1 / 32

European Electronic Signature Standardisation Initiative

European Electronic Signature Standardisation Initiative. EESSI Budapest Seminar at the Hungarian Communication Authority 2001 05-08 György Endersz, Telia Research AB, Sweden Chairman ETSI ESI Working Group gyorgy.g.endersz@telia.se. Deliverables and Current Activities.

chanda-roberts
Télécharger la présentation

European Electronic Signature Standardisation Initiative

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. European Electronic Signature Standardisation Initiative EESSI Budapest Seminar at the Hungarian Communication Authority 2001 05-08 György Endersz, Telia Research AB, SwedenChairman ETSI ESI Working Groupgyorgy.g.endersz@telia.se Deliverables and Current Activities Telia Research AB György Endersz

  2. EESSI: European Electronic Signature Standardization Initiative EESSI SG European Telecommunications Standards Institute Industry and business, assisted by European standard bodies Telia Research AB György Endersz

  3. EESSI Program Implementation • Phase 2 (2000) completed 2Q2001 • Phase 3 (2001) deliverables to be published by the end of 2001 • ETSI ESI Working Group • 40-50 Participants, funded Specialist Task Force, STF155, 178 • Result: ETSI Technical Specifications • Chairman: gyorgy.g.endersz@telia.se • CEN/ISSS E-SIGN Workshop • 50-70 participants, funded Expert Teams • Result: CEN Workshop Agreements • Chairman: riccardo.genghini@sng.it Telia Research AB György Endersz

  4. Directive “on a Community framework for electronic signatures, 13 Dec ‘99” • Ensures legal recognition of electronic signatures • Security and quality requirements in Annexes I-III • Qualified certificates+secure signature-creation device+ advanced signatures hand-written signature • Other signatures recognised as well (Art 5.2) • Voluntary accreditation of service providers (tScheme, TTP.NL, Italy, Austria, Germany, Spain….) • Technology-neutral framework • To be in place within 18 months Telia Research AB György Endersz

  5. Annexes of the Directive • Annex I: Requirements for qualified certificates • Annex II: Requirements for certification-service-providers issuing qualified certificates • Annex III: Requirements for secure signature-creation devices • Annex IV: Recommendations for secure signature verification Telia Research AB György Endersz

  6. Strategy and Work Process • Focus on Directive Annexes and interoperability • Market driven • Open, transparent and co-operative • Re-use of existing work • Funded support for timeliness • European with global ambition Telia Research AB György Endersz

  7. Roadmap of EESSI Standards Certification Service Provider Requirements for CSPs - A.II Trustworthy system- A.II.f Time Stamp Qualified certificate - A.I Signature creation process and environment (A.III) Signature valida-tion process and environment - A.IV Creationdevice A.III Signature format and syntax (Advanced ES) CEN E-SIGN Relying party/verifier User/signer ETSI ESI Telia Research AB György Endersz

  8. Phase 2 Deliverables Target: Annex I-IV requirements and interoperability Published in 4Q2000: • Policies for CSPs, ETSI TS 101 456 • Profile for Qualified Certificates, ETSI TS 101 862 • Electronic Signature Formats, ETSI TS 101 733 Telia Research AB György Endersz

  9. Deliverables... Published in 1-2Q2001: • Security Requirements for Trustworthy Systems CEN/ISSS CWA • Security Requirements for SSCDs, CEN/ISSS CWA • Signature Creation Process and Environment CEN/ISSS CWA • Signature Verification Process and Environment CEN/ISSS CWA Telia Research AB György Endersz

  10. Deliverables... • Time Stamping Profile ETSI TS 101 861, waiting for IETF RFC number of mother document, by early 1Q2001 • Conformity Assessment Guidance, Part 1 CEN/ISSS CWA Telia Research AB György Endersz

  11. Requirements for Certification Service Providers (CSPs) • Functional, quality and security requirements expressed in Certificate Policy and security controls • Consistent requirements to provide the basis for implementation, audit and approval • Current work responds to Directive requirements for CSPs issuing Qualified Certificates, Annex II • Requirements for other class(es) to meet market needs Telia Research AB György Endersz

  12. Obligations & Liability Subscriber Relying Party Issuing CSP Directory RA • Baseline Requirements • Security Management • PKI • Organisational Qualified Certificate Policies - QCP Public - QCP Public + SSCD - Framework for other QCPs Telia Research AB György Endersz

  13. Trustworthy Systems for CSPs Technical security requirements for products and technology components used by CSPs to create certificates for the use of advanced signatures. To meet security requirements stated in the work area „Requirements for CSPs“. Seek consistent overlap of specifications. The use of FIPS 140-1 is considered for the cryptographic module requirements until European specifications become available (Phase 3 action). Telia Research AB György Endersz

  14. Profile for Qualified Certificate (QC) • Standard for the use of X.509 public key certificates as qualified certificates • European profile based on current IETF PKIX draft as required by Annex I of the Directive Telia Research AB György Endersz

  15. Qualified Certificate Statements The profile uses, as an option, the private extension defined in the IETF QC profile, to include the following explicit statements of the Issuer: • Statement claiming that the certificate is issued as a Qualified certificate. OID will point to relevant policy standard • Statement regarding limits on the value of transactions for which the certificate can be used • Statement regarding the retention time of identification data Telia Research AB György Endersz

  16. SSCD: the trusted element at the user • EU-directive requires SSCD to be evaluated and „confirmed“ by national bodies • A specific Common Criteria Protection Profile will address appropriateness • It reflects the requirements regulated in Annex III of the signature Directive • It is aimed to remain technology neutral as long as security is not impaired • Use of SSCD to be represented in QC SSCD: Secure Signature Creation Device Telia Research AB György Endersz

  17. TOE TOE The Scenario The SSCD is the device „getting in touch“ with the private key. The SSCD comprises the whole lifecycle. The SSCD assumes an appropriate environment for its application. Trusted paths are offered to meet security requirements. Telia Research AB György Endersz

  18. Electronic Signature Formats • Defines interoperable syntax and encoding for signature, • validation data and signature policy. Builds on exiting • PKI and digital signature standards • Format part approved by the IETF as an Informational RFC, the Signature Policy part as an IETF Experimental Protocol • Co-operative implementation project in preparation to validate standard and provide free software • Aim: to harmonise development with XML signatures and create XML version (Phase 3) action. Telia Research AB György Endersz

  19. ETSI Electronic Signature Signers Structures ES = The ETSI Electronic Signature as generated by the signer. Telia Research AB György Endersz

  20. ETSI ES-T and ES-C Verifiers Structures Unsigned attributes added for long term verification ES-T = The ETSI Timestamp Electronic Signature. Timestamp attribute may be absent, if secure records prove the time of the ES ES-C = The ETSI complete Electronic Signature with references to all information needed to check its validity Telia Research AB György Endersz

  21. Format and Protocol for Time Stamp • Profile based on current IETF PKIX draft • Time stamps used for signature validation, e.g. in ES 201 733 Electronic Signature Formats • Harmonisation of ISO-IETF activities: IETF draft may become a compatible subset of the ISO specifications Telia Research AB György Endersz

  22. Roadmap of Phase 3 Activities (2001) Certification Service Provider Time Stamping Authority Alternative Requirements for CSPs * Requirements for TSAs * Trustworthy Systems * CA status and validation by RP * Time Stamping Format&Protocol Qualified certificate Signature valida-tion process and environment Signature Creationdevice * Signature creation process and environment Signature format * and syntax in XML Relying Party/Verifier User/Signer *Phase 3 Telia Research AB György Endersz

  23. EESSI Phase 3 Activities (2001) CEN/ISSS: • Security Requirements for Trustworthy systems - Finalisation of the General Security Requirements - Protection Profile for Cryptographic Modules used by CSPs • Security requirements for Signature Creation Devices in different environments and types of use - Guidance for writing Security Targets for different types of SSCDs, such as smart cards, mobile phones and PDAs - Security requirements for SCDs in e-commerce using 5.2 signatures Telia Research AB György Endersz

  24. Phase 3 Activities….. • Security Requirements for Cryptographic Modules - Common Criteria PP to protect the CA private key and the certificate signing process - International harmonisation: the aim is to liase with NIST - CC MRA: Arrangement on the Mutual Recognition of CC Certificates in the Field of IT Security Telia Research AB György Endersz

  25. Phase 3 Activities….. ETSI ESI WG: • Security management and certificate policy for CSP issuing Trusted Time-Stamps • Requirements for CSPs issuing certificates, which meet classes of requirements different from those for qualified certificates • Electronic Signature syntax and encoding formats in XML • Technical aspects of signature policies • Harmonised provision of CSP status information Telia Research AB György Endersz

  26. CSP status information for Relying Parties • National schemes include procedures to make such information available, e.g. CSP not able to fulfill obligations, failed audit, etc. Gray zone between accreditation/supervision and technical interoperation • A framework and simple formats and mechanisms are needed to store and retrieve such information so as to become available (on-line) over domain borders • Work item to assess infrastructure and interoperability requirements and suggest solutions. • Co-operation with national schemes via EESSI and ESI membership Telia Research AB György Endersz

  27. CA (TSP) Status information CA status info provider CA CA status and validation by RP Qualified certificate Signature valida-tion process and environment Signature Creationdevice * Signature creation process and environment Relying Party/Verifier User/Signer Telia Research AB György Endersz

  28. CA (TSP) Status information • Items to harmonise regarding status info: • Content and format • Distribution, storage and management • Technical means to find, access and validate information • Measures to ensure trust and security Telia Research AB György Endersz

  29. Phase 3 Activities……. • Algorithm GroupExpert group providing guidance on cryptographic algorithms and parameters in EESSI standards.Regular review and maintenance of specifications • Reference implementation of ES Format standardFunded activity with the aim of validating the standards ES-format, QC-profile and Time Stamp. Promote applications by releasing source code. Telia Research AB György Endersz

  30. Phase 3 Activities……Currently discussed • Use of smart cards for creating electronic signatures • Requirements for CSPs issuing attribute certificates • Signature policy for common business practices Telia Research AB György Endersz

  31. International Perspectives • Recognition of conformance to SSCD requirements CC MRA: Arrangement on the Mutual Recognition of CC Certificates in the Field of IT Security Similar ambition with Trustworthy Systems • Cross-recognition of “certification policy” Assessment of policy mapping between US Federal PKI and ETSI-EESSI requirements • Harmonization of interoperability standards Use of existing standards (ISO, IETF), liaisons under development (W3C, WAP Forum, EDI/XML) and submissions to IETF Telia Research AB György Endersz

  32. References • ETSI: http://www.etsi.org/sec/el-sign.htm Sign up from Web-site to open El Sign mailing list • CEN: http://www.cenorm.be/isss/workshop/e-sign • EESSI: http://www.ict.etsi.org/eessi/EESSI-homepage.htm Telia Research AB György Endersz

More Related