ABCs of PKI

1
ABCs of PKI

• TAG Presentation
• 18th May 2004
• Paul Butler

2
Agenda

• Role of trust
• PKI concepts
• PKI components
• Management framework
• Passport signing requirement
• Deployment issues
• Operational Issues
• Guidance

3
Security Model

• Must answer the questions
• What data are we protecting?
• integrity of biometric information on chip in
  passport
• Why are we protecting it?
• Maintain integrity of passport
• Who or what are we protecting it against?
• Those who would seek to alter data to falsify
  passport
• When are we protecting it?
• Throughout the life of the passport
• For passport issuers, the model revolves around
  TRUST

4
The Role of Trust

• Trust is usually based on some form of identity
• Direct Trust
• Based on personal relationship, where trust is
  handled directly
• Breaks down when too many members in trusted
  relationship to handle directly
• Third Party trust
• Trust in individual changes to trust in a system
• Passports represent the national identity of an
  individual

5
PKI Concept

• Public Key Infrastructure based on asymmetric
  cryptography. Relies on a key pair, one private
  and one public
• Private key is secret
• Public key is freely available, linked to
  identity of certificate owner
• Private key cannot be computed from public key
• Concept is then applied into applications

6
Public Key Infrastructure

• Business uses include
• Authentication of identity for individual,
  organization or device (authentication)
• Confirmation that data has not been tampered with
  (integrity)
• Confirmation that transaction took place
  (non-repudiation)
• Maintain data confidentiality (encryption)
• Guarantee that transaction took place at specific
  time (secure time stamp)

7
PKI Components

• Mechanism to issue certificates
• Certificate authority (CA)
• Mechanism to validate certificates
• Directory services
• Certificate Revocation List
• Key history
• Potentially, source of trusted time for stamping
• Controlled Process to enroll and manage
  certificate holders - Registration Authority (RA)
• Process to revoke certificates which are no
  longer valid (distinct from rollover of expired
  certificate keys)
• Processes defined by certificate policy (CP) and
  certification practice statements (CPS)

8
Passport PKI Requirement

• New passports to include biometric identifier on
  chip. Concerns about tampering (integrity) led
  to need for PKI signature to confirm data on chip
  unchanged since production of TD (integrity)
• PKI does NOT guarantee identity of passport
  holder it guarantees that TD biometric is
  unchanged since production by a specific producer
  (non-repudiation)
• Based on DIGITAL SIGNATURE

9
Use of digital signature

• During passport print process, data chip will be
  loaded
• CA will be requested for a signature
• Signature and certificate will be added to chip
• Chip is then locked to prevent further write
  operations

10
PKI Signing Process

• To sign a document
• A hash is prepared derived from the document
  content
• It is encoded with the signing algorithm from the
  signers PRIVATE KEY
• The signature and a copy of the public key
  certificate is attached to the document
• It is then available for validation

11
PKI Signing Process (2)

• To validate the signature
• The PUBLIC KEY is used to prepare a hash of the
  document using the same signing key algorithm as
  the private key
• The new hash is compared with the original
• If they are the same, it proves that the document
  is unchanged since it was signed
• For a TD, it means that TRUST can be placed on
  the validity of the document

12
PKI Signing Process (3)

• If relying party wishes to further validate the
  certificate, a path must exist to the CA which
  issued the certificate
• Check validity of issuer
• Check certificate not revoked
• Implies border crossing points must have internet
  facing capability linked to card readers which
  can go to a source and validate that the
  certificate presented is in fact valid
• No such infrastructure is yet in place

13
(No Transcript)
14
Deployment Issues

• Need for international standards among TD
  producers for mutual acceptance of biometric,
  PKI-authenticated TDs
• Need for accreditation process to accept each new
  national CA into infrastructure
• Complex management challenge
• Need to incorporate passport CA with national
  policy for PKI administration
• Align with national trust model

15
Operational Issues

• Process for adoption of new technology standards
• Essential to maintain underlying cryptographic
  technology current
• All nations move ahead together
• Avoid complexity of cross certification by
  publishing certificates in common location
• Location must be specified from outset in
  certificate

16
Key management

• To reduce risk of compromise, key should roll
  over frequently
• Need to maintain key history for lifetime of
  passport issued under that key
• In event of compromise, publish compromised
  certificate data to Certificate revocation list
  (directory)
• Secure time stamping could be used to determine
  when a compromise occurred, or for calculations
  regarding validity period of passport

17
Guidance

• Common tendency to focus on underlying technology
  wrong!
• PKI is 20 technology, 80 process
• Key element lies in trust model
• To be trusted, technology must be supported by
  business processes which demonstrate the
  integrity of the PKI
• Entitlement processes must match integrity levels
  of entitlement process no more, no less

18
Questions?