1. PKI in US Higher Education -Dartmouth PKI Initiatives (Scott Rea) Fed/Ed December 2007

2. Overview What are the drivers for PKI in Higher Education?
Stronger authentication to resources and services of an institution
Better protection of digital assets from disclosure, theft, tampering, and destruction
More efficient workflow in distributed environments
Greater ability to collaborate and reliably communicate with colleagues and peers
Greater access (and more efficient access) to external resources
Facilitation of funding opportunities
Compliance

3. Overview What are the barriers for PKI in Higher Education? Cost
Complexity
Resources
Interoperability
The Perfect Solution
Leadership (research & administrative)

4. Identity Theft – A Major Threat
Identify theft was the fastest growing crime in America
it has reached more of a plateau recently
It is still a very significant threat
The number of US adult victims of identity fraud decreased from 10.1 M in 2003 and 9.3 M in 2005 to 8.9 M in 2006 and 8.4 million in 2007.
Total one year fraud amount decreased from $55.7 billion in 2006 to $49.3 billion in 2007
The mean fraud amount per fraud victim decreased from $6,278 in 2006 to $5,720 in 2007
The mean resolution time was at a high of 40 hours per victim in 2006 and was reduced in 2007 to 25 hours per victim
Source: 2006 Javelin Survey

5. Campuses Are A Prime Target
NY Times Dec 18, 2006: “…educational institutions have particularly acute problem when it comes to nation's leaky data issue; study by Public Policy Institute for AARP last July, using data compiled by Identity Theft Resource Center, determined that of 90 million records reportedly compromised in various breaches between Jan 1, 2005, and May 26, 2006, 43 percent were at educational institutions.”
Data is accessed from stolen computers and laptops or by hackers capturing data on unprotected networks
Other targets include dumpster diving for, or direct theft of financial data records

6. Students Frequently Victimized
1 in 3 victims is under 30 years old. Common risks:
Compromise of passwords protecting sensitive data
Stolen laptops or weak or no passwords on sensitive, or no encryption on data/passwords traversing networks
Dormitory burglaries
Driver’s license/student ID theft
Credit card offers
30% of students throw these out without destroying them.
Social Security numbers
48% of students have had grades posted by Social Security number

7. Beware Hackers and Thieves
Dartmouth College:
July 2004 Security Incident
Potential 17,000 Dartmouth affiliates affected
HR staff keeping unencrypted personal data on servers that anyone with a password could access
8 servers impacted
FBI investigated with assistance from student security researchers in Prof. Sean Smith’s Computer Science group
Network vulnerability assessments on a regular basis were recommended
eTokens now deployed as mandatory requirement for HE staff who require access to this data

8. How Do We Protect Our Students/Staff/Faculty
While debate continues on what type of technology is best suited to prevent identity theft, many experts believe that a combination of PKI infrastructure and two-factor authentication offers the greatest promise of protection.
Source: Financial Services Technology, Preventing Identity Theft

9. Authentication Factors
Three Factors of Authentication:
Something you know
e.g. password, secret, URI, graphic
Something you have
e.g. key, token, smartcard, badge
Something you are
e.g. fingerprint, iris scan, face scan, signature

10. Authentication Factors
Single Factor of Authentication is most common
Passwords (something you know) are the most common single factor
At least Two Factor Authentication is recommended for securing important assets
e.g. ATM card + PIN (have + know)
2 x Single Factor Authentication ≠ Two Factor Authentication
e.g. Password + Graphic is NOT equivalent to Smartcard + PIN (although it may be better than a single instance of One Factor Authentication)
Without Two Factor Authentication, some secure communications may be vulnerable to disclosure
Especially in wireless networks

11. Password Authentication
General issues with Authentication using Password technology
Passwords easily shared with others (in violation of access policy)
Easily captured over a network if no encrypted channel used
Vulnerable to dictionary attacks even if encrypted channels are used
Weak passwords can be guessed or brute forced offline
Vulnerable to keyboard sniffing/logging attacks on public or compromised systems
Cannot provide non-repudiation since they generally require that the user be enrolled at the service provider, and so the service provider also knows the user's password
Vulnerable to Social Engineering attacks
Single factor of Authentication only

12. Password Authentication
Definition of a Weak Password
The password contains less than eight characters
The password is a word found in a dictionary (English or foreign)
The password is a common usage word such as:
Names of family, pets, friends, co-workers, fantasy characters, etc.
Computer terms and names, commands, sites, companies, hardware, software.
Words using the company name or any derivation.
Birthdays and other personal information such as addresses and phone numbers.
Word or number patterns like aaabbb, qwerty, zyxwvuts, , etc.
Any of the above spelled backwards.
Any of the above preceded or followed by a digit (e.g., secret1, 1secret)

13. Password Authentication
Definition of a Strong Password
Contain both upper and lower case characters (e.g., a-z, A-Z)
Have digits and punctuation characters as well as letters (e.g., 0-9,
Are greater than eight alphanumeric characters long.
Are not a word in any language, slang, dialect, jargon, etc.
Are not based on personal information, names of family, etc.
Passwords should never be written down or stored on-line without encryption protection.

14. Password Authentication
Specific issues with Authentication using Password technology
Too many passwords to remember if requiring a different one for each application
Leads to users writing them down and not storing them securely
Leads to use of insecure or weak passwords (more secure ones are generally harder to remember)
Leads to higher helpdesk costs due to resetting of forgotten passwords.
Leads to re-use of passwords outside Dartmouth’s domain where protection mechanisms may be much lower

15. Password Authentication
Specific issues with Authentication using Password technology
Potential single point of failure for multiple applications if same password used
Strong passwords not consistently supported in all applications
Weak passwords leads to widespread compromises
Passwords not consistently protected for all applications
Password expiration not synchronized across applications
Limited character set for input
No control over use of passwords outside Dartmouth’s domain
Offline attacks against passwords may be possible

16. Reducing Password Reliance at Dartmouth
Dartmouth’s research into PKI has been leveraged to begin reducing reliance on single factor authentication such as passwords
Roll out of PKI based services started with small scale pilots, expanded to limited production for critical services, followed by broad adoption for faculty, students, and staff

17. Dartmouth’s Solution
Dartmouth’s Solution to Password vulnerabilities -Public Key Infrastructure (PKI)
PKI consists of a key pair – 1 public, stored in a certificate, 1 private, stored in a protected file or smartcard
Allows exchange of session secrets in a protected (encrypted) manner without disclosing private key
PKI lets users authenticate without giving their passwords away to the service that needs to authenticate them
Our own password-hunting experiences, written up in EDUCAUSE Quarterly, shows that users happily type their user ID and password into any reasonable-looking web site, because so many of them require it already.
PKI is a very effective measure against phishing

18. Dartmouth’s Solution
Dartmouth’s Solution to Password vulnerabilities -Public Key Infrastructure (PKI)
PKI lets users directly authenticate across domains
Researchers can collaborate more easily
Students can easily access materials from other institutions providing broader educational opportunities
PKI allows decentralized handling of authorization
Students on a project can get access to a web site or some other resource because Prof Smith delegated it to them
PKI simplifies this process – no need for a centralized bureaucracy, lowers overheads associated with research
Private key is never sent across the wire so cannot be compromised by sniffing
Not vulnerable to dictionary attacks
Brute force is not practical for given key lengths
Facilitates encryption of sensitive data to protect it even if a data stream or source is captured by a malicious entity

19. Dartmouth’s Solution
Dartmouth’s Solution to Password vulnerabilities -Public Key Infrastructure (PKI)
1024-bit keys are better than 128 character passwords (they are not subject to a limited character input set)
This is far stronger than our current Blitzmail or DND password based authentication
As one researcher said recently “the Sun will burn out before we break these”
Quote from Prof Smith: “In the long run: user authentication and authorization in the broader information infrastructure is a widely recognized grand challenge. The best bet will likely be some combination of PKI and user tokens.”
Failing to look ahead in our IT choices means failing in our research and educational mission.

20. Dartmouth’s Solution
Dartmouth’s Solution to Password vulnerabilities -Public Key Infrastructure (PKI)
Browsers now have better support for PKI, making it very useable for everyday users
Vendors recognize the importance of this technology to securing digital assets
The ubiquitous browser interface can now be a tool for secure and confidential communications
Dartmouth no longer needs to be concerned with maintaining bolt-on security mechanisms like SideCar which has Kerberos version compatibility issues, open port through firewall issues etc. etc.
Critical educational applications like Banner and Blackboard can now be securely access via PKI right from any browser

21. PKI at Dartmouth Dartmouth’s PKI History
Dartmouth has been providing PKI leadership since 2000 across many sectors – not just Higher Education
Dartmouth has run a production Certificate Authority on campus for 4 years
There are currently over 12,500 active certificates in circulation, issued by the Dartmouth CA
Secure Wireless authentication is PKI based using EAP-TLS
The default for WebAuth authentication on the Dartmouth campus is PKI
Dartmouth facilitates Two Factor Authentication through PKI and Aladdin eTokens
Distribution of over 2,250 eTokens to Faculty, Staff, and Students on campus
eToken distribution to Freshmen for past three years

22. PKI at Dartmouth Dartmouth’s PKI History
Dartmouth established a PKI Lab in 2000 and performs PKI Outreach to the HE community
Dartmouth built and operates the Higher Education Bridge Certificate Authority (HEBCA) for EDUCAUSE. HEBCA is a mechanism for allowing trust and interoperability between all US HE institutions, the US federal government, and other communities of interest
Dartmouth built the US Higher Education Root (USHER) infrastructure for Internet2, and created the first USHER CA – a common policy framework for establishing trust and PKIs in HE. (NOTE: this CA is now located at Internet2 using the InCommon infrastructure)
Dartmouth is a founding member of The Americas Grid Policy Management Authority (TAGPMA) who sets PKI policy and accredits grid authentication service providers within the International Grid Trust Federation

23. PKI at Dartmouth Dartmouth’s PKI History
Dartmouth developed the CA-in-a-box distribution to reduce the set up costs and complexity for entities wanting to run their own PKI Certification Authority
This is used in Grid-related authentication services (a recent example is the Texas Advanced Computing Center)
This is also used by institutions of higher education for CA services (e.g. Cornell University)
Dartmouth developed the AirGap solution to securely connect offline Certification Authorities with highly available online Directories
This device was constructed for under $100 and provided the HEBCA and USHER projects with up to $200,000 in potential savings
This solution is now used by federal agencies, commercial entities, and institutions of higher education
This solution was voted the #1 beneficial hack or inspired workaround by InfoWorld in its May 2006 edition
Dartmouth is currently developing a “free-to-higher-education-and-research-institution” CA platform to be distributed via Internet2
Based on CAPSO from IAIK (JCE product)
Production sites include Dartmouth, Graz University, Austrian Government PKI

24. PKI at Dartmouth Dartmouth’s PKI History
Dartmouth is the developer of the Greenpass project - a PKI based method of delegating access authorization to a restricted network for guests visiting another institution
This project generated intense interest from industry giants such as Cisco and Intel, enough for them to provide large research grants for its further development and invite talks and demonstrations to their internal campuses
Dartmouth is the site for the development of the next generation of OpenCA for PKI services, partially funded by Sun Microsystems.
Massimiliano Pala (the existing OpenCA Project Manager) is a visiting post-doctoral fellow for this purpose (from January 2007)
Dartmouth through Prof. Smith, was awarded a prestigious multi-million dollar "NSF CAREER" grant explicitly about making PKI usable
The CAREER program recognizes and supports the early career-development activities of those teacher-scholars who are most likely to become the academic leaders of the 21st century.
Prof. Smith is studying how to use PKI and trusted computing technology to build trustworthy relationships among users spanning many organizations.
Dartmouth has been regularly sought out for, and provided PKI consulting and advice to a multitude of industry sectors including:
federal government
banking industry
pharmaceutical industry
technological sector
higher education

25. Strengthening PKI at Dartmouth
Standard PKI is single factor authentication – it is something you have (a private key)
Storing the private key in a secure place and protecting access to it with a passphrase creates Two Factor Authentication
(i.e. private key [something you have] and passphrase [something you know])
But storing a private key in software ONLY means it can be copied to many places – some of which may not be secure – potentially reducing this to single factor only (the passphrase protecting the private key) and also making it vulnerable to offline attacks
Storing the key in a FIPS-140 authenticated PKI hardware module ensures the private key only has a single instance - But a single instance can be restricting unless it is very portable

26. Strengthening PKI at Dartmouth
Smartcards or USB Tokens are very portable hardware options. The USB Token is usually favored over smartcards due to the additional cost of the latter option requiring readers everywhere the card is to be used (USB is mostly ubiquitous)
Dartmouth chose Aladdin eToken as its partner for PKI hardware modules after an evaluation of available products utilized for this purpose
Aladdin eToken is a house key sized HSM that protects PKI keys and can also perform other information security functions
Dartmouth began rolling out to freshmen 4 years ago, also targeted faculty and staff are required to carry them for compliance (FERPA, HIPAA) reasons

27. Strengthening PKI at Dartmouth
Dartmouth started with 16K version eToken – now using 64K version that allows for stronger 2048-bit key sizes
Aladdin also has combination devices that contain a standard flash memory chip (like a standards thumb drive) as well as the cryptography chip (delivering 2-for-1 functionality)
Aladdin provides drivers for the eToken for the operating systems supported on the Dartmouth Campus – Windows, Linux, Mac OSX
By spring 2008, all freshmen will have had a chance to obtain an eToken with a certificate and Dartmouth can start requiring Two Factor Authentication for applications with sensitive data (PKI is optional right now)

28. Creating Silos of Trust
Institution
Dept-1
Dept-1
Dept-1
USHER CA CA CA
SubCA
SubCA
SubCA
SubCA
SubCA
SubCA
SubCA
SubCA
SubCA

29. LOA: Levels of Assurance
Not all CAs are created equal
Policies adhered to vary in detail and strength
Protection of private keys
Controls around private key operations
Separation of duties
Trustworthiness of Operators
Auditability
Authentication of end entities
Frequency of revocation updates

30. HEBCA : Higher Education Bridge Certificate Authority
Bridge Certificate Authority for US Higher Education
Modeled on FBCA
Provides cross-certification between the subscribing institution and the HEBCA root CA
Flexible policy implementations through the mapping process
The HEBCA root CA and infrastructure hosted at Dartmouth College
Facilitates inter-institutional trust between participating schools
Facilitates inter-federation trust between US Higher Education community and external entities

31. HEBCA What is the value presented by this initiative?
HEBCA facilitates a trust fabric across all of US Higher Education so that credentials issued by participating institutions can be used (and trusted) globally e.g. signed and/or encrypted , digitally signed documents (paperless office), etc can all be trusted inter-institutionally and not just intra-institutionally
Extensions to the Higher Education trust infrastructure into external federations is also possible and proof of concept work with the FBCA (via BCA cross-certification) has demonstrated this inter-federation trust extension
Single credential accepted globally
Potential for stronger authentication and possibly authorization of participants in grid based applications
Contributions provided to the Path Validation and Path Discovery development efforts

32. Solving Silos of Trust Institution FBCA Dept-1 Dept-1 Dept-1 HEBCA
CAUDIT
PKI
USHER CA CA CA
SubCA
SubCA
SubCA
SubCA
SubCA
SubCA
SubCA
SubCA
SubCA

33. HEBCA Project - Status What’s been done so far?
Production HEBCA development phase complete
Issues Resolved
Discovery of a vulnerability in the protocol for indirect CRLs
Inexpensive AirGap
Citizenship requirements for Bridge-2-Bridge Interoperability
Majority of supporting documentation finalized
PKI Test Bed server instantiated
PKI Interoperability Pilot migrated
Reassessment of community needs
Audit process defined and Auditors identified
Participation in industry working groups
Cross-certification with FBCA prototype completed
Mapping to Grid PKI profiles completed
Limited participation from schools & other organizations

34. Challenges and Opportunities
Open Tasks
Audit
Updated Business Plan
Promotion of PKI Test bed
Validation Authority service
Cross-certification with other HE PKI communities
CAUDIT PKI (AusCERT)
HE JP
HE BR
Cross-certification with other PKI communities
IGTF
ESNet

35. HEBCA Next Steps
Convert limited production operations to fully operational
Require drivers from community
Institutions with mature PKIs
Need for secure inter-enterprise transactions
Require methods for self-supporting the infrastructure
EDUCAUSE funding support ends 12/31/2007
Potential to support infrastructure from ancillary services
Higher Education PKI and/or IGTF service provider (e.g. compete with the commercial vendors to issue end entity certificates)
PKI consulting services – bootstrap, setup, deployment, audit etc
Or retire the infrastructure

36. International Grid Trust Federation
IGTF founded in Oct, 2005 at GGF 15
IGTF Purpose:
Manage authentication services for global computational grids via policy and procedures
IGTF goal:
harmonize and synchronize member PMAs policies to establish and maintain global trust relationships
IGTF members:
3 regional Policy Management Authorities
EUgridPMA
APgridPMA
TAGPMA
50+ CAs, 50,000+ credentials

37. IGTF

38. IGTF general Architecture
The member PMAs are responsible for accrediting authorities that issue identity assertions.
The IGTF maintains a set of authentication profiles (APs) that specify the policy and technical requirements for a class of identity assertions and assertion providers.
The management and continued evolution of an AP is assigned by the IGTF to a specific member PMA.
Proposed changes to an AP will be circulated by the chair of the PMA managing the AP to all chairs of the IGTF member PMAs.
Each of the PMAs will accredit credential-issuing authorities and document the accreditation policy and procedures.
Any changes to the policy and practices of a credential-issuing authority after accreditation will void the accreditation unless the changes have been approved by the accrediting PMA prior to their taking effect.

39. EUGridPMA members and applicants
Green: EMEA countries with an Accredited Authority
23 of 25 EU member states (all except LU, MT)
+ AM, CH, HR, IL, IS, NO, PK, RU, TR
Other Accredited Authorities:
DoEGrids (.us), GridCanada (.ca), CERN, SEE catch-all

40. EUgridPMA Membership
Under “Classic X.509 secured infrastructure” authorities
accredited: 38 (recent additions: CERN-IT/IS, SRCE)
active applicants: 4 (Serbia, Bulgaria, Romania, Morocco)
Under “SLCS”
accredited: 0
active applicants: 1 (SWITCH-aai)
Under MICS draft
none yet of course, but actually CERN-IS would be a good match for MICS as well
Major relying parties
EGEE, DEISA, SEE-GRID, LCG, TERENA

41. Map of the APGrid PMA General Membership U. Hong Kong (China)
U. Hyderabad (India)
Osaka U. (Japan)
USM (Malaysia)
Ex-officio Membership
APAC (Australia)
CNIC/SDG, IHEP (China)
AIST, KEK, NAREGI (Japan)
KISTI (Korea)
NGO (Singapore)
ASGCC, NCHC (Taiwan)
NECTEC, ThaiGrid (Thailand)
PRAGMA/UCSD (USA)

42. APgridPMA Membership 9 Accredited CAs In operation
AIST (Japan)
APAC (Australia)
ASGCC (Taiwan)
CNIC (China)
IHEP (China)
KEK (Japan)
NAREGI (Japan)
Will be in operation
NCHC (Taiwan)
NECTEC (Thailand)
1 CA under review
NGO (Singapore)
Will be re-accredited
KISTI (Korea)
Planning
PRAGMA (USA)
ThaiGrid (Thailand)
General membership
Osaka U. (Japan)
U. Hong Kong (China)
U. Hyderabad (India)
USM (Malaysia)

43. TAGPMA

44. TAGPMA Membership Accredited Relying Parties In Review Argentina UNLP
Brazilian Grid CA
CANARIE (Canada)*
DOEGrids*
EELA LA Catch all Grid CA
ESnet/DOE Office Science*
Mexico UNAM
REUNA Chilean CA
TACC – Root
Venezuela
In Review
FNAL
NCSA – Classic/SLCS
Purdue University
TACC – Classic/SLCS
Virginia
USHER
Relying Parties
Dartmouth/HEBCA
EELA
OSG
SDSC
SLAC
TeraGrid
TheGrid
LCG
*Accredited by EUgridPMA

45. TAGPMA Bridge Working Group
Recognition that there are different LOAs
in the way some credential service providers operate
Required by different applications
More efficient ways of distributing Trust Anchors
Interoperation with other trust federations
Scott Rea is Chair, representatives from each regional PMA included

46. Proposed Inter-federations CA-2 CA-1 HE BR AusCert CAUDIT PKI CA-n NIH
HE JP
FBCA
Cross-cert
Cross-certs
C-4
DST
ACES
Texas
Dartmouth
HEBCA
Cross-certs
IGTF
Wisconsin
UVA
Univ-N
USHER
CertiPath
SAFE
CA-4
Other
Bridges
CA-1
CA-2
CA-3

47. E-Auth Level 4 E-Auth Level 3 E-Auth Level 2 E-Auth Level 1
FPKI
E-Auth Level 4
High
HEBCA/USHER
Medium Hardware CBP
High
E-Auth Level 3
Medium Software CBP
Medium
Basic
Classic Strong
Basic
E-Auth Level 2
Rudimentary
Rudimentary
C-4
IGTF
Classic Ca
Foundation
E-Auth Level 1
SLCS
MICS

48. Summary
PKI facilitates a broader range of educational opportunities through decentralized authorization and cross-domain authentication with Federated identities
The PKI solution provides a number of promising additional benefits - not just the required stronger authentication
Dartmouth has a long history of PKI achievements and leadership across many sectors – not just higher education:
Successful local PKI deployment, including 2-factor eTokens
Operation of large PKI based communities of interest (HEBCA, USHER)
Establishment of PKI governance bodies (HEBCA, TAGPMA)
Development of PKI related technologies (CAPSO,CA-in-a-box, AirGap, Greenpass, OpenCA-NG)
Participation, leadership and establishment of PKI based conferences and workshops (NIST PKI R&D, EuroPKI, EDUCAUSE PKI Summit)
Prolific publishing of papers and invited talks and panels at PKI related conferences
Grants for PKI related research from large industry corporations and government agencies (NSF, DHS, Cisco, Intel, Sun, Mellon Foundation)

49. Summary
HEBCA needs to find a means of supporting its operations or else its time to bring out the moth balls until the community is ready
CAPSO CA package should be ready for distribution from Internet2 in a VM image format in early 2008
Dartmouth will continue its pursuit of PKI related projects within the Higher Education community

50. For More Information HEBCA Website: http://webteam.educause.edu/hebca/
Scott Rea -