Upload
arion
View
21
Download
1
Embed Size (px)
DESCRIPTION
Austrian e-Government and Citizen Card Initiatives. Herbert Leitold Secure Information Technology Center – Austria (A-SIT). About myself. Working for A-SIT Confirmation body under Austrian Signature Law Notified body w.r.t. EU Electronic Signature Directive 1999/93/EC - PowerPoint PPT Presentation
Citation preview
Brn
o, 29
. A
pri
l 20
03
[email protected] 1/45
2nd International Scientific Conference Security and Protection of Information
Austrian e-Government and
Citizen Card Initiatives
Herbert Leitold
Secure Information Technology Center – Austria (A-SIT)
Brn
o, 29
. A
pri
l 20
03
[email protected] 2/45
About myself
Working for A-SIT Confirmation body under Austrian Signature Law Notified body w.r.t. EU Electronic Signature
Directive 1999/93/EC Advises public authorities in ICT security aspects
Activities include Technology assessment activities
Electronic signatures, biometrics, IT security tools, … Standardization
EESSI: Common Criteria Protection Profiles that support the EU Electronic Signature Directive
White Book “Austrian Citizen Card”
Brn
o, 29
. A
pri
l 20
03
[email protected] 3/45
2nd International Scientific Conference Security and Protection of Information
@Table of Contents
Introduction e-Government in Europe Austrian e-Government basics
Unique identification Electronic signatures & e-
Gov. European dimension Austrian dimension
Austrian citizen card concept
Identification/Confidentiality levels
Conclusions
Brn
o, 29
. A
pri
l 20
03
[email protected] 4/45
Internet penetration in the EU
Source: Europ. Commission (eEurope benchmarking 2002)
50 %
Brn
o, 29
. A
pri
l 20
03
[email protected] 5/45
e-Government in Europe:
Public services online 2001-2002
Source: Europ. Commission (eEurope benchmarking 2002)
50 %
Brn
o, 29
. A
pri
l 20
03
[email protected] 6/45
e-Government in Europe:
Internet users visiting e-Government sites
Source: Europ. Commission (eEurope benchmarking 2002)
50 %
Brn
o, 29
. A
pri
l 20
03
[email protected] 7/45
Source: Eurobarometer (eEurope benchmarking 2001)
e-Government in Europe:
Government services online 2001
Brn
o, 29
. A
pri
l 20
03
[email protected] 9/45
The starting points ...
Austrian cabinet council decision (Nov. 2000) … to employ chip-card technology to improve
citizen’s access to public services … to supplement the planned health
insurance card with electronic signature
“White book” citizen card (June 2001) defines general requirements and
strategic decisions from an authority’s perspective
Brn
o, 29
. A
pri
l 20
03
[email protected] 10/45
Guiding principles …
The administration doing it’s core business
Open for the market to provide services
Port
als
, h
elp
desks
Linked via Open Interfaces
Choice of access forcitizens
Brn
o, 29
. A
pri
l 20
03
[email protected] 11/45
General structure
STANDARD BUILDING BLOCKS
IdentificationConfidentialityStandard formsxml – printxml – signature
e-deliverye-payment..Knowledge
Management
OPEN INTERFACEPORTAL
Brn
o, 29
. A
pri
l 20
03
[email protected] 13/45
2nd International Scientific Conference Security and Protection of Information
Unique identification
The problem of unique identification
considering PKI, certificates, etc.
Data protection requirements Process specific ID
solution followed in Austria
Brn
o, 29
. A
pri
l 20
03
[email protected] 14/45
EU Signature Directive (1999/93/EC) defines:
considering §2(b), why is there a problem with unique identification ?
§ 2. ‘advanced electronic signature’ means an electronic signature which meets the following requirements:
(a) it is uniquely linked to the signatory;(b) it is capable of identifying the signatory;(c) it is created using means that the signatory can maintain
under his sole control; and(d) it is linked to the data to which it relates in such a manner
that any subsequent change of the data is detectable;
The “identification problem”
Brn
o, 29
. A
pri
l 20
03
[email protected] 15/45
Certification service provider (CSP)
Subscriber/signatory/signer Relying party
Certificate holds• Issuer• Name of signatory (pseudonym)• Public key• Attributes• Validity period• etc.
• How to avoid digital twins?
High quality identification
at the CSP
The PKI “magic triangle”
Brn
o, 29
. A
pri
l 20
03
[email protected] 16/45
The “identification problem”
High-quality identification at the CSP personal appearance, present a photo ID
Authority’s processes require identification certificate not sufficient “digital twins” problem
Possible solutions Online-access to CSP’s registration records Government-owned PKI (has access to registration
records) Permanent/unique ID in the certificate Alternatives ?
CSP
Brn
o, 29
. A
pri
l 20
03
[email protected] 17/45
Data protection concerns
A unique ID (central registration number CRN) is available in the Austrian central registry based on data out of a 2001 census central registration system launched in 2002
CRN may not be used with official proceedings cross-search violates data-protection rules
However, process-specific IDs may be used e.g. a ID for tax declarations e.g. a (different) ID for social security matters
Brn
o, 29
. A
pri
l 20
03
[email protected] 19/45
Process-specific ID
Process-specific ID derived from national
central registration number combined with a process-
specific number
Cryptographic hash prevents tracing back
to registration numbers observes data protection
requirements replaces UID/PWD schemes
Brn
o, 29
. A
pri
l 20
03
[email protected] 20/45
A XML data structure that holds data often used in official proceedings
Given name, family name, date of birth the citizen’s unique ID (CRN) and a citizen’s public key (the citizen may have
several)
signed by the Ministry of Interior
Ties PKI data to an “official electronic identity”Stored with the citizen card under the citizen’s control
Persona-binding
PKIOfficial registry
(CRN)
persona-binding
Brn
o, 29
. A
pri
l 20
03
[email protected] 21/45
2nd International Scientific Conference Security and Protection of Information
Electronic signatures and e-Government
EU signature directive the European dimension
Requirements for SSCDs Evaluation of components
Austrian signature law Relation to the EU directive
Directive1999/93/EC
Brn
o, 29
. A
pri
l 20
03
[email protected] 22/45
EU Signature Directive (1999) lays down:
EESSI developed technical standards e.g. Common Criteria protection profiles (SSCD-PP, CMCSO-PP, ..) EU Commission/A9C to publish reference numbers – binding for EU
§ 5(1) Member States shall ensure that advanced electronic signatures which are based on a qualified certificate and which are created by a secure-signature-creation device:
(a) satisfy the legal requirements of a signature in relation todata in electronic form in the same manner as a handwritten signature satisfies those requirements in relation to paper-based data; and ...
EU electronic signature directive
Brn
o, 29
. A
pri
l 20
03
[email protected] 23/45
secure signature-creation device
Annex III covers requirements for secure signature-creation
devices to ensure the functionality of advanced electronic
signatures; it does not cover the entire system environment
in which such devices operate; …
means a signature-creation device which meets the requirements laid down in Annex III;
The conformity of secure signature-creation-devices with the
requirements laid down in Annex III shall be determined by
appropriate public or private bodies designated by Member
States.
EU electronic signature directive (cntd.)
Brn
o, 29
. A
pri
l 20
03
[email protected] 24/45
Certification service provider (CSP)
Subscriber/signatory/signer Relying party
creation device
Signature-creation process and environment
Signature-format and syntax
Signature-validation process and environment
Trustworthy
systems
Qualified certificate
Qualified certificate policy
Electronic Signature Standards (EESSI)
Brn
o, 29
. A
pri
l 20
03
[email protected] 25/45
Certification service provider (CSP)
Subscriber/signatory/signer Relying party
creation device
Signature-creation process and environment
Signature-format and syntax
Signature-validation process and environment
Trustworthy
systems
Qualified certificate
Qualified certificate policy
CMCSO-PPCMCKG-PP
SSCD-PP
Common Criteria Protection Profiles
Brn
o, 29
. A
pri
l 20
03
[email protected] 26/45
HIAuthentication data
User Authentication
SCD Import
User Authentication
Personalisation
Signature-Creation
SSCD Type 2
Tru
sted
cha
nnel
**
Trustedchannel **
Trustedchannel
Tru
sted
pat
h*
CGAInit. / SVD into cert.
CGA **SVD into cert.
HIAuthentication data
SCADTBS-representation
SDO
SCADTBS-representation
SDO
CGAInit. / SVD into cert.
User Authentication
User Authentication
Personalisation
Signature-Creation
SSCD Type 3
SVD Export
User Authentication
SCD/SVD GenerationTrustedchannel
Trustedchannel
Tru
sted
pat
h*
SCD ExportSVD Export
User Authentication
SCD/SVD Generation
SSCD Type 1 Tru
sted
chan
nel
Trustedchannel
• Type 1: SCD generation
• Type 2: SCD usage (“to sign”)
• Type 3: “both 1&2”
SSCDs (3 types defined by EESSI)
Brn
o, 29
. A
pri
l 20
03
[email protected] 27/45
DTBS(viewer)
SSCD: the device getting ‘in touch’ with the private key
e.g. a smart-card(1999/93/EC Annex III)
SCD(private key)User authentication
(e.g. PIN entry)
Document
(hash value)
SVD export (public key/certificate)
Electronic Signature
SSCD – a different view
Brn
o, 29
. A
pri
l 20
03
[email protected] 28/45
D T B S
FCS_COP.1/SIGNING
FCS_COP.1/CORRESP
FCS_CKM.1FCS_CKM.1 / _CKM.4
FPT_PHP.1 / _PHP.3
FIA_AFL.2,
…….
FTP_ITC.1
FTP_TRP.1 (*)
FTP_ITC.1
FIA_UAU.1
FMT_SMR.1 (Adm./Sign.)
FDP_ACF.1
SFRs – a few of them
Brn
o, 29
. A
pri
l 20
03
[email protected] 29/45
Austrian signature law (2000)
requirements wrt. evaluation of
technical components vary
§ 18(1) Technical components which allow the forgery of signed data to be reliably recognized and reliably prevent unauthorized use of signature creation data procedures shall be used […].[…](5) The technical components and procedures for generating secure signatures must be constantly and adequately verified using state-of-the-art technology. Compliance with security requirements must be certified by a confirmation body (§ 19).
EU vs. Austrian electronic signature rules
Brn
o, 29
. A
pri
l 20
03
[email protected] 30/45
2nd International Scientific Conference Security and Protection of Information
Austrian Citizen Card
a single specific smart-card? requirements of the
citizen card logical view to the card
security layer / security capsule
How the model is used
Brn
o, 29
. A
pri
l 20
03
[email protected] 31/45
National ID card with chip (2003)
Health insurance card“health care certificate + el. signature”(for each citizen 2004)
ATM card / bank account cardswith electronic signatures(expected for 2004)
further initiatives:• CSPs issuing qualified certificates• Austrian computer society member card• new technologies (PDAs, cell phones, WIM) • student service cards
Several smart-card initiatives …
Brn
o, 29
. A
pri
l 20
03
[email protected] 32/45
Concept “Austrian Citizen Card”
Defines general minimum requirements: secure electronic signatures
i.e., legal equivalence to handwritten signatures,
additional key-pairs ‘general signatures’, encryption
info-boxes to store data persona binding, certificates, power of attorney access control to info-boxes
DH key exchange session key certificates
Brn
o, 29
. A
pri
l 20
03
[email protected] 33/45
Some definitions …
Security Capsule: Combination of the security-relevant components wrt. electronic signatures clear responsibility / liability (signature law)
Security Layer: An interface that provides a logical view to the security capsule
Brn
o, 29
. A
pri
l 20
03
[email protected] 34/45
Security Capsule
Application
add. memory
Security-Layer
card-interface (e.g. PKCS#11)
Hashfunctio
n
PIN pad trustw. viewer
Security Layer vs.
Security Capsule
Brn
o, 29
. A
pri
l 20
03
[email protected] 35/45
Security Capsule
Security-Layer
Elements of the Austrian Citizen Card
MF_BUERGERK
DF_eAPPL
IF_SCHL_BUERGERK
IF_SCHL_eAPPL
EF_DATEN_BUERGERK
EF_DATEN_eAPPL
EF_KEY_eAPPL
EF_ZERT_eAPPL
DF_eSIG
IF_SCHL_eSIG
EF_DATEN_eSIG
EF_SIGKEY_eSIG
EF_ZERT_eSIG
DF_eSV
IF_SCHLÜSSEL_SV
EF_DATEN_SV
EF_SVDATEN_SV
EF_ANSPRUCH_SV
EF_RFU_SV
additionalkey pairs
electronicsignature
individualinfo-boxes
health insurancecertificate
DF_INFOx
IF_SCHL_INFOx
EF_DAT_A_INFOx
EF_DAT_B_INFOx
EF_DAT_C_INFOx
MF_BUERGERK
DF_eAPPL
IF_SCHL_BUERGERK
IF_SCHL_eAPPL
EF_DATEN_BUERGERK
EF_DATEN_eAPPL
EF_KEY_eAPPL
EF_ZERT_eAPPL
DF_eSIG
IF_SCHL_eSIG
EF_DATEN_eSIG
EF_SIGKEY_eSIG
EF_ZERT_eSIG
DF_eSV
IF_SCHLÜSSEL_SV
EF_DATEN_SV
EF_SVDATEN_SV
EF_ANSPRUCH_SV
EF_RFU_SV
additionalkey pairs
electronicsignature
individualinfo-boxes
health insurancecertificate
DF_INFOx
IF_SCHL_INFOx
EF_DAT_A_INFOx
EF_DAT_B_INFOx
EF_DAT_C_INFOx
MF_BUERGERK
DF_eAPPL
IF_SCHL_BUERGERK
IF_SCHL_eAPPL
EF_DATEN_BUERGERK
EF_DATEN_eAPPL
EF_KEY_eAPPL
EF_ZERT_eAPPL
DF_eSIG
IF_SCHL_eSIG
EF_DATEN_eSIG
EF_SIGKEY_eSIG
EF_ZERT_eSIG
DF_eSV
IF_SCHLÜSSEL_SV
EF_DATEN_SV
EF_SVDATEN_SV
EF_ANSPRUCH_SV
MF_BUERGERK
DF_eAPPL
IF_SCHL_BUERGERK
IF_SCHL_eAPPL
EF_DATEN_BUERGERK
EF_DATEN_eAPPL
EF_KEY_eAPPL
EF_ZERT_eAPPL
DF_eSIG
IF_SCHL_eSIG
EF_DATEN_eSIG
EF_SIGKEY_eSIG
EF_ZERT_eSIG
DF_eSV
IF_SCHLÜSSEL_SV
EF_DATEN_SV
EF_SVDATEN_SV
EF_ANSPRUCH_SV
EF_RFU_SV
additionalkey pairs
electronicsignature
individualinfo-boxes
health insurancecertificate
DF_INFOx
IF_SCHL_INFOx
EF_DAT_A_INFOx
EF_DAT_B_INFOx
EF_DAT_C_INFOx
Brn
o, 29
. A
pri
l 20
03
[email protected] 36/45
Simple request/response scheme Application sends request Security Capsule responds
Result or Error code
Protocol elements encoded in XMLTransport layer bindings TCP/IP, SSL/TLS (socket communication) HTTP/HTTPS (capsule acts as simple
Webserver)
Security Capsule
Request
Response
Security Layer Protocol
Brn
o, 29
. A
pri
l 20
03
[email protected] 40/45
2nd International Scientific Conference Security and Protection of Information
Identification / Confidentiality levels
e-Government processeshave different
requirements wrt. identification or
confidentiality Three Security levels
Replacing UID/PWD
Brn
o, 29
. A
pri
l 20
03
[email protected] 41/45
ServerBrowser
SSL/TLS
Based on “conventional” SSL/TLS
Security Level I
no specific requirements
Brn
o, 29
. A
pri
l 20
03
[email protected] 42/45
ServerBrowser
active component
SCT:•time•URL
1
3
SSL/TLS
Authentic.Block:•time•URL•ID
2
Security Level II
usual G2C services
Brn
o, 29
. A
pri
l 20
03
[email protected] 43/45
bind the SSL/TLS
certificatesto citizen card
ServerBrowser
SSL/TLS
active component
Security Level III
specific confidentiality requirements
Brn
o, 29
. A
pri
l 20
03
[email protected] 44/45
Current State
Security Layer Demonstrator implemented in JAVA Used by developers
“golden device” for developing security capsules to test e-Government applications in early stages
Some e-Government applications Applications to social insurance (operational) Registration of a business in Vienna
(operational) Petitions to federal ministries (end 2002) Penal records (Q1 2003) Tax declarations online (Q1 2003)
Brn
o, 29
. A
pri
l 20
03
[email protected] 45/45
2nd International Scientific Conference Security and Protection of Information
Conclusions
Security capsule / layer provide
a technology-neutral interface
to the Austrian citizen card
Electronic signatures are a central element
Concept is the basis of Austrian
e-Government initiatives
e-Austria
Brn
o, 29
. A
pri
l 20
03
[email protected] 46/45
2nd International Scientific Conference Security and Protection of Information
Thank you foryour attention !