1 / 27

Petrina Gillman (410)854-4527 plgillm@radium.ncsc.mil

Department of Defense High Assurance PKI Implementation & Operations RSA Conference 17 January 2000. Petrina Gillman (410)854-4527 plgillm@radium.ncsc.mil. Operational Requirements. Provide high assurance security Scaleable to 2 million users Immediate PKI service

gerd
Télécharger la présentation

Petrina Gillman (410)854-4527 plgillm@radium.ncsc.mil

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Department of DefenseHigh Assurance PKI Implementation & OperationsRSA Conference17 January 2000 Petrina Gillman (410)854-4527 plgillm@radium.ncsc.mil

  2. Operational Requirements • Provide high assurance security • Scaleable to 2 million users • Immediate PKI service • Flexible & deployable

  3. Selected Technology - 1995 • V1 Jumbo x.509 certificate • Certification Authority Workstation • Fortezza hardware tokens

  4. Policy Approving Authority (PAA) Policy Creation Authority Policy Creation Authority Certification Authority Certification Authority Certification Authority Registration Authority Registration Authority Registration Authority User Community

  5. Operational PKI PAA US/US Government Sensitive-but- Unclassified SCI SECRET TOP SECRET PCA PCA PCA PCA PCA PCA Intel DoD DoD CIV DoD CIV .... .... .... .... .... .... .... .... .... .... CA CA CA CA CA CA CA CA CA CA FORTEZZA FORTEZZA FORTEZZA FORTEZZA FORTEZZA FORTEZZA FORTEZZA FORTEZZA Crypto Card FORTEZZA FORTEZZA Crypto Card Crypto Card Crypto Card Crypto Card Crypto Card Crypto Card Crypto Card Crypto Card Crypto Card Group Technologies Group Technologies Group Technologies Group Technologies Group Technologies Group Technologies Group Technologies Group Technologies Group Technologies Group Technologies

  6. What security should a PKI provide? The primary purpose is to establish TRUST • I am who I say I am • I hold the private key that corresponds to the public key in my certificate • I am allowed to be a part of the community

  7. Public Key Infrastructure Operations • Trusted Registration & Establishment Process • Privilege Management • Ordering • Key and Certificate Generation • Distribution • Certificate Repository/Directory • Rekey, Renew and Update • Trusted Registration & Establishment Process • Privilege Management • Ordering • Key and Certificate Generation • Distribution • Certificate Repository/Directory • Rekey, Renew and Update • Trusted Registration & Establishment Process • Privilege Management • Ordering • Key and Certificate Generation • Distribution • Certificate Repository/Directory • Rekey, Renew and Update • Trusted Registration & Establishment Process • Privilege Management • Ordering • Key and Certificate Generation • Distribution • Certificate Repository/Directory • Rekey, Renew and Update • Trusted Registration & Establishment Process • Privilege Management • Ordering • Key and Certificate Generation • Distribution • Certificate Repository/Directory • Rekey, Renew and Update • Trusted Registration & Establishment Process • Privilege Management • Ordering • Key and Certificate Generation • Distribution • Certificate Repository/Directory • Rekey, Renew and Update • Trusted Registration & Establishment Process • Privilege Management • Ordering • Key and Certificate Generation • Distribution • Certificate Repository/Directory • Rekey, Renew and Update • Trusted Registration & Establishment Process • Privilege Management • Ordering • Key and Certificate Generation • Distribution • Certificate Repository/Directory • Rekey, Renew and Update • Trusted Registration & Establishment Process • Privilege Management • Ordering • Key and Certificate Generation • Distribution • Certificate Repository/Directory • Rekey, Renew and Update

  8. Public Key Infrastructure Operations • Accounting/Tracking • Compromise Management & Recovery • Revocation • Audit • Archive • Data Recovery • Disaster Recovery • Customer Support/Technical Assistance

  9. Operational Challenges PKI Operations must be trustworthy • Distributed Operations • Trusted Registration & Establishment • CA establishment • User registration • Privilege Management • Compromise Management & Certificate Revocation

  10. Operational Challenges • Audit • Archive • Cross Certification • Disaster Recovery • Technical Assistance

  11. Challenge: Secure and trustworthy certificate management operations across a distributed infrastructure of over 700 Certification Authorities Solutions: Mandatory Initial and Upgrade Training Comprehensive operational documentation and procedures Trusted Distributed PKI Operations

  12. Certificate Management Operational Policy • Security Policy/Certification Practice Statement • Infrastructure Concept of Operations • Certification Authority Establishment Guide • Certification Authority Procedural Handbook

  13. Trusted CA Establishment Process • Challenge: Trusted process for enrollingnew Certification Authorities • Solution: Implemented process requiringan accountable third party to authorize the request

  14. Privilege Management • Challenge: Provide CertificationAuthority with appropriate privileges • Solution: Establish policy setting minimums for security critical privileges. Allow local specification of other privileges with third party approval. • Technical Mechanism: The Root CA establishes privileges of the subordinate CA by generating and digitally signing a configuration file

  15. User Registration Process • Challenge: Establish a process which promotes and supports the PKI security goals • HARD PROBLEM: Direct trade-off between security and operational flexibility/ease-of-use • Decision: Security requires in-person verification through contact with Certification Authority/Registration Authority

  16. Compromise Management & Certificate Revocation • Effective mechanisms for removing users from the infrastructure • Two lists • Certificate revocation list • Compromised Key List

  17. Lessons LearnedCompromise Management & Certificate Revocation • Push Distribution by PKI to users is hard • Pulling by users is unlikely • Near-term solutions: Servers (web and directory), Self-subscribing mail lists, direct mail • Significant technical and operational challenge

  18. Audit • Challenge: Ensure only authorized individuals performing authorized actions. • Solutions: • ISSO audit of CA with audit tool • Root CA audit of subordinate CAs • Goals: • User friendly audit processing tool • On-line audit system for PKI

  19. Archive • Challenge: Long-term archival storage of certificate management information • Interim Solution: Weekly storage of complete system backups and signed archive utility data • Goal: Legal system and technologist partnership to devise permanent solution

  20. Root Certification Authority FORTEZZA U.S. Government Policy Approving Authority Policy Creation Authority Policy Creation Authority Certification Authority Certification Authority Sally Bob Cross Certification

  21. Disaster Recovery • Challenge: Rebuild infrastructure components and operations in case of site disaster. • Solutions: • Dedicated back-up site for Root CAlevels of hierarchy • Off-site storage of CA system backup

  22. Customer Support/Technical Assistance Center • Challenge: Provide end users and certification authorities with technical assistance • 24/7 Telephone support • E-mail Support • Web site documentation and forms • Fax-back support via EnterpriseCommunication Server • Fed Ex or U.S. Postal Service

  23. Lessons Learned • Need a complete solution • Limit the number of CAs • Mandatory user education • Large scale, timely disseminationof compromise management and certificate revocation is difficult

  24. Lessons Learned • Meaningful Audit Analysis is tough • Archive Requirements must be defined • Cross Certification Operational Feasibility Unclear • Need to plan and fund Disaster Recovery • Need to plan and fund Technical Assistance

  25. What’s next in 2000 • Transition PKI to new certificate policy and practice statement • New software support for Version 3 Certificates and V2 CRLs • Enhanced access controls • Implement Indirect Certificate Revocation List Authority

  26. Questions?

More Related