Categorizing, Analyzing, & Managing Third Party Trust Andy - - PowerPoint PPT Presentation

categorizing analyzing managing third party trust
SMART_READER_LITE
LIVE PREVIEW

Categorizing, Analyzing, & Managing Third Party Trust Andy - - PowerPoint PPT Presentation

Sep 21, 2023 189 likes •1.15k views

Categorizing, Analyzing, & Managing Third Party Trust Andy Sayler TPRC44 10/01/16 The Internet By Randall Munroe, xkcd.com Third Party Services Questions What capabilities are we entrusting to third parties? What capabilities are we

slide-1
SLIDE 1

Categorizing, Analyzing, & Managing Third Party Trust

Andy Sayler TPRC44 10/01/16

slide-2
SLIDE 2

The Internet

slide-3
SLIDE 3

By Randall Munroe, xkcd.com

slide-4
SLIDE 4

Third Party Services

slide-5
SLIDE 5

Questions

slide-6
SLIDE 6

What capabilities are we entrusting to third parties?

slide-7
SLIDE 7

What capabilities are we entrusting to third parties? How can this trust be violated?

slide-8
SLIDE 8

What capabilities are we entrusting to third parties? How can this trust be violated? Can we reduce the degree

  • f required trust?
slide-9
SLIDE 9

What capabilities are we entrusting to third parties? How can this trust be violated? Can we reduce the degree

  • f required trust?

Can we reduce the likelihood

  • f trust violations?
slide-10
SLIDE 10

Modeling Trust

slide-11
SLIDE 11

Degree of Trust

(Capabilities) Types of Violation (Attacks)

slide-12
SLIDE 12

Degree of Trust

(Capabilities)

Types of Violation

(Attacks)

slide-13
SLIDE 13
slide-14
SLIDE 14

Types of Violation

Implicit (P) Compelled (C) Unintentional (U) Colluding (L) Storage (S) Access (R) Manipulation (W) Meta-Analysis (M)

Degree of Trust

slide-15
SLIDE 15

Types of Violation

Implicit (P) Compelled (C) Unintentional (U) Colluding (L) Storage (S) Access (R) Manipulation (W) Meta-Analysis (M)

Degree of Trust

slide-16
SLIDE 16

Degree of Trust

Storage (S) Access (R) Manipulation (W) Meta-Analysis (M)

slide-17
SLIDE 17

Degree of Trust

Storage (S)

Can a third party faithfully store private user data and make it available to the user upon request?

Access (R) Manipulation (W) Meta-Analysis (M)

slide-18
SLIDE 18

Degree of Trust

Storage (S) Access (R)

Can a third party read and interpret the private user data they store?

Manipulation (W) Meta-Analysis (M)

slide-19
SLIDE 19

Degree of Trust

Storage (S) Access (R) Manipulation (W)

Can a third party modify the private user data to which they have access?

Meta-Analysis (M)

slide-20
SLIDE 20

Degree of Trust

Storage (S) Access (R) Manipulation (W) Meta-Analysis (M)

Can a third party gather user metadata related to any stored private user data?

slide-21
SLIDE 21

Examples

slide-22
SLIDE 22
slide-23
SLIDE 23

Storage (S)

slide-24
SLIDE 24

Storage (S) Access (R)

slide-25
SLIDE 25

Storage (S) Access (R) Manipulation (W)

slide-26
SLIDE 26

Storage (S) Access (R) Manipulation (W) Meta-Analysis (M)

slide-27
SLIDE 27

Storage (S) Access (R) Manipulation (W) Meta-Analysis (M)

slide-28
SLIDE 28

Storage (S) Access (R) Manipulation (W) Meta-Analysis (M)

slide-29
SLIDE 29

Types of Violation

Implicit (P) Compelled (C) Unintentional (U) Colluding (L) Storage (S) Access (R) Manipulation (W) Meta-Analysis (M)

Degree of Trust

slide-30
SLIDE 30

Types of Violation

Implicit (P) Compelled (C) Unintentional (U) Colluding (L) Storage (S) Access (R) Manipulation (W) Meta-Analysis (M)

Degree of Trust

slide-31
SLIDE 31

Types of Violation

Implicit (P) Compelled (C) Unintentional (U) Colluding (L)

slide-32
SLIDE 32

Types of Violation

Implicit (P)

Occurs when a third party violates a user’s trust in a manner approved by the third party.

Compelled (C) Unintentional (U) Colluding (L)

slide-33
SLIDE 33

Types of Violation

Implicit (P) Compelled (C)

Occurs when a third party is compelled by another actor to violate a user’s trust.

Unintentional (U) Colluding (L)

slide-34
SLIDE 34

Types of Violation

Implicit (P) Compelled (C) Unintentional (U)

Occurs when a third party unintentionally violates a user’s trust.

Colluding (L)

slide-35
SLIDE 35

Types of Violation

Implicit (P) Compelled (C) Unintentional (U) Colluding (L)

Occurs when multiple trusted parties collude to gain capabilities beyond what the user intended each to have.

slide-36
SLIDE 36

Examples

slide-37
SLIDE 37

Implicit Violations

slide-38
SLIDE 38

Implicit Violations

slide-39
SLIDE 39

Implicit Violations

slide-40
SLIDE 40

Compelled Violations

slide-41
SLIDE 41

Compelled Violations

slide-42
SLIDE 42

Unintentional Violations

slide-43
SLIDE 43

Unintentional Violations

slide-44
SLIDE 44

Collusion Violations

slide-45
SLIDE 45

Collusion Violations

?

slide-46
SLIDE 46

Managing Trust

slide-47
SLIDE 47

Types of Violation

Implicit (P) Compelled (C) Unintentional (U) Colluding (L) Storage (S) Access (R) Manipulation (W) Meta-Analysis (M)

Degree of Trust

slide-48
SLIDE 48

Types of Violation

Implicit (P) Compelled (C) Unintentional (U) Colluding (L) Storage (S) Access (R) Manipulation (W) Meta-Analysis (M)

Degree of Trust

slide-49
SLIDE 49

Storage (S) Access (R) Manipulation (W) Meta-Analysis (M)

slide-50
SLIDE 50

Storage (S) Access (R) Manipulation (W) Meta-Analysis (M)

slide-51
SLIDE 51

Storage (S) Access (R) Manipulation (W) Meta-Analysis (M)

slide-52
SLIDE 52

Trust Surplus

Access (R) Manipulation (W)

slide-53
SLIDE 53

Traditional Trust Model

Feature Provider

User Data Unrestricted Access Full Trust Features

Storage (S) Access (R) Manipulation (W) Meta-Analysis (M)

slide-54
SLIDE 54

Client Trust Model

Feature Provider

Encrypted User Data Controlled Access by Proxy Minimal Trust Features

Storage (S) Access (R) Manipulation (W) Meta-Analysis (M)

slide-55
SLIDE 55

Distributed Trust Model

Feature Provider

Encrypted User Data Controlled Access by Proxy Minimal Trust Features

Secret Storage Provider

Secrets Controlled Access

Storage (S) Access (R) Manipulation (W) Meta-Analysis (M)

slide-56
SLIDE 56

Distributed Trust Model

Feature Provider

Encrypted User Data Controlled Access by Proxy Minimal Trust Features

Secret Storage Providers

Secret Shard Controlled Access

Storage (S) Access (R) Manipulation (W) Meta-Analysis (M)

Controlled Access Secret Shard

slide-57
SLIDE 57

Distributed Trust Model

slide-58
SLIDE 58

Distributed Trust Model

slide-59
SLIDE 59

Distributed Trust Model

slide-60
SLIDE 60

Types of Violation

Implicit (P) Compelled (C) Unintentional (U) Colluding (L) Storage (S) Access (R) Manipulation (W) Meta-Analysis (M)

Degree of Trust

slide-61
SLIDE 61

Types of Violation

Implicit (P) Compelled (C) Unintentional (U) Colluding (L) Storage (S) Access (R) Manipulation (W) Meta-Analysis (M)

Degree of Trust

slide-62
SLIDE 62

Distributed Trust Markets

slide-63
SLIDE 63

Distributed Trust Markets

Storage Provider

Secret Shard

Storage Provider

Secret Shard

Storage Provider

Secret Shard

slide-64
SLIDE 64

Digital Due Process

slide-65
SLIDE 65

Digital Due Process

Feature Provider

Encrypted User Data

Secret Storage Provider

Secrets

Third Party Doctrine

slide-66
SLIDE 66

Digital Due Process

Feature Provider

Encrypted User Data

Secret Storage Provider

Secrets

Third Party Doctrine

Warrant

slide-67
SLIDE 67

Alternatively...

slide-68
SLIDE 68

Alternatively...

Jurisdictional Arbitrage

slide-69
SLIDE 69

Third Party Liability

slide-70
SLIDE 70

Third Party Liability Liability

Storage Provider

Secrets

slide-71
SLIDE 71

Third Party Liability Liability Insurance

Storage Provider

Secrets

slide-72
SLIDE 72

Third Party Liability Liability Insurance

Secrets

$$$ ?

slide-73
SLIDE 73

Third Party Liability Liability Insurance

Secret Shard

$$$ ???

Secret Shard

slide-74
SLIDE 74

Third Party Liability Liability Insurance

Secret Shard

Declare $$$

Secret Shard

slide-75
SLIDE 75

Conclusion

slide-76
SLIDE 76

What capabilities are we entrusting to third parties? How can this trust be violated? Can we reduce the degree

  • f required trust?

Can we reduce the likelihood

  • f trust violations?
slide-77
SLIDE 77

Thank You

slide-78
SLIDE 78

Questions?

slide-79
SLIDE 79

Extra Slides

slide-80
SLIDE 80

Storage (S) Access (R) Manipulation (W) Meta-Analysis (M)

slide-81
SLIDE 81

Storage (S) Access (R) Manipulation (W) Meta-Analysis (M)

slide-82
SLIDE 82

Storage (S) Access (R) Manipulation (W) Meta-Analysis (M)

slide-83
SLIDE 83

Compelled Violations

slide-84
SLIDE 84

Compelled Violations

slide-85
SLIDE 85
slide-86
SLIDE 86
slide-87
SLIDE 87
slide-88
SLIDE 88

Application Storage Access Manipulation Meta-analysis Score Dropbox Full Full Full Full 12 Tresorit Full Partial Partial Full 10 Facebook Full Full Full Full 12 Gmail Full Full Full Full 12 PGP/GPG Full None None Full 6 Hangouts Full Full Full Full 12 TextSecure Full None None Minimal 4 LastPass Full Minimal Full Full 10 Amazon EC2 Full Full Full Full 12 Single SSP Full Partial Partial Full 10 Multiple SSPs Partial Minimal Minimal Partial 6

Degree of Third Party Trust Across Capabilities Increasing Trust

None Full 3 Minimal 1 Partial 2

slide-89
SLIDE 89

Application Storage Access Manipulation Meta-analysis Score Dropbox Full Full Full Full 12 Tresorit Full Partial Partial Full 10 Facebook Full Full Full Full 12 Gmail Full Full Full Full 12 PGP/GPG Full None None Full 6 Hangouts Full Full Full Full 12 TextSecure Full None None Minimal 4 LastPass Full Minimal Full Full 10 Amazon EC2 Full Full Full Full 12 Single SSP Full Partial Partial Full 10 Multiple SSPs Partial Minimal Minimal Partial 6

Degree of Third Party Trust Across Capabilities Increasing Trust

None Full 3 Minimal 1 Partial 2

slide-90
SLIDE 90

Application Storage Access Manipulation Meta-analysis Score Dropbox Full Full Full Full 12 Tresorit Full Partial Partial Full 10 Facebook Full Full Full Full 12 Gmail Full Full Full Full 12 PGP/GPG Full None None Full 6 Hangouts Full Full Full Full 12 TextSecure Full None None Minimal 4 LastPass Full Minimal Full Full 10 Amazon EC2 Full Full Full Full 12 Single SSP Full Partial Partial Full 10 Multiple SSPs Partial Minimal Minimal Partial 6

Degree of Third Party Trust Across Capabilities Increasing Trust

None Full 3 Minimal 1 Partial 2

slide-91
SLIDE 91

Application Storage Access Manipulation Meta-analysis Score Dropbox Full Full Full Full 12 Tresorit Full Partial Partial Full 10 Facebook Full Full Full Full 12 Gmail Full Full Full Full 12 PGP/GPG Full None None Full 6 Hangouts Full Full Full Full 12 TextSecure Full None None Minimal 4 LastPass Full Minimal Full Full 10 Amazon EC2 Full Full Full Full 12 Single SSP Full Partial Partial Full 10 Multiple SSPs Partial Minimal Minimal Partial 6

Degree of Third Party Trust Across Capabilities Increasing Trust

None Full 3 Minimal 1 Partial 2

slide-92
SLIDE 92

Application Implicit Compelled Unintended Colluding Score Dropbox Disincent. Known Disincent. N/A 5 Tresorit Disincent. Vulnerable Disincent. N/A 4 Facebook Known Known Disincent. N/A 7 Gmail Vulnerable Known Disincent. N/A 6 PGP/GPG Disincent. Disincent. Minimized N/A 2 Hangouts Vulnerable Known Disincent. N/A 6 TextSecure Disincent. Disincent. Minimized N/A 2 LastPass Disincent. Vulnerable Disincent. N/A 4 Amazon EC2 Disincent. Known Disincent. N/A 5 Single SSP Disincent. Disincent. Minimized Disincent. 3 Multiple SSPs Disincent. Minimized Minimized Minimized 1

Risk of Third Party Trust Violations Increasing Likelihood

Minimized Known 3 Disincentivized 1 Vulnerable 2

slide-93
SLIDE 93

Application Implicit Compelled Unintended Colluding Score Dropbox Disincent. Known Disincent. N/A 5 Tresorit Disincent. Vulnerable Disincent. N/A 4 Facebook Known Known Disincent. N/A 7 Gmail Vulnerable Known Disincent. N/A 6 PGP/GPG Disincent. Disincent. Minimized N/A 2 Hangouts Vulnerable Known Disincent. N/A 6 TextSecure Disincent. Disincent. Minimized N/A 2 LastPass Disincent. Vulnerable Disincent. N/A 4 Amazon EC2 Disincent. Known Disincent. N/A 5 Single SSP Disincent. Disincent. Minimized Disincent. 3 Multiple SSPs Disincent. Minimized Minimized Minimized 1

Risk of Third Party Trust Violations Increasing Likelihood

Minimized Known 3 Disincentivized 1 Vulnerable 2

slide-94
SLIDE 94

Application Implicit Compelled Unintended Colluding Score Dropbox Disincent. Known Disincent. N/A 5 Tresorit Disincent. Vulnerable Disincent. N/A 4 Facebook Known Known Disincent. N/A 7 Gmail Vulnerable Known Disincent. N/A 6 PGP/GPG Disincent. Disincent. Minimized N/A 2 Hangouts Vulnerable Known Disincent. N/A 6 TextSecure Disincent. Disincent. Minimized N/A 2 LastPass Disincent. Vulnerable Disincent. N/A 4 Amazon EC2 Disincent. Known Disincent. N/A 5 Single SSP Disincent. Disincent. Minimized Disincent. 3 Multiple SSPs Disincent. Minimized Minimized Minimized 1

Risk of Third Party Trust Violations Increasing Likelihood

Minimized Known 3 Disincentivized 1 Vulnerable 2

slide-95
SLIDE 95

Application Implicit Compelled Unintended Colluding Score Dropbox Disincent. Known Disincent. N/A 5 Tresorit Disincent. Vulnerable Disincent. N/A 4 Facebook Known Known Disincent. N/A 7 Gmail Vulnerable Known Disincent. N/A 6 PGP/GPG Disincent. Disincent. Minimized N/A 2 Hangouts Vulnerable Known Disincent. N/A 6 TextSecure Disincent. Disincent. Minimized N/A 2 LastPass Disincent. Vulnerable Disincent. N/A 4 Amazon EC2 Disincent. Known Disincent. N/A 5 Single SSP Disincent. Disincent. Minimized Disincent. 3 Multiple SSPs Disincent. Minimized Minimized Minimized 1

Risk of Third Party Trust Violations Increasing Likelihood

Minimized Known 3 Disincentivized 1 Vulnerable 2