Briefing 16 Annex 2 : Role of Trusted Third Parties (TTPs)

Issue

Some of the security services required by commerce and by governments necessarily require involvement of a third party. Any such party is trusted in some way. These Trusted Third Parties (TTP) can also be involved in the provision of administrative services. This may satisfy business as well as law enforcement needs in all sectors.

Discussion

When a group of users wants to communicate securely using cryptographic methods, some measures must be taken to distribute and update the keys that are needed. Typically, each user must obtain a key coming from every other user he wants to communicate with, no matter which service is required. For a small, constant user group, this may be a fairly straightforward problem, which can be solved without involving any other parties than the users themselves. For larger and more open user groups, the problem quickly becomes difficult, however, and one needs to involve a so called Trusted Third Party (TTP).

Although several variants exist, there is a main distinction usually made between two types of TTPs: functionally Trusted Third Parties and unconditionally Trusted Third Parties.

The first type arises from the obvious need for reliable registration of users of the system. If public key methods are used, this will usually include certification of public keys as belonging to certain users. A TTP trusted to perform this function is called functionally trusted. It is clear that if the registration is not done in a reliable manner, users cannot even be sure with whom they are communicating. So functional trust represents a minimal amount of trust that must be placed in a TTP. Note that this type of TTP does not need to know the secret key of any user, nor does it need to know any conventional keys used for data communication between users. The functionality required in this instance is comparable to the functionality of a phone book. It provides a reliable connection between people, or their residence, rather, and their phone numbers.

The second type of TTP is typically needed in systems that use conventional cryptography only.

In addition to the registration function mentioned above, such an unconditionally trusted TTP will generate keys for data communication and then communicate them securely to the users who need them. This means that the TTP knows, and in principle could make use of, all the secret information in the system. Thus measures must be taken to prevent such misuse. This usually involves the use of tamper resistant hardware, ensuring that no key will appear in the clear outside of the trusted environment.

In any case, whichever approach is chosen, Trusted Third Parties must be introduced to handle a number of administrative functions related to the management of users, in particular registration, and the distribution of all relevant information on keys. However, a number of other functions, such as time stamping, are relevant, and all these requirements must be clearly understood to reach the objective of the project.

One single TTP world-wide is clearly impractical. So there will be one or more networks of TTPs. Some network may only support closed user groups. International networks for an open environment need some framework.

Trusted Third Party services can be considered as value-added communication services available to users wishing to enhance the trust of the services they use. Therefore TTPs have to be able to offer value added with regard to availability, integrity, confidentiality and assurance. Although TTPs may be set up on a national basis within national law, they must be trusted internationally.

There are different types of functions which may all or in part be fulfilled by TTPs. The exact nature and extent to which these functions are provided by TTPs will be dictated by practical considerations and may vary considerably.

In general the TTPs operate on the basis of information provided by the user. Certification of information is carried out on the basis of evidence of correctness provided by the user or generated by the TTP itself, eg the keys.

The major services a TTP may offer include some or all of the following:

• Name assignment, ie the function of assigning individuals' and enterprises' unique names and addresses. Individuals may possess several different and distinguished names, according to their role, eg as private citizen and as employee of a corporation.
• Certification, ie the function to validate that a name and address has certain credentials, eg a public key for signature.
• Key Management for signature, ie the generation, distribution, establishment, and administration of public and private keys.
• Key Management for confidentiality, ie the function to generate, distribute and administer keys used for confidential communications.
• Management Services for Names and Credentials, ie the function to establish, administer and make available registers with the names of individuals and their certified credentials.
• Security services, ie functions usually performed by the legal profession, mostly concerned with non-repudiation. These include:

Common to Trusted Third Party service providers is that they have to be accredited and audited, and that they have to operate under the law of the country using common guidelines.

The information flow between constituents of a network of TTPs contains the following major elements:

• National Laws. The operation of TTPs will take place within the laws of the country in which they are located. It is conceivable that some legislation has to be updated to allow TTPs to operate in an international environment.
• Good practices, rules and regulations for the accreditation, operation and audit of TTPs.
• Standards for communications.
• Good practices, regulations and laws for the use of communication services.

Requirements of TTP programmes:

• Establishment of international framework for the operation of TTPs
• Setting up of conditions for the operation of TTPs in the EC, adapted to the needs of national and international users.

Such programmes are under way in the UK with DTI, and in the EU by EC and ETSI. All are current and at early stages of development. There is great commercial interest in TTPs, but concern as to how money can be made from acting as a TTP. The programmes are all looking at commercial models to help with this concern.