The Cloud Security Ecosystem

In this excerpt from chapter seven of The Cloud Security Ecosystem, authors Ryan Ko and Kim-Kwang Raymond Choo discuss protecting digital identity in the cloud.

The Cloud Security Ecosystem

The following is an excerpt from The Cloud Security Ecosystem by authors Ryan Ko and Kim-Kwang Raymond Choo and published by Syngress. This section from chapter seven explores protecting identity in the cloud.

Technological advances have created a whole new environment for interaction. As dealings previously conducted in person are replaced by dealings without personal interaction, the requirement to provide digital identity for transactions has increased. Now digital identity is poised to assume an even greater role as governments around the world fully digitalize government services and transactions.

This is revolutionizing service delivery and the way in which government interacts and transacts with its citizens. While there are many efficiency and cost benefits, there are also significant ramifications. One of the most important ramifications is the emerging importance of digital identity.

Historically, identity has been a rather nebulous notion, especially at common law. For contractual purposes, for example, identity has largely been in the background as the law focused on issues such as whether there was the necessary meeting of the minds, informed consent, and arms-length dealing. This focus, which mainly developed in response to commercial practice in the nineteenth century and early twentieth century, has led to uncertainty about the role of identity in commercial dealings. Now identity, in the form of digital identity, has emerged from the shadows. While a concept of digital identity for transactions has been emergent for many years for private transactions using credit and debit cards, for example, the full implications of digital identity are now becoming apparent as governments move services and transactions online This chapter analyzes the functions and nature of digital identity in this context, considers its vulnerability to error, and the consequences, particularly for individuals. May need to define what is digital identity in the first place.

Digital identity is an identity which is composed of information stored and transmitted in digital form. Digital identity is all the information digitally recorded about aindividual, i.e., a natural person that is accessible under the particular scheme. Digital identity consists of two components. The first component is a small set of defined, static information which must be presented for a transaction. Invariably, this transaction identity consists of an individual's full name, gender, date of birth, and a piece of identifying information which is typically a numerical identifier and/or a signature. The second component is a larger collection of more detailed "other information" which sits behind transaction identity in the database. This other information is updated on an on-going basis to record transaction history and can be used to profile an individual.

In many ways, transaction identity is the most important part of this digital identity because of its transactional functions which are described later in this chapter and because it is most susceptible to system error. In this chapter, system error is used in its widest sense to describe any malfunction whereby an otherwise authentic and valid digital identity is not recognized by the system. This may be a spontaneous malfunction or one induced by fraud, or the malfunction may be the result of all or part of an individual's digital identity that is being used by another person. In most instances, the latter will involve dishonesty but not always.

As explained in this chapter, the nature and functions of the part of digital identity required for transactions, i.e., transaction identity, mean that impact of system error on an innocent individual can be profound. This is because transaction identity directly implicates the individual linked to that identity on record, irrespective of whether or not that person actually used the digital identity to transact. Transactional rights and duties, including those arising under contract, attach to the digital identity through transaction identity. If there is subsequent default, the transacting entity will, as a matter of practicality, and arguably law, look to the person linked to that identity under the scheme.

The Cloud Security Ecosystem

Authors: Ryan Ko and Kim-Kwang Raymond Choo

Learn more about  The Cloud Security Ecosystem from publisher Syngress

At checkout, use discount code PBTY25 for 25% off this and other Elsevier titles

The transaction will also form part of the other information which comprises digital identity. As mentioned earlier, this other information profiles an individual. It can be used for both commercial and law enforcement purposes. Just as a transacting entity will look to the person linked to the identity under the scheme, so too will law enforcement authorities. As is discussed below, system error can result in a spurious record and that record can affect an individual's ability to transact under the scheme and it can have serious and long-term impact, affecting reputation and legal and commercial standing. This is more than just a remote possibility. It is a direct consequence of the architecture of the types of the scheme.

By requiring that an individual have a digital identity to transact, obviating the need for personal interaction and by automating transactions, these schemes establish a revolutionary means of transacting. They herald a new era of digital citizenship but in doing so that fundamentally change the balance of responsibility and accountability between government and citizens. Individuals, the most vulnerable sector with comparably less access to resources and information, are most affected when the system does not operate as intended.

Section 2 examines this digital identity, its functions, and its implications especially for individuals in the context of cloud computing as governments increase their use of, and reliance on, the cloud.

This development highlights the need for more effective regulation of cross-border data so the following sections of the chapter examine this emerging issue, particularly whether the focus should be on regulating cross-border data disclosure, rather than data transfer. Internationally, cross-border data protection, including the new proposal for the European Union (EU), continues to regulate cross-border data transfer, whereas the new Australia approach now regulates cross-border data disclosure. Sections 3 and 4 examine the international approach which in this respect is also supported by the United States and Asia Pacific Economic Cooperation (APEC), and compares it to the Australian regime in its ability to protect the integrity of an individual's digital identity.

May need to streamline and bring into sharper focus what is it that you want to explore and want to write about -- too many themes in the introduction.

The rise of digital identity

A specific digital identity is now emerging as governments around the world move their services and transactions online. This digital identity is the primary means by which a natural person can access these services which range from social security benefits and health care to tax filing. Example of what kind of information stored is important to illustrate the concept.

Of the countries which are incrementally implementing these schemes, Australia is notable for its candor. The Australian government has now unequivocally stated that Australia is moving to what it calls "digital citizenship." In a Discussion e-Paper released in 2011, the Australian Government acknowledges the importance of digital identity and the significant implications in the event of it being compromised:

In an era where our online identity is central to accessing information and services, ensuring the integrity of that identity is increasingly important. The loss or compromise of our online identity can have wide-ranging implications, including financial loss, emotional distress and reputational damage

Significantly, the paper also states that:

...there would be value in revisiting the distribution of responsibility among individuals, businesses and governments...Developing a common understanding of a model of accountable and responsible digital citizenship -- a digital social contract -- may need to be part of the debate about Australia's digital future.

In many countries, digital identity will soon be the primary means of access as government services are progressively moved online and into a digital format. There is a general requirement to use digital identity to access government services. What is the linkage for this paragraph to the below?

The digital identity schemes used by governments around the world are necessarily based on the premise of one person: one digital identity. This alone is a major change, especially for common law jurisdictions in which identity traditionally has not been recognized as a distinct legal concept. How about electronic transactions in countries like Singapore under the common law? In fact, the government e-service has been ranked ahead of United States -- read the Electronic Transactions Act (ETA) of Singapore to see how they handle as we are a common law country. Historically, there has been no general requirement for one legal identity. One person: one identity has also not been an essential commercial requirement. It has not been a requirement of private schemes like Visa credit and debit card transactions, for example. For a government scheme, however, it is essential. Digitalization of government services and transactions is driven by the need to reduce costs and to increase efficiency in service delivery but most importantly, by the need to reduce fraud. A government scheme requires uniqueness and exclusivity. Consequently, an individual can legitimately have only one digital identity under this type of scheme.

Read an excerpt

Download the PDF of chapter seven in full to learn more!

The digital identity used for government services will likely set the standard for transactions with the private sector. That has been the experience internationally in the advanced digital economy of Estonia for example, and it is an outcome which is probably inevitable from a practical point of view. In effect, it means that the digital identity for government transactions is the primary means by which the individual is recognized and can enter into commercial transactions. This transition is well underway in the United States, the United Kingdom, Australia, and many Asian countries but is most advanced in Europe, with Estonia the leading example of a country in which most commercial transactions require digital identity.

Composition and functions of digital identity

Digital identity in this context has specific composition and transactional functions which make its accuracy and integrity critical.

A feature of all schemes which require digital identity for transactions is that they consist of two sets of information -- a small set of defined information which must be presented for a transaction, i.e., transaction identity; and the larger collection of more detailed "other information" which is updated on an on-going basis. This architecture can be depicted diagrammatically in Figure 1).

These two sets of information collectively comprise digital identity, but they are different in composition and function.

Because of its nature and functionality transaction identity is the most important part of digital identity and it is also most vulnerable to system error as defined in this chapter. Transaction identity is comparatively static, with much of the information being established at birth. It typically consists of full name, gender, date of birth,

and at least one piece of what is referred to as "identifying information" which is most often a signature or numerical identifier. The information which comprises transaction identity is largely public and is not of a nature which naturally seems to attract privacy protection. Most significantly, transaction identity is not just information. As discussed below, it is functional.

The information which constitutes transaction identity is fundamentally different from the larger body of other information which sits behind it. That larger body of information tells a story about a person and that is its sole purpose. It is also dynamic. It is augmented on an on-going basis. Even information which at first sight seems largely administrative adds to the profile. This is also information which is not generally in the public domain. It is generally considered to be personal information which is typically protected by privacy and data protection regulation in most jurisdictions, including Australia, United Kingdom, United States of America, and in the EU. Why is this passage relevant? Access to the other information is primarily via transaction identity. The system is designed so that transaction identity is the access point and transaction identity has a gate-keeper role. Transaction identity links digital identity to an individual through the identifying information (Figure 2).

These digital identity schemes depend on two processes -- first, authentication of identity, and second, verification of identity. Both processes are founded on the integrity of transaction identity.

The information collected when an individual is registered under the scheme is used to authenticate identity in the sense that it is used to prove authenticity. The identifying information is used to link an individual to the registered digital identity. Typically, the identifying information is a number, a handwritten signature, and sometimes also a head and shoulders photo. Some schemes include biometrics as part of the identifying information. The biometrics typically used are 10 fingerprints, two iris scans, and a face scan. The identifying information is regarded as being associated inseparably with that individual. Once authenticated, the identity is recorded in the system.

Transaction identity, the defined, limited set of information which determines identity for transactional purposes, is then used to verify transactions. Invariably, full name, gender, date of birth, and a piece of identifying information will be required to transact. Not all the recorded information need to be used for every transaction. A feature of the scheme is that the information varies, to an extent, depending on the requirements of the transacting entity. The identifying information most commonly required is a signature and/or a numerical identifier.

As a set, this information is functional in that it enables the system to transact with the identity on record. Transaction identity is verified for transactional purposes when all the required transaction information as presented, matches the information on record. Transaction identity is verified by matching information with information. A human being is not central to the transaction and no human interaction is required. The set of information required to establish transaction identity can be provided remotely without any human involvement at that time. Through this matching process, transaction identity performs a number of sequential functions. First, transaction identity singles out one digital identity from all those recorded under the scheme. Second, transaction identity verifies that identity by determining whether there is a match between all the transaction identity information as presented, with that on record. These two steps enable the system to recognize and then transact with that digital identity as depicted in Figure 3.

Under the scheme, there is an important distinction between identification and identity. Identification is just one part of the two processes used to establish identity for a transaction. Although in some respects transaction identity may seem to replicate the traditional function of identity credentials, there is an important difference in the role played by human beings and information. Unlike traditional identity

papers, the information which comprises transaction identity plays the critical role in the transaction, not the individual. Digital identity does not merely support a claim to identity. Digital identity, specifically transaction identity, is the actor in the transaction. This function distinguishes transaction identity.

Although the assumption is that there is a reaching behind transaction identity to deal with a person, the system does not actually operate in that way. The primary role of the identifying information is to link the registered digital identity to a person. The individual who is assumed to be represented by that identity is connected to transaction identity by the identifying information. However, this link is relatively tenuous. A human being is not central to, or necessary, for the transaction. Transaction identity enables the transaction. The interaction is machine to machine, based on matching datasets. As a matter of fact, if not law, the transaction is with the digital identity, not a person. If all the transaction identity information as presented, matches the information on record, then the system automatically authorizes dealings with that digital identity as depicted in Figure 4.

Within the scheme parameters, the system can "act and will for itself" to recognize the defined set of information which comprises transaction identity and

then transact with that identity. This has significant consequences for the government as scheme administrator, for public and private sector entities using the scheme but the individual bears the most direct and significant consequences. This is because transaction identity directly implicates the individual linked to the digital identity by the identifying information, and why it is important to protect the integrity of digital identity, especially now that governments are increasingly using cloud computing for their e-services and transactions. How is this link to the below passage? -- sudden introduction of cloud computing?


About the author:
Dr. Ryan Ko is a Senior Lecturer with the University of Waikato, New Zealand. He established New Zealand's first Master's degree in Cyber Security and first dedicated Cyber Security Lab at the University of Waikato. His main research areas are Cyber Security, Cloud Data Provenance and Cloud Computing Security and Trust. Prior to joining the faculty, Dr. Ko was a lead computer scientist with Hewlett-Packard (HP) Labs' Cloud and Security Lab and achieved first-in-the-world scientific breakthroughs in the area of cloud data provenance. Recipient of the Cloud Security Alliance (CSA) Ron Knode Service Award, he is active as Research Advisor for CSA Asia Pacific, and serves as chair and board member of several cyber security industry consortia and chapters. Dr. Ko is also the co-founder and co-chair of the CSA Cloud Data Governance Working Group, the first CSA research group led by a chapter in Asia Pacific. Prior to HP Labs and his Ph.D., he was an entrepreneur with two startups, and was with Micron Technology, Inc. He has spoken on Cloud Security at several locations in USA and Asia Pacific. Dr. Ko holds three international patents and is a member of the IEEE, ACM and AAAI. Most recently, he was one of 14 international subject matter experts selected by (ISC)2 to develop a new international certification like the CISSP for cloud security professionals

Dr. Kim-Kwang Raymond Choo is a Fulbright Scholar and Senior Lecturer at the University of South Australia. He has (co)authored a number of publications in the areas of anti-money laundering, cyber and information security, and digital forensics including six Australian Government Australian Institute of Criminology refereed monographs. Dr. Choo has been an invited speaker for a number of events (e.g. 2011 UNODC-ITU Asia-Pacific Regional Workshop on Fighting Cybercrime and 2011 KANZ Broadband Summit 2011), and delivered Keynote/Plenary Speeches at ECPAT Taiwan 2008 Conference on Criminal Problems and Intervention Strategy, 2010 International Conference on Applied Linguistics and 2011 Economic Crime Asia Conference, and Invited Lecture at the Bangladesh Institute of International and Strategic Studies. He was one of more than 20 international (and one of two Australian) experts consulted by the research team preparing McAfee's commissioned report entitled "Virtual Criminology Report 2009: Virtually Here: The Age of Cyber Warfare"; and his opinions on cyber crime and cyber security are regularly published in the media. In 2009, he was named one of 10 Emerging Leaders in the Innovation category of The Weekend Australian Magazine / Microsoft's Next 100 series. He is also the recipient of several awards including the 2010 Australian Capital Territory (ACT) Pearcey Award for "Taking a risk and making a difference in the development of the Australian ICT industry."

Dig Deeper on Cloud Provisioning and Cloud Identity Management Issues