Austrian e-Government and Citizen Card Initiatives

Brn

o, 29

. A

pri

l 20

03

[email protected] 1/45

2nd International Scientific Conference Security and Protection of Information

Austrian e-Government and

Citizen Card Initiatives

Herbert Leitold

Secure Information Technology Center – Austria (A-SIT)

Brn

o, 29

. A

pri

l 20

03


About myself

Working for A-SIT Confirmation body under Austrian Signature Law Notified body w.r.t. EU Electronic Signature

Directive 1999/93/EC Advises public authorities in ICT security aspects

Activities include Technology assessment activities

Electronic signatures, biometrics, IT security tools, … Standardization

EESSI: Common Criteria Protection Profiles that support the EU Electronic Signature Directive

White Book “Austrian Citizen Card”

Brn

o, 29

. A

pri

l 20

03



@Table of Contents

Introduction e-Government in Europe Austrian e-Government basics

Unique identification Electronic signatures & e-

Gov. European dimension Austrian dimension

Austrian citizen card concept

Identification/Confidentiality levels

Conclusions

Brn

o, 29

. A

pri

l 20

03


Internet penetration in the EU

Source: Europ. Commission (eEurope benchmarking 2002)

50 %

Brn

o, 29

. A

pri

l 20

03


e-Government in Europe:

Public services online 2001-2002


50 %

Brn

o, 29

. A

pri

l 20

03



Internet users visiting e-Government sites


50 %

Brn

o, 29

. A

pri

l 20

03


Source: Eurobarometer (eEurope benchmarking 2001)


Government services online 2001

Brn

o, 29

. A

pri

l 20

03


ICT-structure for e-government in Austria

Brn

o, 29

. A

pri

l 20

03


The starting points ...

Austrian cabinet council decision (Nov. 2000) … to employ chip-card technology to improve

citizen’s access to public services … to supplement the planned health

insurance card with electronic signature

“White book” citizen card (June 2001) defines general requirements and

strategic decisions from an authority’s perspective

Brn

o, 29

. A

pri

l 20

03


Guiding principles …

The administration doing it’s core business

Open for the market to provide services

Port

als

, h

elp

desks

Linked via Open Interfaces

Choice of access forcitizens

Brn

o, 29

. A

pri

l 20

03


General structure

STANDARD BUILDING BLOCKS

IdentificationConfidentialityStandard formsxml – printxml – signature

e-deliverye-payment..Knowledge

Management

OPEN INTERFACEPORTAL

Brn

o, 29

. A

pri

l 20

03


The overall communication for e-Government

Brn

o, 29

. A

pri

l 20

03



Unique identification

The problem of unique identification

considering PKI, certificates, etc.

Data protection requirements Process specific ID

solution followed in Austria

Brn

o, 29

. A

pri

l 20

03


EU Signature Directive (1999/93/EC) defines:

considering §2(b), why is there a problem with unique identification ?

§ 2. ‘advanced electronic signature’ means an electronic signature which meets the following requirements:

(a) it is uniquely linked to the signatory;(b) it is capable of identifying the signatory;(c) it is created using means that the signatory can maintain

under his sole control; and(d) it is linked to the data to which it relates in such a manner

that any subsequent change of the data is detectable;

The “identification problem”

Brn

o, 29

. A

pri

l 20

03


Certification service provider (CSP)

Subscriber/signatory/signer Relying party

Certificate holds• Issuer• Name of signatory (pseudonym)• Public key• Attributes• Validity period• etc.

• How to avoid digital twins?

High quality identification

at the CSP

The PKI “magic triangle”

Brn

o, 29

. A

pri

l 20

03


The “identification problem”

High-quality identification at the CSP personal appearance, present a photo ID

Authority’s processes require identification certificate not sufficient “digital twins” problem

Possible solutions Online-access to CSP’s registration records Government-owned PKI (has access to registration

records) Permanent/unique ID in the certificate Alternatives ?

CSP

Brn

o, 29

. A

pri

l 20

03


Data protection concerns

A unique ID (central registration number CRN) is available in the Austrian central registry based on data out of a 2001 census central registration system launched in 2002

CRN may not be used with official proceedings cross-search violates data-protection rules

However, process-specific IDs may be used e.g. a ID for tax declarations e.g. a (different) ID for social security matters

Brn

o, 29

. A

pri

l 20

03


Preserving data protection

Brn

o, 29

. A

pri

l 20

03


Process-specific ID

Process-specific ID derived from national

central registration number combined with a process-

specific number

Cryptographic hash prevents tracing back

to registration numbers observes data protection

requirements replaces UID/PWD schemes

Brn

o, 29

. A

pri

l 20

03


A XML data structure that holds data often used in official proceedings

Given name, family name, date of birth the citizen’s unique ID (CRN) and a citizen’s public key (the citizen may have

several)

signed by the Ministry of Interior

Ties PKI data to an “official electronic identity”Stored with the citizen card under the citizen’s control

Persona-binding

PKIOfficial registry

(CRN)

persona-binding

Brn

o, 29

. A

pri

l 20

03



Electronic signatures and e-Government

EU signature directive the European dimension

Requirements for SSCDs Evaluation of components

Austrian signature law Relation to the EU directive

Directive1999/93/EC

Brn

o, 29

. A

pri

l 20

03


EU Signature Directive (1999) lays down:

EESSI developed technical standards e.g. Common Criteria protection profiles (SSCD-PP, CMCSO-PP, ..) EU Commission/A9C to publish reference numbers – binding for EU

§ 5(1) Member States shall ensure that advanced electronic signatures which are based on a qualified certificate and which are created by a secure-signature-creation device:

(a) satisfy the legal requirements of a signature in relation todata in electronic form in the same manner as a handwritten signature satisfies those requirements in relation to paper-based data; and ...

EU electronic signature directive

Brn

o, 29

. A

pri

l 20

03


secure signature-creation device

Annex III covers requirements for secure signature-creation

devices to ensure the functionality of advanced electronic

signatures; it does not cover the entire system environment

in which such devices operate; …

means a signature-creation device which meets the requirements laid down in Annex III;

The conformity of secure signature-creation-devices with the

requirements laid down in Annex III shall be determined by

appropriate public or private bodies designated by Member

States.

EU electronic signature directive (cntd.)

Brn

o, 29

. A

pri

l 20

03




creation device

Signature-creation process and environment

Signature-format and syntax

Signature-validation process and environment

Trustworthy

systems

Qualified certificate

Qualified certificate policy

Electronic Signature Standards (EESSI)

Brn

o, 29

. A

pri

l 20

03




creation device

Signature-creation process and environment

Signature-format and syntax

Signature-validation process and environment

Trustworthy

systems

Qualified certificate

Qualified certificate policy

CMCSO-PPCMCKG-PP

SSCD-PP

Common Criteria Protection Profiles

Brn

o, 29

. A

pri

l 20

03


HIAuthentication data

User Authentication

SCD Import

User Authentication

Personalisation

Signature-Creation

SSCD Type 2

Tru

sted

cha

nnel

**

Trustedchannel **

Trustedchannel

Tru

sted

pat

h*

CGAInit. / SVD into cert.

CGA **SVD into cert.

HIAuthentication data

SCADTBS-representation

SDO

SCADTBS-representation

SDO

CGAInit. / SVD into cert.

User Authentication

User Authentication

Personalisation

Signature-Creation

SSCD Type 3

SVD Export

User Authentication

SCD/SVD GenerationTrustedchannel

Trustedchannel

Tru

sted

pat

h*

SCD ExportSVD Export

User Authentication

SCD/SVD Generation

SSCD Type 1 Tru

sted

chan

nel

Trustedchannel

• Type 1: SCD generation

• Type 2: SCD usage (“to sign”)

• Type 3: “both 1&2”

SSCDs (3 types defined by EESSI)

Brn

o, 29

. A

pri

l 20

03


DTBS(viewer)

SSCD: the device getting ‘in touch’ with the private key

e.g. a smart-card(1999/93/EC Annex III)

SCD(private key)User authentication

(e.g. PIN entry)

Document

(hash value)

SVD export (public key/certificate)

Electronic Signature

SSCD – a different view

Brn

o, 29

. A

pri

l 20

03


D T B S

FCS_COP.1/SIGNING

FCS_COP.1/CORRESP

FCS_CKM.1FCS_CKM.1 / _CKM.4

FPT_PHP.1 / _PHP.3

FIA_AFL.2,

…….

FTP_ITC.1

FTP_TRP.1 (*)

FTP_ITC.1

FIA_UAU.1

FMT_SMR.1 (Adm./Sign.)

FDP_ACF.1

SFRs – a few of them

Brn

o, 29

. A

pri

l 20

03


Austrian signature law (2000)

requirements wrt. evaluation of

technical components vary

§ 18(1) Technical components which allow the forgery of signed data to be reliably recognized and reliably prevent unauthorized use of signature creation data procedures shall be used […].[…](5) The technical components and procedures for generating secure signatures must be constantly and adequately verified using state-of-the-art technology. Compliance with security requirements must be certified by a confirmation body (§ 19).

EU vs. Austrian electronic signature rules

Brn

o, 29

. A

pri

l 20

03



Austrian Citizen Card

a single specific smart-card? requirements of the

citizen card logical view to the card

security layer / security capsule

How the model is used

Brn

o, 29

. A

pri

l 20

03


National ID card with chip (2003)

Health insurance card“health care certificate + el. signature”(for each citizen 2004)

ATM card / bank account cardswith electronic signatures(expected for 2004)

further initiatives:• CSPs issuing qualified certificates• Austrian computer society member card• new technologies (PDAs, cell phones, WIM) • student service cards

Several smart-card initiatives …

Brn

o, 29

. A

pri

l 20

03


Concept “Austrian Citizen Card”

Defines general minimum requirements: secure electronic signatures

i.e., legal equivalence to handwritten signatures,

additional key-pairs ‘general signatures’, encryption

info-boxes to store data persona binding, certificates, power of attorney access control to info-boxes

DH key exchange session key certificates

Brn

o, 29

. A

pri

l 20

03


Some definitions …

Security Capsule: Combination of the security-relevant components wrt. electronic signatures clear responsibility / liability (signature law)

Security Layer: An interface that provides a logical view to the security capsule

Brn

o, 29

. A

pri

l 20

03


Security Capsule

Application

add. memory

Security-Layer

card-interface (e.g. PKCS#11)

Hashfunctio

n

PIN pad trustw. viewer

Security Layer vs.

Security Capsule

Brn

o, 29

. A

pri

l 20

03


Security Capsule

Security-Layer

Elements of the Austrian Citizen Card

MF_BUERGERK

DF_eAPPL

IF_SCHL_BUERGERK

IF_SCHL_eAPPL

EF_DATEN_BUERGERK

EF_DATEN_eAPPL

EF_KEY_eAPPL

EF_ZERT_eAPPL

DF_eSIG

IF_SCHL_eSIG

EF_DATEN_eSIG

EF_SIGKEY_eSIG

EF_ZERT_eSIG

DF_eSV

IF_SCHLÜSSEL_SV

EF_DATEN_SV

EF_SVDATEN_SV

EF_ANSPRUCH_SV

EF_RFU_SV

additionalkey pairs

electronicsignature

individualinfo-boxes

health insurancecertificate

DF_INFOx

IF_SCHL_INFOx

EF_DAT_A_INFOx

EF_DAT_B_INFOx

EF_DAT_C_INFOx

MF_BUERGERK

DF_eAPPL

IF_SCHL_BUERGERK

IF_SCHL_eAPPL

EF_DATEN_BUERGERK

EF_DATEN_eAPPL

EF_KEY_eAPPL

EF_ZERT_eAPPL

DF_eSIG

IF_SCHL_eSIG

EF_DATEN_eSIG

EF_SIGKEY_eSIG

EF_ZERT_eSIG

DF_eSV

IF_SCHLÜSSEL_SV

EF_DATEN_SV

EF_SVDATEN_SV

EF_ANSPRUCH_SV

EF_RFU_SV

additionalkey pairs

electronicsignature



DF_INFOx

IF_SCHL_INFOx

EF_DAT_A_INFOx

EF_DAT_B_INFOx

EF_DAT_C_INFOx

MF_BUERGERK

DF_eAPPL

IF_SCHL_BUERGERK

IF_SCHL_eAPPL

EF_DATEN_BUERGERK

EF_DATEN_eAPPL

EF_KEY_eAPPL

EF_ZERT_eAPPL

DF_eSIG

IF_SCHL_eSIG

EF_DATEN_eSIG

EF_SIGKEY_eSIG

EF_ZERT_eSIG

DF_eSV

IF_SCHLÜSSEL_SV

EF_DATEN_SV

EF_SVDATEN_SV

EF_ANSPRUCH_SV

MF_BUERGERK

DF_eAPPL

IF_SCHL_BUERGERK

IF_SCHL_eAPPL

EF_DATEN_BUERGERK

EF_DATEN_eAPPL

EF_KEY_eAPPL

EF_ZERT_eAPPL

DF_eSIG

IF_SCHL_eSIG

EF_DATEN_eSIG

EF_SIGKEY_eSIG

EF_ZERT_eSIG

DF_eSV

IF_SCHLÜSSEL_SV

EF_DATEN_SV

EF_SVDATEN_SV

EF_ANSPRUCH_SV

EF_RFU_SV

additionalkey pairs

electronicsignature



DF_INFOx

IF_SCHL_INFOx

EF_DAT_A_INFOx

EF_DAT_B_INFOx

EF_DAT_C_INFOx

Brn

o, 29

. A

pri

l 20

03


Simple request/response scheme Application sends request Security Capsule responds

Result or Error code

Protocol elements encoded in XMLTransport layer bindings TCP/IP, SSL/TLS (socket communication) HTTP/HTTPS (capsule acts as simple

Webserver)

Security Capsule

Request

Response

Security Layer Protocol

Brn

o, 29

. A

pri

l 20

03


Application submit form

Brn

o, 29

. A

pri

l 20

03


Application return result

Brn

o, 29

. A

pri

l 20

03


Using the concept for payment

Brn

o, 29

. A

pri

l 20

03



Identification / Confidentiality levels

e-Government processeshave different

requirements wrt. identification or

confidentiality Three Security levels

Replacing UID/PWD

Brn

o, 29

. A

pri

l 20

03


ServerBrowser

SSL/TLS

Based on “conventional” SSL/TLS

Security Level I

no specific requirements

Brn

o, 29

. A

pri

l 20

03


ServerBrowser

active component

SCT:•time•URL

1

3

SSL/TLS

Authentic.Block:•time•URL•ID

2

Security Level II

usual G2C services

Brn

o, 29

. A

pri

l 20

03


bind the SSL/TLS

certificatesto citizen card

ServerBrowser

SSL/TLS

active component

Security Level III

specific confidentiality requirements

Brn

o, 29

. A

pri

l 20

03


Current State

Security Layer Demonstrator implemented in JAVA Used by developers

“golden device” for developing security capsules to test e-Government applications in early stages

Some e-Government applications Applications to social insurance (operational) Registration of a business in Vienna

(operational) Petitions to federal ministries (end 2002) Penal records (Q1 2003) Tax declarations online (Q1 2003)

Brn

o, 29

. A

pri

l 20

03



Conclusions

Security capsule / layer provide

a technology-neutral interface

to the Austrian citizen card

Electronic signatures are a central element

Concept is the basis of Austrian

e-Government initiatives

e-Austria

Brn

o, 29

. A

pri

l 20

03



Thank you foryour attention !

[email protected]

Documents

Austrian e-Government and Citizen Card Initiatives