk and thereby provide a basis for trust in transactions.

The legislation has interacted with commercial law in aiming to cover issues of -

• authenticity (was the document originated by its supposed authors? was the transaction authorised?)
• integrity (has the document been altered?)
• non-repudiation (was the document the result of a commitment by the author/signatory and thus binding on one or more parties? has its integrity been maintained in a way that can be determined if a dispute arises)

Forensic principles and practice - discussed in more detail here - have evolved in pace with changing legal thinking, technological developments and social behaviour. They encompass both basic assumptions such as an emphasis on provenance. They also encompass use of technologies for inhibiting forgeries (eg watermarks and thread paper), preserving the integrity of key documents (eg 'fugitive inks') or determining forgeries (eg thermoluminescent analysis)

     electronic signatures

The terms electronic signatures, digital signatures or e-signatures have confused some people, whose conceptualisation of electronic document authentication centres on inclusion of a graphic - a scanned image of a handwritten signature.

In practice such a feature - in an email, word document or PDF - is of little value because the facsimile is easily replicated and easily separated from a genuine document for unauthorised application to another document.

Some vendors have promoted use of special pens or tablets, devices that seek to capture supposedly unique attributes - sometimes referred to as 'signature dynamics' - such as letter shape, stroke order, speed and pressure - in a handwritten signature. That data is then held on an online database or a smart card for comparison with future authentication via the same device. It has received less acceptance than other biometric technologies.

Others consider that entering a personal name/initials on an intranet or internet web form (accessed through use of an ID and password) is an electronic signature.

An e-signature is more properly characterised as a mechanism for
use in

• uniquely identifying and authenticating a particular person or organisation as the source of an electronic message or document or as authorising a particular transaction such as a payment or access to health services
• binding the person/s to the contents of that communication or document or as authoriser of a specific transaction
• thereby providing a basis for resolution of disputes (eg through an ADR service or a court) or enforcement action.

It is underpinned by evidence or signature legislation or codes of practice. In some instances the signature has an additional function of identifying the integrity of the communication, eg indicating that it has not been tampered with. Mechanisms of varying effectiveness are available for signalling that a document's integrity is intact. Those mechanisms may be generic and do not necessarily involve an electronic signature tied to a specific author.

Some authorities suggest that use of e-signatures is necessarily allied with confidentiality, with for example encryption of all or part of the document rather than just the signature component. Other enthusiasts have claimed that it is practical to identify all communications using supposedly unique characteristics of every personal computer, a claim that has received underwhelming support.

An electronic signature might take different forms, with for example inclusion in a document of a steganographic element or use in a communication of an electronic key (an electronic code that is unique to the sender of the communication or indeed unique to a particular document).

     Why are e-signatures significant?

Much of the writing about electronic signatures has centred on electronic commerce and reflects assessments that potential participants will be reluctant to fully engage in e-commerce (and in e-services or e-government) unless there is greater trust about the status of individual interactions.

Other observers have suggested that there are broader concerns about the nature of identity, authenticity, responsibility and enforcement regarding life online - which is broader than B2C.

It is thus common to encounter claims that in dealing with offline transactions, in particular those that are paper-based, there is an aggregation of indicators of trust that allow parties to a transaction (and other entities such as a financial clearing house or court) determine whether a signature is authentic and a document is intact.

Those indicators include the characteristics of paper (eg watermarks and letterhead), handwritten ink signatures and official stamps, differential spacing in typed documents, delivery via a trusted third party and contextual documentation such as drafts or copies held by associated parties such as lawyers. In contrast, as a discussion of US evidence legislation lamented

with electronic communications, however, none of these indicators of trust are present. All that can be communicated are bits (0s and 1s) that are in all respects identical and can be easily copied and modified.

This has two important consequences. First, it often becomes extremely difficult to know when one can rely on the integrity and authenticity of an electronic message. This, of course, makes difficult those decisions that involve entering into contracts, shipping products, making payments, or otherwise changing one's position in reliance on an electronic message. Second, this lack of reliability makes proving up one's case in court virtually impossible.

In practice much paper documentation is taken on faith, given assessments of risk, perceptions that someone else will carry any costs, concerns about delays associated with manual verification (eg examination of specimen signature cards and registers) and erratic recognition by courts of handwriting experts.

One attraction of digital signature schemes is that in principle e-signature creation and verification processes are capable of complete automation (quick, cheap, reliable, user friendly, transparent), with human checking on an exception basis only.

Disagreement about recognition of electronic signatures is evident in the legislation and policy documents highlighted above. Legislation varies considerably across jurisdictions, with

• a minimalist approach that merely authorises use of e-signatures in very limited circumstances
• more comprehensive legislation that articulates evidentiary presumptions and model default provisions, often providing that contracting parties can formally agree to waive particular provisions
• a maximalist approach, with very detailed codes regarding the manner in which digital signatures may be used and certification authorities may operate.

We have discussed the mechanics of e-signatures and debate about their administration (including escrow and overheads) in a supplementary note.

     Steganography

Steganography - or hidden writing - involves hiding data (often as a numerical identifier, encrypted digital text or image within an image or sound recording) in such a way that only the publisher, intended recipient and agents know of that data's existence. It is sometimes referred to as a digital watermark, an identifier that isn't readily apparent to the casual user and is not easily removed.

It is frequently contrasted to cryptography, where a communication's existence may be apparent but the meaning is obscured.

Peter Wayner's Disappearing Cryptography: Being & Nothingness on the Net (San Francisco: Morgan Kaufmann 1996) is a user-friendly introduction by one of the gurus of the open source movement. 

There is a more detailed and authoritative exploration of stego in Information Hiding Techniques for Steganography & Digital Watermarking (Norwood: Artech 2000), a collection of papers edited by Stefan Katzenbeisser & Fabien Petitcolas. 

Petitcolas is the author of an online bibliography, up to mid 1999. Other bibliographies are on sites maintained by Saraju Mohanty (SM) and Erlangen University (EU). A crisp introduction is provided by Peter Schneier's Steganography: Truths & Fictions and
Gary Kessler's 2004 brief An Overview of Steganography for the Computer Forensics Examiner. The CITI report Detecting Steganographic Content on the Internet (PDF) is of value in considering contemporary urban legends about spooks, stego and terrorists.

Digimarc, one of several vendors of watermarking products, includes a guide to the technology on its site. Most commercial vendors offer some background information, although the promo literature can be regarded with a gain of salt. Digimarc (US) and Signum Technologies (UK) are the leading commercial specialists. 

The NEC subsidiary Signafy offers a watermark claimed to survive in images sent by fax, while UK-based Datamark offers software for image libraries, claimed to identify an image with a unique watermark whenever it is downloaded.

     trust marks and certificates

Many people have emphasised validation of sites, rather than individual documents or messages.

A detailed profile on 'trust marks', such as web site privacy seals, is here.

Many 'secure' web transactions involves SSL certificates. It is theoretically possible to create DIY certificates but in practice most widely-deployed commercial applications do not accept the home-grown version.

Two firms - VeriSign (the dominant domain name registrar) and Thawte - initially controlled most of the market. VeriSign subsequently absorbed Thawte - one observer tartly noted that the sale allowed Thawte's founder Mark Shuttleworth to become a US$20m space tourist - and is now the dominant source for widely accepted SSL certificates, with prices increasing significantly.

     special devices

Some people have sought to sidestep authentication challenges by relying on biometric devices that are supposedly easier to use than PKI or offer more reliable identification. Those devices centre on 'what you are' rather than 'what you know' or 'what you have', with vendors emphasising the unique physical attributes of individuals, the accuracy with which those attributes can be recognised and the difficulty of forgery.

Some vendors have integrated biometric readers into personal computers, albeit without substantial commercial success. Recurrent attempts to market ancillary devices - for example an iris reader or thumbprint scanner or palm reader that plugs into the keyboard on a domestic personal computer - similarly have failed to wow the market.

Acceptance of those devices has been inhibited by cost, questions about reliability (with instances where a thumbprint reader has been defeated by a warm lolly), problems with reference data, concerns that biometrics are foiled if the associated personal computer is riddled with malware and differing user acceptance of risk.

Other vendors, arguing that personal computers on the net are innately vulnerable, have instead suggested that consumers should follow the practice of some businesses and rely on special payment devices rather than the PC. Those devices typically are similar to the credit card readers used by most retailers in advanced economies, a specialist keypad encrypting account information exchanged with a small number of financial or other institutions.

Critics have responded that total security is only feasible by

• placing the end user's device (personal computer, mobile phone, keypad) behind a secure perimeter
• maintaining the integrity of those devices through exclusion of malware
• ensuring that reference data is accurate (it is unecessary to forge 'breeder' documents such as passports if they can be obtained from legitimate sources by supplying illicit information)
• trusting that all elements of a transaction chain observe best practice (given the history of information being purloined by staff in call centres or inappropriately being released by reference sources such as Choicepoint)
• ensuring that people at all positions in that chain are vigilant about the danger of social engineering (breaking into a database is not necessary if someone will supply data to anyone who engages in pretexting and asks politely, with apparent authority and a convincing spiel).

   next page  (anonymity)