ABC's of PKI by gyvwpgjmtx


									ABC’s of PKI

TAG Presentation
 18th May 2004
  Paul Butler

•   Role of trust
•   PKI concepts
•   PKI components
•   Management framework
•   Passport signing requirement
•   Deployment issues
•   Operational Issues
•   Guidance
                Security Model
• Must answer the questions:
  – What data are we protecting?
     • integrity of biometric information on chip in passport
  – Why are we protecting it?
     • Maintain integrity of passport
  – Who or what are we protecting it against?
     • Those who would seek to alter data to falsify passport
  – When are we protecting it?
     • Throughout the life of the passport
• For passport issuers, the model revolves around

             The Role of Trust
• Trust is usually based on some form of identity
• Direct Trust
   – Based on personal relationship, where trust is
     handled directly
   – Breaks down when too many members in trusted
     relationship to handle directly
• Third Party trust
   – Trust in individual changes to trust in a system
   – Passports represent the national identity of an
               PKI Concept
• Public Key Infrastructure based on
  asymmetric cryptography. Relies on a key
  pair, one private and one public
  – Private key is secret
  – Public key is freely available, linked to identity
    of certificate owner
  – Private key cannot be computed from public
• Concept is then applied into applications

        Public Key Infrastructure

• Business uses include:
  – Authentication of identity for individual,
    organization or device (authentication)
  – Confirmation that data has not been tampered
    with (integrity)
  – Confirmation that transaction took place
  – Maintain data confidentiality (encryption)
  – Guarantee that transaction took place at
    specific time (secure time stamp)

                 PKI Components
• Mechanism to issue certificates
   – Certificate authority (CA)
• Mechanism to validate certificates
   –   Directory services
   –   Certificate Revocation List
   –   Key history
   –   Potentially, source of trusted time for stamping
• Controlled Process to enroll and manage certificate
  holders - Registration Authority (RA)
• Process to revoke certificates which are no longer valid
  (distinct from rollover of expired certificate keys)
• Processes defined by certificate policy (CP) and
  certification practice statements (CPS)                    7
   Passport PKI Requirement
• New passports to include biometric
  identifier on chip. Concerns about
  tampering (integrity) led to need for PKI
  signature to confirm data on chip
  unchanged since production of TD
• PKI does NOT guarantee identity of
  passport holder – it guarantees that TD
  biometric is unchanged since production
  by a specific producer (non-repudiation)

        Use of digital signature

• During passport print process, data chip
  will be loaded
• CA will be requested for a signature
• Signature and certificate will be added to
• Chip is then locked to prevent further write

        PKI Signing Process
• To sign a document:
  – A hash is prepared derived from the
    document content
  – It is encoded with the signing algorithm from
    the signer’s PRIVATE KEY
  – The signature and a copy of the public key
    certificate is attached to the document
  – It is then available for validation

      PKI Signing Process (2)
• To validate the signature:
  – The PUBLIC KEY is used to prepare a hash
    of the document using the same signing key
    algorithm as the private key
  – The new hash is compared with the original
  – If they are the same, it proves that the
    document is unchanged since it was signed
  – For a TD, it means that TRUST can be placed
    on the validity of the document
         PKI Signing Process (3)

• If relying party wishes to further validate the
  certificate, a path must exist to the CA which
  issued the certificate
   – Check validity of issuer
   – Check certificate not revoked
   – Implies border crossing points must have internet
     facing capability linked to card readers which can go
     to a source and validate that the certificate presented
     is in fact valid
   – No such infrastructure is yet in place
   Trust Model for Passport                                                                                                      Electronic Signature
           Signing                                                                                                                    Validation

                                                                                                                       Document Public Key
      Canadian                                               LDAP Directory of
                                Document                                                                                   lookup with
       Country                                              Public Keys (possible
                               Public Keys                                                                                chain of trust
     Signing CA                                               ICAO function)

   Country Signing
     CA issues
    Certificate to
                                                                                                                                        Passport scanned and
                                                                                                                                           digital signature
     Document                                                Key management by use
                                                                                                                                         confirmed by relying
     Signing CA                                              of short term validity
                                                             period for private signing

      Canadian                                                   Requires secure                                                          Passport signature
     Document                                                    environment to                                                            confirmed using
     Signing CA                                                  ensure non-
                                                                                                                                             public key
                                                                 repudiability of

   Chip in passport
 loaded with data and                                                                     Arriving Traveller
     signed during
  production process
using private (signing)

                                                                                                               Passport Holder

                      Passport provided to applicant

      Print Centre

                                                       Passport Holder
                                                                                    Trust Model for Passport Electronic
         Deployment Issues
• Need for international standards among
  TD producers for mutual acceptance of
  biometric, PKI-authenticated TD’s
• Need for accreditation process to accept
  each new national CA into infrastructure
  – Complex management challenge
• Need to incorporate passport CA with
  national policy for PKI administration
  – Align with national trust model
         Operational Issues
• Process for adoption of new technology
  – Essential to maintain underlying cryptographic
    technology current
  – All nations move ahead together
• Avoid complexity of cross certification by
  publishing certificates in common location
  – Location must be specified from outset in

            Key management
– To reduce risk of compromise, key should “roll over”
– Need to maintain key history for lifetime of passport
  issued under that key
– In event of compromise, publish compromised
  certificate data to Certificate revocation list (directory)
– Secure time stamping could be used to determine
  when a compromise occurred, or for calculations
  regarding validity period of passport

• Common tendency to focus on
  underlying technology – wrong!
   – PKI is 20% technology, 80% process
   – Key element lies in “trust model”
   – To be trusted, technology must be
     supported by business processes which
     demonstrate the integrity of the PKI
• Entitlement processes must match
  integrity levels of entitlement process – no
  more, no less


To top