1 / 18

Ensuring Passport Integrity with PKI: A Trust Model Overview

Explore the fundamentals of Public Key Infrastructure (PKI) in protecting biometric data on passports, addressing trust, integrity, and authentication. Learn about PKI concepts, components, deployment issues, and the operational challenges faced. Discover the significance of PKI signing processes and the importance of key management in ensuring passport security.

astevens
Download Presentation

Ensuring Passport Integrity with PKI: A Trust Model Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ABC’s of PKI TAG Presentation 18th May 2004 Paul Butler

  2. Agenda • Role of trust • PKI concepts • PKI components • Management framework • Passport signing requirement • Deployment issues • Operational Issues • Guidance

  3. Security Model • Must answer the questions: • What data are we protecting? • integrity of biometric information on chip in passport • Why are we protecting it? • Maintain integrity of passport • Who or what are we protecting it against? • Those who would seek to alter data to falsify passport • When are we protecting it? • Throughout the life of the passport • For passport issuers, the model revolves around TRUST

  4. The Role of Trust • Trust is usually based on some form of identity • Direct Trust • Based on personal relationship, where trust is handled directly • Breaks down when too many members in trusted relationship to handle directly • Third Party trust • Trust in individual changes to trust in a system • Passports represent the national identity of an individual

  5. PKI Concept • Public Key Infrastructure based on asymmetric cryptography. Relies on a key pair, one private and one public • Private key is secret • Public key is freely available, linked to identity of certificate owner • Private key cannot be computed from public key • Concept is then applied into applications

  6. Public Key Infrastructure • Business uses include: • Authentication of identity for individual, organization or device (authentication) • Confirmation that data has not been tampered with (integrity) • Confirmation that transaction took place (non-repudiation) • Maintain data confidentiality (encryption) • Guarantee that transaction took place at specific time (secure time stamp)

  7. PKI Components • Mechanism to issue certificates • Certificate authority (CA) • Mechanism to validate certificates • Directory services • Certificate Revocation List • Key history • Potentially, source of trusted time for stamping • Controlled Process to enroll and manage certificate holders - Registration Authority (RA) • Process to revoke certificates which are no longer valid (distinct from rollover of expired certificate keys) • Processes defined by certificate policy (CP) and certification practice statements (CPS)

  8. Passport PKI Requirement • New passports to include biometric identifier on chip. Concerns about tampering (integrity) led to need for PKI signature to confirm data on chip unchanged since production of TD (integrity) • PKI does NOT guarantee identity of passport holder – it guarantees that TD biometric is unchanged since production by a specific producer (non-repudiation) • Based on DIGITAL SIGNATURE

  9. Use of digital signature • During passport print process, data chip will be loaded • CA will be requested for a signature • Signature and certificate will be added to chip • Chip is then locked to prevent further write operations

  10. PKI Signing Process • To sign a document: • A hash is prepared derived from the document content • It is encoded with the signing algorithm from the signer’s PRIVATE KEY • The signature and a copy of the public key certificate is attached to the document • It is then available for validation

  11. PKI Signing Process (2) • To validate the signature: • The PUBLIC KEY is used to prepare a hash of the document using the same signing key algorithm as the private key • The new hash is compared with the original • If they are the same, it proves that the document is unchanged since it was signed • For a TD, it means that TRUST can be placed on the validity of the document

  12. PKI Signing Process (3) • If relying party wishes to further validate the certificate, a path must exist to the CA which issued the certificate • Check validity of issuer • Check certificate not revoked • Implies border crossing points must have internet facing capability linked to card readers which can go to a source and validate that the certificate presented is in fact valid • No such infrastructure is yet in place

  13. Deployment Issues • Need for international standards among TD producers for mutual acceptance of biometric, PKI-authenticated TD’s • Need for accreditation process to accept each new national CA into infrastructure • Complex management challenge • Need to incorporate passport CA with national policy for PKI administration • Align with national trust model

  14. Operational Issues • Process for adoption of new technology standards • Essential to maintain underlying cryptographic technology current • All nations move ahead together • Avoid complexity of cross certification by publishing certificates in common location • Location must be specified from outset in certificate

  15. Key management • To reduce risk of compromise, key should “roll over” frequently • Need to maintain key history for lifetime of passport issued under that key • In event of compromise, publish compromised certificate data to Certificate revocation list (directory) • Secure time stamping could be used to determine when a compromise occurred, or for calculations regarding validity period of passport

  16. Guidance • Common tendency to focus on underlying technology – wrong! • PKI is 20% technology, 80% process • Key element lies in “trust model” • To be trusted, technology must be supported by business processes which demonstrate the integrity of the PKI • Entitlement processes must match integrity levels of entitlement process – no more, no less

  17. Questions?

More Related