CHAPTER FOUR
CPK Identity Authentication
Reviewing the experience of information security development for more than 40 years, the core technology of Cyber security was analyzed in this paper. Finally, the core technology is found as identity authentication. On the basis of identity authentication, cyber security solutions can be formed on the base of entity authentication and event authentication. This is of great significance to e-commerce, future network construction, network management, especially as the countermeasures of network warfare.
We have experienced the point-to-point communication security, LAN data authentication, Internet user authentication, IoT entity authentication, now we are experiencing IoE event authentication. In the process of development, there were different claims and concepts. Here we are going to explain the “self-assured” policy, the concept of virtual link and come to a solution.
4.1 Introduction
The term of information security has not accurate definition in Chinese, but generally follows the Clinton's PDD63's definition, namely, vulnerability analysis. So, firewall, intrusion detection system were introduced into China, Of course, vulnerability analysis is one of the contents of the information security, but whether it is the main content, the answer is negative. Conclusion has been given in the Bush administration's PITAC report “Cyber Security—Crisis of Prioritization”: not vulnerability analysis but authentication technique. In the Cyber warfare experiments, the U.S. Army only caught two core issues, namely: the illegal invasion and the right-taken-over. They also claimed, they could control every byte in enemy database. How to prevent the illegal invasion and right-taken-over will be relied on authentication technique.
I always argued that if confidentiality can be done with open method, then it will be the best technology. Now Internet is a community of human life. Therefore, any advanced technology will be a common human wealth. In the past, due to some reasons, little domestic situation was talked about, and few people understand the real domestic situation. Knowing enemy and yourself, make you win all battles.
We've gone through several stages of development during more than four decades. The development in China is basically keeping pace with the times. Constantly shorten the gap with developed countries, and at the same time, some key technologies are even beyond the international advanced level.
In 1970s, the rapid increase of communication rate caused an urgent demand for automated encryption. We developed electronic cipher machine M06 and entered the era of point to point linked communication security, catching up with the advanced countries.
In 1980s, LAN broke the boundary of the terminals and formed an end to end linked local network creating a sharing resource. The main task of LAN security is data authentication. In resource sharing system, data authentication is guaranteed by classification of data and by the policy of mandatory control. The U.S. DoD Orange Book was taken as the sign[1]. We developed identity-based Two Layer Key (TLK) that was a combination of symmetric keys and asymmetric keys, and realized data authentication in the defense network, and made China the first country to use identity-based public key and realized Cyber security.
In 1990s, the Internet became popular, breaking the boundary of LAN, eventually turned into Internet, pushing the world enter to a new era of user authentication. The identity-based Layered Public Key (LPK)[2] was developed, and realized in SJY01 in China to solve the large scale authentication problem. LPK was much better than CA-based PKI. Clinton administration proposed an assurance policy that the security must be protected by all users self. But the security was focused only on the vulnerability analysis and lead the security into system security. This was the result of image thinking mode, failed to grasp the essence of the problem. The President Directive PDD63 can be taken as the sign[3].
In 2000s, Internet-of-thing opened a new era, the information system (such as Internet)has been included in non information system to consist a new space, and combined with social life, and entered into Cyber space. The report of “Cyber Security—Crisis of Prioritization” submitted by U.S. President Information Technology Advisory Committee (PITAC) can be taken as the sign of Cyber era[4]. The report pointed out that the principle of Cyber security is “mutual suspicion”, and the main task is to solve “authentication technique” to establish a “trusting system”. It was the result of abstract thinking way, the essence of the problem has been grasped but the depth was not enough and the solution has not been found. However, we have integrated Internet, mobile net, IoT into one Cyber net under the concept of identity, and developed the identity-based Combined Public Key (CPK)[5] and solved the core problem of identity authentication.
In the 2010s, with the development of electronic commerce and the formation of Cyber warfare, Cyber crime are very frequent. So there is an urgent demand for “events” authentication, such as illegal access events in communication, fake criminal events in transaction, thus “entity” authentication of static IoT is quietly developed to the “event” authentication of dynamic IoT by virtualization. Interactions among entities constitute “events”, event exists in a form of process, and process produces Internet-of-Event. The authentication of the process can be solved by the “I to I” (Identify) authentication model. We have formed the “truth logic of authentication”[6] to solve entity authentication and event authentication, thus we take the lead to enter the era of Internet-of- Event of event authentication.
Throughout the history of the development of so called information security that was developed with information technology, one can see clearly the trace of development, that is from data authentication, user authentication to entity authentication and event authentication. The world is made up of a variety of entities, and entities are related each other. The activities of the entity must constitute events. As long as we grasp the fundamental problem, other security problems can be easily solved. And the basis of entity authentication and event authentication is identity authentication. Therefore, the identity authentication is the “silver bullet” of Cyber security.
4.2 Formation of Identity Authentication
The researchers of President Information Technology Advisary Committee (PITAC) and of China civilian QNS Studio all have reached the same conclusion that the security must be changed to active management form passive defense. But there is some differences among colleagues of two countries.
The PITAC of Bush Administration for the first time put forward the principle of Cyber security was “mutual suspicion”, and the core technique was “authentication”. This has been a landmark formulation. Thus, in the United States started the research activities for various authentication technology, such as fingerprint recognition, facial recognition, etc. But later found that the physical or biological technology is only meaningful in face to face authentication, while in remote online authentication, it is meaningless, and the online remote authentication was still unsolved.
PITAC thought to build a “trusting system”. PITAC although put forward the principle of “mutual suspicion”, but not get rid of “trust logic”.
Americans go the way of theory first, carry out technology development activities under the theoretical guidance. The advanced theory is mainly reflected in many new concepts that can meet the demand of era and has a guiding significance, such as: Denning's control concept of discretionary and mandatory policy of database management, DoD's information security concept of classification in resource sharing system, the Clinton's assurance concept that Internet security must be guaranteed by netizens common awareness, Bosh's Cyber Security concept of IoT, etc., NIST published a number of public key system, such as the DLP, RSA, ECC, and released the digital signature standard, etc., and played the leading role around the world. Although the understanding of “identity authentication” is behind China, in 2011, the Obama administration changed the “authentication technique” of bush administration to “identity authentication”, and put it officially as the national strategy[7], thus it formally became the will of the state, and took it as a “silver bullet”, but unfortunately, so far failed to find the solution.
While in China, the book of “CPK Identity Authentication” was published in 2006, in this book, the “silver bullet” that countries are seeking you was described.
According to our experience, the transformation from “trusting system” to “proving system” is not so easy, because it is relied on the foundation of authentication theory. For this purpose, we must rush out from the limitation of trust logic based on behavior, of belief logic based on model to established a new truth logic of authentication based on evidence. In fact, the reason is very simple, take shopping as an example, the shop assistant and customer does not know each other, no trust relationship, but the deal is done, the deal has nothing to do with trust, and only related to the authenticity of money and commodity.
4.3 Requirement of Virtual Network
The development of information security is mainly reflected in the change of authentication granularity. In the era of point-to-point communication, the main object of identification is data, and its main task is data confidentiality. In the era of LAN, the main identification object is the terminal, the main task is to identify the authenticity of the terminal; In the Internet era, the main identification object is the user, the main task is to identify the user's authenticity. Now we are experiencing the era of the Internet of Things (IoT) and the Internet of Event (IoE), whose main task is to identify entity authenticity and event authenticity.
The biggest difference between the Internet of things and the previous communication network is that the former network is a communication network composed of physical lines, and the communication terminal is usually an intelligent terminal. The Internet of things is a logical network of entities connected by identities. Some entities may be intelligent, while most are not. In fact, the Internet security is realized by intelligent terminals and the Internet of things security is realized by non-intelligent terminals, however, the security principle is exactly the same. If the intelligence of non-intelligent entities can be made, there is no difference between the traditional communication network and the Internet of things, except that the traditional network mainly deals with file data, while the Internet of things mainly deals with signal data.
Entity-to-entity links can only be implemented by an identity-to-identity virtual network.The Identity-to-Identity-link is called the I-to-I mode, and the authenticity of the link needs to be verified, i.e. the identity authentication. The virtual network is independent and not restricted by communication protocol, but all illegal events in the communication network can be detected in the virtual network, which provides a technical basis for the construction of self-assured network system.
4.4 Requirement of Proof-before-Event
Cyber security is facing two critical problems: how to define identity and how to authenticate identity.
In cyber space, the object of authentication includes not only human beings but also includes things. So the identities in cyber space is not just about the names of people, but also about the names of things. For an example, entity identity can be user-name, tel-number, IP address, software name, account-no, etc.
In the past, the technique of proof-after-event was commonly used and was easy to be solved. We can't imagine shooting planes down to see if they're right. But proof-before-event has always been an international problem. This creates a need for proof-before-event.
In a transaction or business, the authentication between accounts first occurs, and the identity authentication occurs in the accepting stage before data authentication occurs. The payer's account provides the evidence of the authenticity of payer and payee, and the payee can directly authenticate the authenticity. The payee has the public key used for verification. Once the acceptance process was ended, the next step of the adoption process can be begun.
In the communication authentication, it is also composed of two stage: accessing process and receiving process. The accessing process should be taken first as proof-before-event. The sender is always the prover, and the receiver is always the verifier. The sender sends evidence of authenticity of the sender and receiver first. The evidence of sender is the signature to the time and to the receiver. The sender provides the authenticity evidence of sender:
SIGsender (time)=(s1,c1)
The authenticity of receiver is:
SIGsender (receiver)=(s2,c2)
The receiver verifies:
VERSENDER(time,s1)=c'1
VERSENDERE (receiver,s2)=c'2
The first problem encountered in communication is whether the message of the other party should be connected. The judgment of whether to be accessed are conditional, which can only rely on identity authentication technology. At this time, data has not been received yet, so its authenticity cannot be determined by data integrity, rather, it can only be determined by proof of authenticity of identity. If it is an illegal identity, it will be rejected, so as to effectively prevent illegal access.
This connecting technology based on communication identity authentication will bring great changes to the existing protocol of communication. For instance, the protocols such as SSL, WLAN need more than 10 steps of interaction to complete secure connection. Now, with the identity authentication technology, only 1 or 2 steps are enough to implement proven (authenticated) connecting. The burden of authentication is scattered to each user terminal, and thus greatly alleviating burden of the exchange equipment, and achieving balance of load, greatly facilitating the authentication of communication.
Transaction between users is carried out through computer. Thus, there is a demand for authenticated program code. To meet the demand we must anser the following questions:
(1)Whether the software shall be uploaded (installed);
(2)Whether the software shall be executed (downloaded).
As the first checkpoint, whether the software shall be uploaded is very important, which shall be solved relying on authentication technology of software identity. If it is an illegal identity, uploading is denied. In this way, malicious software such as virus will not be uploaded even if they have invaded. In terms of a banking system, if no software other than those approved by the bank is allowed to run in the system, the bank president will feel comfortable to such a system. This technology is called software identity authentication realized by code signing.
The CPK authenticity verification of software identity is significantly different from the conventional Trusted Platform Module (TPM), where at least two components are needed, i.e., integrity measurement proxy and behavior supervision proxy. Measurement is started after the code uploading. So it belongs to “proof-after-event”. But in the CPK authenticity verification, the software identity is checked first to decide weather the code is allowed to be uploaded. The checking is started before the code loading, so it is called “Proof-before-Event”.
Software identity is defined by the manufacturer. Authentication of software identity signed by manufacturer is called first-level authentication. If the software is homemade by the user, then the authenticity evidence is provided by user, and is called second-level authentication. Proof of authenticity is the signature of softwareID by issuer:
SIGissuer (Software ID)=(s1,c1)
The CPK kernnel verifies:
VERISSUER (Softwar ID,s1)=c'1
The verification can verify any identity on spot. Only the authenticated software is allowed to uploaded in the computer ensuring the true computing environment.
4.5 Requirement of Network Order
Now, information security has entered into a new era of cyber security. The theme of cyber security is to establish a true (authenticity) world. It is not a passive defense system. Instead, it is a world of active management. It is not an information system isolated from the physical world. Rather, it is an information world integrated with the physical world. We are going to establish a true world, which reflects the pulse of the new era, and represents the trend of the development. The nature of a true world or a harmonious society is “order” in the society. To establish order, maintain order, and eventually construct a true or harmonious society is the main task of the new generation information security.
The basic requirement of a true (authenticity) world is to establish order and maintain order. Order can be established and maintained only by the technique of identity authentication. Since the founding of People's Republic of China, order of the physical world has been established over the last couple of decades. For instance, ID Card issued by Ministry of Public Security has played a critical role in establishing social order. The experience of the physical world provides valuable experience to the upcoming trust information society. If everyone has a provable unique identity on the Internet, as that in the physical world, online order will not be difficult to establish. Once online order is established, all anonymous activities will be restricted, and the object of law enforcement on the Internet will be limited to information with no legitimate identity. Today, more and more people realize that online order affects Internet's survival.
Similar to the physical world, cyber world is divided into two worlds: ordered world and disordered world. Experience of the physical world and research results indicate that an ordered world within disordered world can only be established from top to bottom, but not from bottom to top. Order in disordered world can only be guaranteed by the ordered world, but not by a world without order itself (not partial guarantee, rather overall guarantee). In the physical world, the ordered world prints banknotes, invoices, for the disordered world to use. Identity of each entity must also be under unified management, i.e., centralized and under real-name system. One will take legal responsibility to his/her signature. Thus, behavior on the Internet may be standardized and restricted. This provides powerful technical means for disposal of junk mails and obtaining evidence on the Internet.
4.6 Requirement of Holistic Solution
Any entity has its own identity. For instance, person has his name, user has his username, equipment has its device name (a number or a serial number), data has data name, and software has software name. The same user may use E-mail address as his identity in E-mail communication, use cell phone number as his identity when making phone calls, and use bank account number as his identity when making deposit or withdrawing money.
Entity identity is a characteristic that differ one entity from another, having uniqueness and independence. Similarly, the classified identity categories keep independence from one another. For example, the identity of address category is independent from the identity of phone number category, with no cross-infiltration between them. Due to the feature of independence of the identity, different security problems based on identity are independent to each other. A neat security model can be constructed as follows:
Compound entity authenticity=[authenticity of (entity1+entity2+... +entityn)];
Compound event authenticity=[authenticity of (event1+event2+... +eventj) ];
Item i security=(security of Entity1 + Entity2+... + Entityk).
From above, it can be seen that security and authenticity issues eventually fall into entity level or event level. If all of entity or event is authenticated respectively, then the compound entity or event is proven to be true. In the past, the online transaction was treated as a process, and the authenticity of the online transaction was proved by user level. Due to lack of identity authentication, it was turn to be very complex, and the user level cannot prove authenticity of communication level. Nowadays, the communication process is taken as a compound event, including accessing process and receiving process. The two process or event is mutually independent, and to be proven separately. Thus, the complicated system which PITAC considers not easy to prove can be divided into several single entity or event that can be proven easily. This provides strong theoretical basis for holistic security design and verification of complicated system.
Authenticity of any entity starts from authentication of identity, which is the easiest and most effective means to prove entity authenticity. In real life, proof of a person starts from checking authenticity of his/her name. If the name proven to be true, counterfeits and impersonation can be prevented. Similarly, in the virtual world, proof of an entity starts from checking authenticity of the identity. Identity authentication is applied to prove authenticity of all entities. It not only applies to online communication, but also applies to offline transaction, package switch communication, software executing processes, etc.