1. 1 Using PKI for the Census MSIS 2004, Geneva Mel Turner, Lise Duquet Statistics Canada

2. 2 2 Agenda Government of Canada common infrastructure Census of Population, Census of Agriculture –Business requirements –Security/Confidentiality requirements A new common service – SEAL (Session Encryption with Automated Login) –Attributes –Components –Application flows Why is SEAL appropriate for statistical data collection?

3. 3 3 Business objectives Offer all Canadians the option to complete their Census forms using the Internet –Census of Population and Census of Agriculture are conducted every 5 years. –13.5 million households and 300 000 farms in May 2006. Conduct a Census Dress Rehearsal –300 000 households and 20 000 farms in May 2004. Target Internet take-up rate of 20% to 25% –Peak period on or around Census day. Provide the most secure way to connect Canadians to protect confidentiality of data.

4. 4 4 Business requirements Simple and single-step access –Need to authenticate a form, not a person –No pre-registration required Convenient and ease of use –Accessible anytime, anywhere –Supported Web browsers –Ability to suspend and resume a session for long forms –Nothing left behind the user’s workstation Capable of securely handling large volumes –Highly visible application –Response window focused on “Census day”

5. 5 5 Confidentiality requirements Confidentiality protection of data submitted on-line –PKI technology provides confidentiality and digital signature. –SEAL uses PKI for confidentiality protection only. Strong encryption using an anonymous PKI certificate –Bi-directional, end-to-end encryption. –Need to securely return instructions, sensitive data captured in a previous session or real-time updates to the user. Security interface transparent to the user –The steps taken by SEAL to maintain a secure session are invisible to the user.

6. 6 6 SEAL Attributes Pool of anonymous PKI Certificates –PKI certificates bulk generated in advance. –PKI certificate recycled at the end of each session. –No user maintenance. Anonymous PKI User ID, Password and Distinguished Names (DN) –Automatic login and logoff from SEAL, invisible to the user Dedicated Certificate Authority –Not cross-certified with other authorities. End-to-end bi-directional encryption with Entrust ® TruePass 7.0

7. 7 7 Census Login Attempt to access Census site Establish TruePass™ Frameset Prompt user for Access Code (printed on form) User enters Access Code Get encrypted Access Code and validate Reverse proxy confirmation Retrieve a random userid and auto-login Anonymous certificates Establish user session User completes Census Form User Browser Common PKI Infrastructure Census Application

8. 8 8 User submits data TruePass™ applet encrypts user data (data remains encrypted until it reaches Census application) Data is decrypted using Statcan private key Response is processed (edit checks) User continues User Browser Common PKI Infrastructure Census Application Encrypt response using respondent public key Reverse proxy pass thru TruePass™ applet decrypts data transparently “Submit” On logout or timeout Userid and certificate are recycled Anonymous certificates

9. 9 9 Re-use of SEAL? Designed as a “service”, not an application. Bi-directional encryption using anonymous PKI certificates. –Secure exchange of confidential or sensitive information on-line where the identity of the individual is not relevant. –Secure exchange of data based on an access code (e.g. e-file) –Secure online forms or e-transactions where there is a need to securely return real-time updates, approvals or instructions to the user. –Confidential (but not digitally signed) e-mail. Transparent certificate management to department –No individual data observed or retained by SEAL –No pre-registration; invisible and non-intrusive to the user –Ease of deployment.