PKI in US Higher Education -Dartmouth PKI Initiatives (Scott Rea) Fed/Ed December 2007

Overview What are the drivers for PKI in Higher Education? Stronger authentication to resources and services of an institution Better protection of digital assets from disclosure, theft, tampering, and destruction More efficient workflow in distributed environments Greater ability to collaborate and reliably communicate with colleagues and peers Greater access (and more efficient access) to external resources Facilitation of funding opportunities Compliance

Overview What are the barriers for PKI in Higher Education? Cost Complexity Resources Interoperability The Perfect Solution Leadership (research & administrative)

Identity Theft – A Major Threat Identify theft was the fastest growing crime in America it has reached more of a plateau recently It is still a very significant threat The number of US adult victims of identity fraud decreased from 10.1 M in 2003 and 9.3 M in 2005 to 8.9 M in 2006 and 8.4 million in 2007. Total one year fraud amount decreased from $55.7 billion in 2006 to $49.3 billion in 2007 The mean fraud amount per fraud victim decreased from $6,278 in 2006 to $5,720 in 2007 The mean resolution time was at a high of 40 hours per victim in 2006 and was reduced in 2007 to 25 hours per victim Source: 2006 Javelin Survey

Campuses Are A Prime Target NY Times Dec 18, 2006: “…educational institutions have particularly acute problem when it comes to nation's leaky data issue; study by Public Policy Institute for AARP last July, using data compiled by Identity Theft Resource Center, determined that of 90 million records reportedly compromised in various breaches between Jan 1, 2005, and May 26, 2006, 43 percent were at educational institutions.” Data is accessed from stolen computers and laptops or by hackers capturing data on unprotected networks Other targets include dumpster diving for, or direct theft of financial data records

Students Frequently Victimized 1 in 3 victims is under 30 years old. Common risks: Compromise of passwords protecting sensitive data Stolen laptops or weak or no passwords on sensitive, or no encryption on data/passwords traversing networks Dormitory burglaries Driver’s license/student ID theft Credit card offers 30% of students throw these out without destroying them. Social Security numbers 48% of students have had grades posted by Social Security number

Beware Hackers and Thieves Dartmouth College: July 2004 Security Incident Potential 17,000 Dartmouth affiliates affected HR staff keeping unencrypted personal data on servers that anyone with a password could access 8 servers impacted FBI investigated with assistance from student security researchers in Prof. Sean Smith’s Computer Science group Network vulnerability assessments on a regular basis were recommended eTokens now deployed as mandatory requirement for HE staff who require access to this data http://www.dartmouth.edu/comp/support/library/safecomputing/threats/id-theft/incidents/2004-07-28.html

How Do We Protect Our Students/Staff/Faculty While debate continues on what type of technology is best suited to prevent identity theft, many experts believe that a combination of PKI infrastructure and two-factor authentication offers the greatest promise of protection. Source: Financial Services Technology, Preventing Identity Theft

Authentication Factors Three Factors of Authentication: Something you know e.g. password, secret, URI, graphic Something you have e.g. key, token, smartcard, badge Something you are e.g. fingerprint, iris scan, face scan, signature

Authentication Factors Single Factor of Authentication is most common Passwords (something you know) are the most common single factor At least Two Factor Authentication is recommended for securing important assets e.g. ATM card + PIN (have + know) 2 x Single Factor Authentication ≠ Two Factor Authentication e.g. Password + Graphic is NOT equivalent to Smartcard + PIN (although it may be better than a single instance of One Factor Authentication) Without Two Factor Authentication, some secure communications may be vulnerable to disclosure Especially in wireless networks

Password Authentication General issues with Authentication using Password technology Passwords easily shared with others (in violation of access policy) Easily captured over a network if no encrypted channel used Vulnerable to dictionary attacks even if encrypted channels are used Weak passwords can be guessed or brute forced offline Vulnerable to keyboard sniffing/logging attacks on public or compromised systems Cannot provide non-repudiation since they generally require that the user be enrolled at the service provider, and so the service provider also knows the user's password Vulnerable to Social Engineering attacks Single factor of Authentication only

Password Authentication Definition of a Weak Password The password contains less than eight characters The password is a word found in a dictionary (English or foreign) The password is a common usage word such as: Names of family, pets, friends, co-workers, fantasy characters, etc. Computer terms and names, commands, sites, companies, hardware, software. Words using the company name or any derivation. Birthdays and other personal information such as addresses and phone numbers. Word or number patterns like aaabbb, qwerty, zyxwvuts, 123321, etc. Any of the above spelled backwards. Any of the above preceded or followed by a digit (e.g., secret1, 1secret)

Password Authentication Definition of a Strong Password Contain both upper and lower case characters (e.g., a-z, A-Z) Have digits and punctuation characters as well as letters (e.g., 0-9, !@#$%^&*()_+|~-=\`{}[]:”;’<>?,./) Are greater than eight alphanumeric characters long. Are not a word in any language, slang, dialect, jargon, etc. Are not based on personal information, names of family, etc. Passwords should never be written down or stored on-line without encryption protection.

Password Authentication Specific issues with Authentication using Password technology Too many passwords to remember if requiring a different one for each application Leads to users writing them down and not storing them securely Leads to use of insecure or weak passwords (more secure ones are generally harder to remember) Leads to higher helpdesk costs due to resetting of forgotten passwords. Leads to re-use of passwords outside Dartmouth’s domain where protection mechanisms may be much lower

Password Authentication Specific issues with Authentication using Password technology Potential single point of failure for multiple applications if same password used Strong passwords not consistently supported in all applications Weak passwords leads to widespread compromises Passwords not consistently protected for all applications Password expiration not synchronized across applications Limited character set for input No control over use of passwords outside Dartmouth’s domain Offline attacks against passwords may be possible

Reducing Password Reliance at Dartmouth Dartmouth’s research into PKI has been leveraged to begin reducing reliance on single factor authentication such as passwords Roll out of PKI based services started with small scale pilots, expanded to limited production for critical services, followed by broad adoption for faculty, students, and staff

Dartmouth’s Solution Dartmouth’s Solution to Password vulnerabilities -Public Key Infrastructure (PKI) PKI consists of a key pair – 1 public, stored in a certificate, 1 private, stored in a protected file or smartcard Allows exchange of session secrets in a protected (encrypted) manner without disclosing private key PKI lets users authenticate without giving their passwords away to the service that needs to authenticate them Our own password-hunting experiences, written up in EDUCAUSE Quarterly, shows that users happily type their user ID and password into any reasonable-looking web site, because so many of them require it already. PKI is a very effective measure against phishing

Dartmouth’s Solution Dartmouth’s Solution to Password vulnerabilities -Public Key Infrastructure (PKI) PKI lets users directly authenticate across domains Researchers can collaborate more easily Students can easily access materials from other institutions providing broader educational opportunities PKI allows decentralized handling of authorization Students on a project can get access to a web site or some other resource because Prof Smith delegated it to them PKI simplifies this process – no need for a centralized bureaucracy, lowers overheads associated with research Private key is never sent across the wire so cannot be compromised by sniffing Not vulnerable to dictionary attacks Brute force is not practical for given key lengths Facilitates encryption of sensitive data to protect it even if a data stream or source is captured by a malicious entity

Dartmouth’s Solution Dartmouth’s Solution to Password vulnerabilities -Public Key Infrastructure (PKI) 1024-bit keys are better than 128 character passwords (they are not subject to a limited character input set) This is far stronger than our current Blitzmail or DND password based authentication As one researcher said recently “the Sun will burn out before we break these” Quote from Prof Smith: “In the long run: user authentication and authorization in the broader information infrastructure is a widely recognized grand challenge. The best bet will likely be some combination of PKI and user tokens.” Failing to look ahead in our IT choices means failing in our research and educational mission.

Dartmouth’s Solution Dartmouth’s Solution to Password vulnerabilities -Public Key Infrastructure (PKI) Browsers now have better support for PKI, making it very useable for everyday users Vendors recognize the importance of this technology to securing digital assets The ubiquitous browser interface can now be a tool for secure and confidential communications Dartmouth no longer needs to be concerned with maintaining bolt-on security mechanisms like SideCar which has Kerberos version compatibility issues, open port through firewall issues etc. etc. Critical educational applications like Banner and Blackboard can now be securely access via PKI right from any browser

PKI at Dartmouth Dartmouth’s PKI History Dartmouth has been providing PKI leadership since 2000 across many sectors – not just Higher Education Dartmouth has run a production Certificate Authority on campus for 4 years There are currently over 12,500 active certificates in circulation, issued by the Dartmouth CA Secure Wireless authentication is PKI based using EAP-TLS The default for WebAuth authentication on the Dartmouth campus is PKI Dartmouth facilitates Two Factor Authentication through PKI and Aladdin eTokens Distribution of over 2,250 eTokens to Faculty, Staff, and Students on campus eToken distribution to Freshmen for past three years

PKI at Dartmouth Dartmouth’s PKI History Dartmouth established a PKI Lab in 2000 and performs PKI Outreach to the HE community Dartmouth built and operates the Higher Education Bridge Certificate Authority (HEBCA) for EDUCAUSE. HEBCA is a mechanism for allowing trust and interoperability between all US HE institutions, the US federal government, and other communities of interest Dartmouth built the US Higher Education Root (USHER) infrastructure for Internet2, and created the first USHER CA – a common policy framework for establishing trust and PKIs in HE. (NOTE: this CA is now located at Internet2 using the InCommon infrastructure) Dartmouth is a founding member of The Americas Grid Policy Management Authority (TAGPMA) who sets PKI policy and accredits grid authentication service providers within the International Grid Trust Federation

PKI at Dartmouth Dartmouth’s PKI History Dartmouth developed the CA-in-a-box distribution to reduce the set up costs and complexity for entities wanting to run their own PKI Certification Authority This is used in Grid-related authentication services (a recent example is the Texas Advanced Computing Center) This is also used by institutions of higher education for CA services (e.g. Cornell University) Dartmouth developed the AirGap solution to securely connect offline Certification Authorities with highly available online Directories This device was constructed for under $100 and provided the HEBCA and USHER projects with up to $200,000 in potential savings This solution is now used by federal agencies, commercial entities, and institutions of higher education This solution was voted the #1 beneficial hack or inspired workaround by InfoWorld in its May 2006 edition Dartmouth is currently developing a “free-to-higher-education-and-research-institution” CA platform to be distributed via Internet2 Based on CAPSO from IAIK (JCE product) Production sites include Dartmouth, Graz University, Austrian Government PKI

PKI at Dartmouth Dartmouth’s PKI History Dartmouth is the developer of the Greenpass project - a PKI based method of delegating access authorization to a restricted network for guests visiting another institution This project generated intense interest from industry giants such as Cisco and Intel, enough for them to provide large research grants for its further development and invite talks and demonstrations to their internal campuses Dartmouth is the site for the development of the next generation of OpenCA for PKI services, partially funded by Sun Microsystems. Massimiliano Pala (the existing OpenCA Project Manager) is a visiting post-doctoral fellow for this purpose (from January 2007) Dartmouth through Prof. Smith, was awarded a prestigious multi-million dollar "NSF CAREER" grant explicitly about making PKI usable The CAREER program recognizes and supports the early career-development activities of those teacher-scholars who are most likely to become the academic leaders of the 21st century. Prof. Smith is studying how to use PKI and trusted computing technology to build trustworthy relationships among users spanning many organizations. Dartmouth has been regularly sought out for, and provided PKI consulting and advice to a multitude of industry sectors including: federal government banking industry pharmaceutical industry technological sector higher education

Strengthening PKI at Dartmouth Standard PKI is single factor authentication – it is something you have (a private key) Storing the private key in a secure place and protecting access to it with a passphrase creates Two Factor Authentication (i.e. private key [something you have] and passphrase [something you know]) But storing a private key in software ONLY means it can be copied to many places – some of which may not be secure – potentially reducing this to single factor only (the passphrase protecting the private key) and also making it vulnerable to offline attacks Storing the key in a FIPS-140 authenticated PKI hardware module ensures the private key only has a single instance - But a single instance can be restricting unless it is very portable

Strengthening PKI at Dartmouth Smartcards or USB Tokens are very portable hardware options. The USB Token is usually favored over smartcards due to the additional cost of the latter option requiring readers everywhere the card is to be used (USB is mostly ubiquitous) Dartmouth chose Aladdin eToken as its partner for PKI hardware modules after an evaluation of available products utilized for this purpose Aladdin eToken is a house key sized HSM that protects PKI keys and can also perform other information security functions Dartmouth began rolling out to freshmen 4 years ago, also targeted faculty and staff are required to carry them for compliance (FERPA, HIPAA) reasons

Strengthening PKI at Dartmouth Dartmouth started with 16K version eToken – now using 64K version that allows for stronger 2048-bit key sizes Aladdin also has combination devices that contain a standard flash memory chip (like a standards thumb drive) as well as the cryptography chip (delivering 2-for-1 functionality) Aladdin provides drivers for the eToken for the operating systems supported on the Dartmouth Campus – Windows, Linux, Mac OSX By spring 2008, all freshmen will have had a chance to obtain an eToken with a certificate and Dartmouth can start requiring Two Factor Authentication for applications with sensitive data (PKI is optional right now)

Creating Silos of Trust Institution Dept-1 Dept-1 Dept-1 USHER CA CA CA SubCA SubCA SubCA SubCA SubCA SubCA SubCA SubCA SubCA

LOA: Levels of Assurance Not all CAs are created equal Policies adhered to vary in detail and strength Protection of private keys Controls around private key operations Separation of duties Trustworthiness of Operators Auditability Authentication of end entities Frequency of revocation updates

HEBCA : Higher Education Bridge Certificate Authority Bridge Certificate Authority for US Higher Education Modeled on FBCA Provides cross-certification between the subscribing institution and the HEBCA root CA Flexible policy implementations through the mapping process The HEBCA root CA and infrastructure hosted at Dartmouth College Facilitates inter-institutional trust between participating schools Facilitates inter-federation trust between US Higher Education community and external entities

HEBCA What is the value presented by this initiative? HEBCA facilitates a trust fabric across all of US Higher Education so that credentials issued by participating institutions can be used (and trusted) globally e.g. signed and/or encrypted email, digitally signed documents (paperless office), etc can all be trusted inter-institutionally and not just intra-institutionally Extensions to the Higher Education trust infrastructure into external federations is also possible and proof of concept work with the FBCA (via BCA cross-certification) has demonstrated this inter-federation trust extension Single credential accepted globally Potential for stronger authentication and possibly authorization of participants in grid based applications Contributions provided to the Path Validation and Path Discovery development efforts

Solving Silos of Trust Institution FBCA Dept-1 Dept-1 Dept-1 HEBCA CAUDIT PKI USHER CA CA CA SubCA SubCA SubCA SubCA SubCA SubCA SubCA SubCA SubCA

HEBCA Project - Status What’s been done so far? Production HEBCA development phase complete Issues Resolved Discovery of a vulnerability in the protocol for indirect CRLs Inexpensive AirGap Citizenship requirements for Bridge-2-Bridge Interoperability Majority of supporting documentation finalized PKI Test Bed server instantiated PKI Interoperability Pilot migrated Reassessment of community needs Audit process defined and Auditors identified Participation in industry working groups Cross-certification with FBCA prototype completed Mapping to Grid PKI profiles completed Limited participation from schools & other organizations

Challenges and Opportunities Open Tasks Audit Updated Business Plan Promotion of PKI Test bed Validation Authority service Cross-certification with other HE PKI communities CAUDIT PKI (AusCERT) HE JP HE BR Cross-certification with other PKI communities IGTF ESNet

HEBCA Next Steps Convert limited production operations to fully operational Require drivers from community Institutions with mature PKIs Need for secure inter-enterprise transactions Require methods for self-supporting the infrastructure EDUCAUSE funding support ends 12/31/2007 Potential to support infrastructure from ancillary services Higher Education PKI and/or IGTF service provider (e.g. compete with the commercial vendors to issue end entity certificates) PKI consulting services – bootstrap, setup, deployment, audit etc Or retire the infrastructure

International Grid Trust Federation IGTF founded in Oct, 2005 at GGF 15 IGTF Purpose: Manage authentication services for global computational grids via policy and procedures IGTF goal: harmonize and synchronize member PMAs policies to establish and maintain global trust relationships IGTF members: 3 regional Policy Management Authorities EUgridPMA APgridPMA TAGPMA 50+ CAs, 50,000+ credentials

IGTF

IGTF general Architecture The member PMAs are responsible for accrediting authorities that issue identity assertions. The IGTF maintains a set of authentication profiles (APs) that specify the policy and technical requirements for a class of identity assertions and assertion providers. The management and continued evolution of an AP is assigned by the IGTF to a specific member PMA. Proposed changes to an AP will be circulated by the chair of the PMA managing the AP to all chairs of the IGTF member PMAs. Each of the PMAs will accredit credential-issuing authorities and document the accreditation policy and procedures. Any changes to the policy and practices of a credential-issuing authority after accreditation will void the accreditation unless the changes have been approved by the accrediting PMA prior to their taking effect.

EUGridPMA members and applicants Green: EMEA countries with an Accredited Authority 23 of 25 EU member states (all except LU, MT) + AM, CH, HR, IL, IS, NO, PK, RU, TR Other Accredited Authorities: DoEGrids (.us), GridCanada (.ca), CERN, SEE catch-all

EUgridPMA Membership Under “Classic X.509 secured infrastructure” authorities accredited: 38 (recent additions: CERN-IT/IS, SRCE) active applicants: 4 (Serbia, Bulgaria, Romania, Morocco) Under “SLCS” accredited: 0 active applicants: 1 (SWITCH-aai) Under MICS draft none yet of course, but actually CERN-IS would be a good match for MICS as well Major relying parties EGEE, DEISA, SEE-GRID, LCG, TERENA

Map of the APGrid PMA General Membership U. Hong Kong (China) U. Hyderabad (India) Osaka U. (Japan) USM (Malaysia) Ex-officio Membership APAC (Australia) CNIC/SDG, IHEP (China) AIST, KEK, NAREGI (Japan) KISTI (Korea) NGO (Singapore) ASGCC, NCHC (Taiwan) NECTEC, ThaiGrid (Thailand) PRAGMA/UCSD (USA)

APgridPMA Membership 9 Accredited CAs In operation AIST (Japan) APAC (Australia) ASGCC (Taiwan) CNIC (China) IHEP (China) KEK (Japan) NAREGI (Japan) Will be in operation NCHC (Taiwan) NECTEC (Thailand) 1 CA under review NGO (Singapore) Will be re-accredited KISTI (Korea) Planning PRAGMA (USA) ThaiGrid (Thailand) General membership Osaka U. (Japan) U. Hong Kong (China) U. Hyderabad (India) USM (Malaysia)

TAGPMA

TAGPMA Membership Accredited Relying Parties In Review Argentina UNLP Brazilian Grid CA CANARIE (Canada)* DOEGrids* EELA LA Catch all Grid CA ESnet/DOE Office Science* Mexico UNAM REUNA Chilean CA TACC – Root Venezuela In Review FNAL NCSA – Classic/SLCS Purdue University TACC – Classic/SLCS Virginia USHER Relying Parties Dartmouth/HEBCA EELA OSG SDSC SLAC TeraGrid TheGrid LCG *Accredited by EUgridPMA

TAGPMA Bridge Working Group Recognition that there are different LOAs in the way some credential service providers operate Required by different applications More efficient ways of distributing Trust Anchors Interoperation with other trust federations Scott Rea is Chair, representatives from each regional PMA included

Proposed Inter-federations CA-2 CA-1 HE BR AusCert CAUDIT PKI CA-n NIH HE JP FBCA Cross-cert Cross-certs C-4 DST ACES Texas Dartmouth HEBCA Cross-certs IGTF Wisconsin UVA Univ-N USHER CertiPath SAFE CA-4 Other Bridges CA-1 CA-2 CA-3

E-Auth Level 4 E-Auth Level 3 E-Auth Level 2 E-Auth Level 1 FPKI E-Auth Level 4 High HEBCA/USHER Medium Hardware CBP High E-Auth Level 3 Medium Software CBP Medium Basic Classic Strong Basic E-Auth Level 2 Rudimentary Rudimentary C-4 IGTF Classic Ca Foundation E-Auth Level 1 SLCS MICS

Summary PKI facilitates a broader range of educational opportunities through decentralized authorization and cross-domain authentication with Federated identities The PKI solution provides a number of promising additional benefits - not just the required stronger authentication Dartmouth has a long history of PKI achievements and leadership across many sectors – not just higher education: Successful local PKI deployment, including 2-factor eTokens Operation of large PKI based communities of interest (HEBCA, USHER) Establishment of PKI governance bodies (HEBCA, TAGPMA) Development of PKI related technologies (CAPSO,CA-in-a-box, AirGap, Greenpass, OpenCA-NG) Participation, leadership and establishment of PKI based conferences and workshops (NIST PKI R&D, EuroPKI, EDUCAUSE PKI Summit) Prolific publishing of papers and invited talks and panels at PKI related conferences Grants for PKI related research from large industry corporations and government agencies (NSF, DHS, Cisco, Intel, Sun, Mellon Foundation)

Summary HEBCA needs to find a means of supporting its operations or else its time to bring out the moth balls until the community is ready CAPSO CA package should be ready for distribution from Internet2 in a VM image format in early 2008 Dartmouth will continue its pursuit of PKI related projects within the Higher Education community

For More Information HEBCA Website: http://webteam.educause.edu/hebca/ Scott Rea - Scott.Rea@dartmouth.edu