Embed Size (px)
Citation preview
E-Gov and SecurityE-Gov and Security
Keren Cummins
Digital Signature Trust Co.
Richard Guida
Chair, Federal PKI Steering Committee
E-Transaction LandscapeE-Transaction Landscape
• Intra-agency– personnel matters, agency management
• Interagency– payments, account reconciliation, litigation
• Agency to trading partner– procurement, regulation
• Agency to the public
Challenges All Applications FaceChallenges All Applications Face
• Authentication of Users• Non-repudiation for transactions• Message integrity• Confidentiality (privacy)• Liability• Interoperability• Scalability
Potential Internet Potential Internet Security SolutionsSecurity Solutions
• Pin Numbers
• Biometrics
• Digital Signatures or PKI (Public Key Infrastructure)
PKI Viewed by Many as Only Total Solution
A Digital Signature is NOT:A Digital Signature is NOT:
• A Digitized Handwritten Signature…• The Typed Name of an Individual• A Secret Code or a Pin Number
A Digital Signature IS:A Digital Signature IS:
• A Transformation of a Message Using Public Key Cryptography
• Virtually Impossible to Forge
• Provides a High Level of Security
Basic Principle of CryptographyBasic Principle of Cryptography
• All information goes into a computer as a number
• One can perform mathematical operations on the information
• For Example: Add, subtract, multiply, divide or exponentiate it.
Two Flavors of CryptographyTwo Flavors of Cryptography
• Symmetric Cryptography– Uses Single Number or Key
• Asymmetric or Public Key Cryptography – Uses Two Different Numbers or Key Pair– Key Pair Consists of Two Large Numbers:
• One Called a Private Key
• One Called a Public Key
What Does Cryptography What Does Cryptography Really Look LikeReally Look Like
• Private Key:– 6448072E 0AD8FD61 F78E45FC 0B9419F9 0E1DD1EF
• Public Key:– 47F126B5 74A10BB1 EB107322 C2379439 7F7DD52D 6CB89D3F
04A4E434 0A09EE52 6284271E E092C592 C3CC4144 5861CBF5 E8696BFF 85432ED1 B919A328 48B1D9F0
• Hash or Message Digest: – 53007ADB 04851436 F3F3ACBB F07CA19D 1AC248EA
• DSA Signature:– 571691CC 0426C2B5 A545D896 C620CB8D 76B7820C
What’s a Hash?What’s a Hash?
• Brief series of characters associated with a document
• Message digest, or “fingerprint” generated by a mathematical algorithm
• Same document will always generate the same hash
• A document that has been altered can never generate the original hash
Message HashingAlgorithm
Message Digest 1
SignatureAlgorithm
Message
Digital Signature
Private Key
Creating a Digital SignatureCreating a Digital Signature
An Example:An Example:
A Signed Message -This will confirm my intention to purchase the Empire State Building. The purchase price shall be $178 million. Closing shall be on or before April 15, 1997. Please forward seller’s account number so that I may arrange wire transfer of funds upon closing. Signed, Donald Trump BEGIN SIGNATURE - iQCVAwUBMARe7gvyLNSbw6ZVAQF6ygP/fDnuvdAbGIDWaSMXUIRMuNHYzdZOOcqkDh/Tc2+DubuEa6GU03AgZY8K9t5r9lua34E68pCxegUz009b10cjNt6+o+704Z3j1yy9ijYM8BWNaSp9L2W4nUuWBdlWyel/2PjjRVNZEtqtSRQuPEpJ2IHtx9tGevH10END SIGNATURE -
Verifying a Digital SignatureVerifying a Digital Signature
Message
DigitalSignature
HashingAlgorithm
Verification Algorithm
Message Digest 1
Message Digest 2
Identical Y/N?
Public Key
What’s MissingWhat’s Missing
• Need to Link Individual Identities to Proposed Security Factor
• How Do I Know This is Your Password, Fingerprint, or Public Key
• Enter “Trusted Third Parties” or TTPs
Role of Role of Trusted Third Parties (TTPs)Trusted Third Parties (TTPs)
• Link Security Factor to Individual Identity (PKI Uses Digital Certificates)
• Stand Behind Linkage• Demonstrate Sufficient Institutional Stature as
to Promote Trust in Linkage• Issue a Digital Certificate Binding Signer’s
Identity to Signer’s Public Key
Process FlowProcess Flow
CertificationAuthority
Repository
Subscriber Relying Party
1
2
3
4
5
6
Annually:1. Subscriber Applies to CA for Digital Certificate
2. CA verifies identity of subscriber and issues Digital Certificate
3. CA publishes Certificate to Repository
Per Transaction:4. Subscriber digitally signs and sends electronic message to relying party
5. Relying party goes to the Repository to check validity of the Subscriber’s Certificate. 6. Repository returns copy of certificate and results of status check
7
Likely Candidates Likely Candidates for “TTP” Rolefor “TTP” Role
• Government Agencies
• Financial Institutions
• Employers (In their own COI )
Legal FrameworkLegal Framework
• Government Paperwork Elimination Act (GPEA) – supports the use of electronic signatures for
transactions with the Federal government– Enacted October 1998– Covers user authentication and persistent
electronic signatures
GPEA BackgroundGPEA Background
• With some qualifications, GPEA requires agencies by October 2003 to:– Accept forms (>50K copies/year) electronically– Accept electronic signatures on forms and
documents
• Encourages electronic filing and electronic recordkeeping, particularly by employers
GPEA Background (continued)GPEA Background (continued)
• Gives electronic signatures full legal effect
• Technology neutral - agencies select based on specifics of applications (e.g., risk)– But recognizes that technology neutrality does
NOT mean all technologies are created equally
• Focus: transactions with Federal agencies
• Draft OMB Guidance 3/99; final 5/00
Electronic Signatures Under GPEA Electronic Signatures Under GPEA GuidanceGuidance
• OMB GPEA guidance recognizes several ways to effect “electronic signature”– PINs/passwords
– Digitized signatures
– Biometrics
– Digital signatures
• Each approach has advantages and disadvantages, some more acute than others
PINs/PasswordsPINs/Passwords
• Advantages:– Simple
– Used ubiquitously, no “learning curve”
• Disadvantages:– Shared secret means other party can compromise
– Hard to achieve non-repudiation
– Does not scale well - PINs/passwords proliferate
– Can be very susceptible to remote attack
– Parties must know each other beforehand
Digitized SignaturesDigitized Signatures
• Advantages:– Closest in appearance to “wet signature”
• Disadvantages:– Form of shared secret
– No open standards, templates are usually proprietary
– Can be vulnerable to replay attack
– No cryptographic binding of identity to document
– Hard to achieve non-repudiation
– Requires additional hardware (stylus/pad)
BiometricsBiometrics
• Advantages:– Fingerprints, iris images impossible to “forget”
• Disadvantages:– Form of shared secret
– No open standards, templates are usually proprietary
– Can be vulnerable to replay attack
– No cryptographic binding of identity to document
– Requires additional hardware (camera, pad)
– Can be hard to revoke old identity and issue new one
Digital SignaturesDigital Signatures
• Advantages:– No shared shared secrets between remote parties
– Cryptographic binding between identity and document
– Scales well, interoperates reasonably well
• Disadvantages:– Requires infrastructure (PKI)
– Is more complex than PINs/passwords
– Can require additional hardware (if smartcards are used)
SummarySummary
• Digital signatures represent strongest single solution– Also most scalable and interoperable - cutting across
agency stovepipes
• Best solution may be combination:– Digital signature to bind digitized signature
– Digital signature with biometric identifier to unlock private signing key
• PINs/passwords may be sufficient for some applications, if interoperability unimportant
Privacy/ Disclosure: Basic Privacy/ Disclosure: Basic PrinciplesPrinciples
• Electronic authentication should only be required where needed
• Tailor authentication needs to the transaction and the participants
• Avoid collecting information that is more detailed than required
• Inform participants that information will be managed pursuant to the Privacy Act, Computer Security Act, and other laws.
Legal Effect and ValidityLegal Effect and Validity
Electronic records submitted or maintained in accordance with procedures developed under this title, or electronicsignatures or other forms of electronic authentication usedin accordance with such procedures, shall not be deniedlegal effect, validity, or enforceability because such recordsare in electronic form.
-GPEA, section 1707
Additional Legal ConsiderationsAdditional Legal Considerations
• “Intent” at time of signing critical– Need for banners or other indicia
• Need to capture entire document with signature - not just HTML “tags”
• Need to retain ability to validate signature at later date (either directly or through “digital notary”
• Electronic records management big issue - with or without electronic signatures
