180 likes | 194 Vues
This presentation covers the role of trust, PKI concepts and components, management framework, passport signing requirement, deployment and operational issues, and guidance on the security model.
E N D
ABC’s of PKI TAG Presentation 18th May 2004 Paul Butler
Agenda • Role of trust • PKI concepts • PKI components • Management framework • Passport signing requirement • Deployment issues • Operational Issues • Guidance
Security Model • Must answer the questions: • What data are we protecting? • integrity of biometric information on chip in passport • Why are we protecting it? • Maintain integrity of passport • Who or what are we protecting it against? • Those who would seek to alter data to falsify passport • When are we protecting it? • Throughout the life of the passport • For passport issuers, the model revolves around TRUST
The Role of Trust • Trust is usually based on some form of identity • Direct Trust • Based on personal relationship, where trust is handled directly • Breaks down when too many members in trusted relationship to handle directly • Third Party trust • Trust in individual changes to trust in a system • Passports represent the national identity of an individual
PKI Concept • Public Key Infrastructure based on asymmetric cryptography. Relies on a key pair, one private and one public • Private key is secret • Public key is freely available, linked to identity of certificate owner • Private key cannot be computed from public key • Concept is then applied into applications
Public Key Infrastructure • Business uses include: • Authentication of identity for individual, organization or device (authentication) • Confirmation that data has not been tampered with (integrity) • Confirmation that transaction took place (non-repudiation) • Maintain data confidentiality (encryption) • Guarantee that transaction took place at specific time (secure time stamp)
PKI Components • Mechanism to issue certificates • Certificate authority (CA) • Mechanism to validate certificates • Directory services • Certificate Revocation List • Key history • Potentially, source of trusted time for stamping • Controlled Process to enroll and manage certificate holders - Registration Authority (RA) • Process to revoke certificates which are no longer valid (distinct from rollover of expired certificate keys) • Processes defined by certificate policy (CP) and certification practice statements (CPS)
Passport PKI Requirement • New passports to include biometric identifier on chip. Concerns about tampering (integrity) led to need for PKI signature to confirm data on chip unchanged since production of TD (integrity) • PKI does NOT guarantee identity of passport holder – it guarantees that TD biometric is unchanged since production by a specific producer (non-repudiation) • Based on DIGITAL SIGNATURE
Use of digital signature • During passport print process, data chip will be loaded • CA will be requested for a signature • Signature and certificate will be added to chip • Chip is then locked to prevent further write operations
PKI Signing Process • To sign a document: • A hash is prepared derived from the document content • It is encoded with the signing algorithm from the signer’s PRIVATE KEY • The signature and a copy of the public key certificate is attached to the document • It is then available for validation
PKI Signing Process (2) • To validate the signature: • The PUBLIC KEY is used to prepare a hash of the document using the same signing key algorithm as the private key • The new hash is compared with the original • If they are the same, it proves that the document is unchanged since it was signed • For a TD, it means that TRUST can be placed on the validity of the document
PKI Signing Process (3) • If relying party wishes to further validate the certificate, a path must exist to the CA which issued the certificate • Check validity of issuer • Check certificate not revoked • Implies border crossing points must have internet facing capability linked to card readers which can go to a source and validate that the certificate presented is in fact valid • No such infrastructure is yet in place
Deployment Issues • Need for international standards among TD producers for mutual acceptance of biometric, PKI-authenticated TD’s • Need for accreditation process to accept each new national CA into infrastructure • Complex management challenge • Need to incorporate passport CA with national policy for PKI administration • Align with national trust model
Operational Issues • Process for adoption of new technology standards • Essential to maintain underlying cryptographic technology current • All nations move ahead together • Avoid complexity of cross certification by publishing certificates in common location • Location must be specified from outset in certificate
Key management • To reduce risk of compromise, key should “roll over” frequently • Need to maintain key history for lifetime of passport issued under that key • In event of compromise, publish compromised certificate data to Certificate revocation list (directory) • Secure time stamping could be used to determine when a compromise occurred, or for calculations regarding validity period of passport
Guidance • Common tendency to focus on underlying technology – wrong! • PKI is 20% technology, 80% process • Key element lies in “trust model” • To be trusted, technology must be supported by business processes which demonstrate the integrity of the PKI • Entitlement processes must match integrity levels of entitlement process – no more, no less