TAG Presentation 18th May 2004 Paul Butler ABC’s of PKI TAG Presentation 18th May 2004 Paul Butler

Agenda Role of trust PKI concepts PKI components Management framework Passport signing requirement Deployment issues Operational Issues Guidance

Security Model Must answer the questions: What data are we protecting? integrity of biometric information on chip in passport Why are we protecting it? Maintain integrity of passport Who or what are we protecting it against? Those who would seek to alter data to falsify passport When are we protecting it? Throughout the life of the passport For passport issuers, the model revolves around TRUST

The Role of Trust Trust is usually based on some form of identity Direct Trust Based on personal relationship, where trust is handled directly Breaks down when too many members in trusted relationship to handle directly Third Party trust Trust in individual changes to trust in a system Passports represent the national identity of an individual

PKI Concept Public Key Infrastructure based on asymmetric cryptography. Relies on a key pair, one private and one public Private key is secret Public key is freely available, linked to identity of certificate owner Private key cannot be computed from public key Concept is then applied into applications Mathematical construct known as trapdoor algorithm developed in the 1970’s supports concept of public and private keys implemented in software. Public key is readily available, private key is not. “Computationally unfeasible” to derive private key from public key. Used for electronic signature (signing key) or for encrypting data (encryption key). Need to ensure supporting technology 9encryption algorithm and key length stay current so this continues to be true

Public Key Infrastructure Business uses include: Authentication of identity for individual, organization or device (authentication) Confirmation that data has not been tampered with (integrity) Confirmation that transaction took place (non-repudiation) Maintain data confidentiality (encryption) Guarantee that transaction took place at specific time (secure time stamp)

PKI Components Mechanism to issue certificates Certificate authority (CA) Mechanism to validate certificates Directory services Certificate Revocation List Key history Potentially, source of trusted time for stamping Controlled Process to enroll and manage certificate holders - Registration Authority (RA) Process to revoke certificates which are no longer valid (distinct from rollover of expired certificate keys) Processes defined by certificate policy (CP) and certification practice statements (CPS)

Passport PKI Requirement New passports to include biometric identifier on chip. Concerns about tampering (integrity) led to need for PKI signature to confirm data on chip unchanged since production of TD (integrity) PKI does NOT guarantee identity of passport holder – it guarantees that TD biometric is unchanged since production by a specific producer (non-repudiation) Based on DIGITAL SIGNATURE Use of encryption not a current requirement

Use of digital signature During passport print process, data chip will be loaded CA will be requested for a signature Signature and certificate will be added to chip Chip is then locked to prevent further write operations

PKI Signing Process To sign a document: A hash is prepared derived from the document content It is encoded with the signing algorithm from the signer’s PRIVATE KEY The signature and a copy of the public key certificate is attached to the document It is then available for validation

PKI Signing Process (2) To validate the signature: The PUBLIC KEY is used to prepare a hash of the document using the same signing key algorithm as the private key The new hash is compared with the original If they are the same, it proves that the document is unchanged since it was signed For a TD, it means that TRUST can be placed on the validity of the document

PKI Signing Process (3) If relying party wishes to further validate the certificate, a path must exist to the CA which issued the certificate Check validity of issuer Check certificate not revoked Implies border crossing points must have internet facing capability linked to card readers which can go to a source and validate that the certificate presented is in fact valid No such infrastructure is yet in place

Deployment Issues Need for international standards among TD producers for mutual acceptance of biometric, PKI-authenticated TD’s Need for accreditation process to accept each new national CA into infrastructure Complex management challenge Need to incorporate passport CA with national policy for PKI administration Align with national trust model

Operational Issues Process for adoption of new technology standards Essential to maintain underlying cryptographic technology current All nations move ahead together Avoid complexity of cross certification by publishing certificates in common location Location must be specified from outset in certificate

Key management To reduce risk of compromise, key should “roll over” frequently Need to maintain key history for lifetime of passport issued under that key In event of compromise, publish compromised certificate data to Certificate revocation list (directory) Secure time stamping could be used to determine when a compromise occurred, or for calculations regarding validity period of passport If key is compromised, all signatures issued by that key become invalid Therefore need to keep the “window” as small as operationally feasible

Guidance Common tendency to focus on underlying technology – wrong! PKI is 20% technology, 80% process Key element lies in “trust model” To be trusted, technology must be supported by business processes which demonstrate the integrity of the PKI Entitlement processes must match integrity levels of entitlement process – no more, no less Setting up a CA is technically fairly simple Processes to manage

Questions?