View
221
Download
1
Category
Tags:
Preview:
Citation preview
IDAInterchange of Data
between AdministrationsA ‘bridge CA’ for Europe’s
public administrations
European Signatures vs Global SignaturesEuropean Signatures vs Global Signatures
EESSI, Rome, 7th April EESSI, Rome, 7th April 2003
• Paul E Murphy Paul E Murphy
• IDA, Enterprise Directorate General IDA, Enterprise Directorate General
• European CommissionEuropean Commission
• IDA programme of DG EnterpriseIDA programme of DG Enterprise
• IDA bridge CA projectIDA bridge CA project
– historyhistory
– current developmentscurrent developments
• Some PKI issuesSome PKI issues
The IDA programme
• Interchange of Data between Interchange of Data between AdministrationsAdministrations
• Enterprise Directorate General, Enterprise Directorate General, European Commission European Commission
• 1999 - 20041999 - 2004
The IDA programme
• Co-ordinates the exchange of Co-ordinates the exchange of information between the MS and EC in information between the MS and EC in support of:support of:
– the management of the single the management of the single marketmarket
– the Community decision-making the Community decision-making processprocess
– a wide range of Community policiesa wide range of Community policies
What does IDA do?• Sectoral projects for Sectoral projects for
information exchange in information exchange in support of the Single Marketsupport of the Single Market
– Agriculture, Employment, Agriculture, Employment, Environment, Health, Environment, Health, Enterprises, Statistics, etc.Enterprises, Statistics, etc.
What does IDA do?• Generic ServicesGeneric Services
– TESTA (IP network), Public Key TESTA (IP network), Public Key Infrastructure (PKI CUG), CIRCA Infrastructure (PKI CUG), CIRCA (workgroup)(workgroup)
• Common tools and techniquesCommon tools and techniques
– MoReq, architecture guidelines MoReq, architecture guidelines for interoperability, STATEL, etc.for interoperability, STATEL, etc.
IDA PKICUG
• IDA issues X.509v3 electronic certificatesIDA issues X.509v3 electronic certificates
• to members of IDA Networksto members of IDA Networks
• for use in:for use in:
– SSLSSL
– S/MIMES/MIME
– electronic signatureelectronic signature
• Now proposes a ‘bridge CA’Now proposes a ‘bridge CA’
Why?• eEurope Action PlaneEurope Action Plan
– support for electronic signatures in public support for electronic signatures in public administrationadministration
• Member States ’ policyMember States ’ policy
– ability to use the electronic certificates issued ability to use the electronic certificates issued by their national CAs in pan-European business by their national CAs in pan-European business
• IDA policyIDA policy
– encourage interoperability, use of standards, encourage interoperability, use of standards, use of e-signature, etc. use of e-signature, etc.
– Conclusions from previous projectsConclusions from previous projects
Feasibility study
• Collect and summarise the views of the Collect and summarise the views of the Member StatesMember States
• Raise major potential issuesRaise major potential issues– legal and politicallegal and political
– organisationalorganisational
– technicaltechnical
• Discuss possible solutionsDiscuss possible solutions
• Propose further stepsPropose further steps
Legal and political aspects
• No reluctance to the principle of mutual recognition of No reluctance to the principle of mutual recognition of national Certification Authoritiesnational Certification Authorities– some level of national control was requestedsome level of national control was requested
• The major issue raised was the understanding of The major issue raised was the understanding of electronic signatureselectronic signatures– qualified certificates versus non-qualifiedqualified certificates versus non-qualified
– understanding of (in particular) Article 5 of the European Directiveunderstanding of (in particular) Article 5 of the European Directive
– requirement to establish equivalence rules between qualified requirement to establish equivalence rules between qualified certificates throughout Europecertificates throughout Europe
• The liability of the authorities issuing certificates should The liability of the authorities issuing certificates should be limited to the respect of attribution proceduresbe limited to the respect of attribution procedures
A series of issues to be agreed prior to operations
Governance
• Comply with existing IDA rulesComply with existing IDA rules
• Organisational instance to be defined, including:Organisational instance to be defined, including:– a Governing Body composed of representatives a Governing Body composed of representatives
• of the Member States and of the European Institutions ?of the Member States and of the European Institutions ?
• of the participating Certification Authorities ?of the participating Certification Authorities ?
– a specific team to manage operationsa specific team to manage operations
– a technical infrastructure depending on the architecture chosena technical infrastructure depending on the architecture chosen
• Definition and application of proceduresDefinition and application of procedures– agreement of a given CA to be recognised by the bridgeagreement of a given CA to be recognised by the bridge
– periodic verification of complianceperiodic verification of compliance
Ways to manage the common organisation
Core functionality
• Exchange and renewal of cross-certificates or of any Exchange and renewal of cross-certificates or of any equivalent information (e.g. signed lists of trusted root equivalent information (e.g. signed lists of trusted root certificates)certificates)
• Publication of general informationPublication of general information– Certificate PoliciesCertificate Policies
• Publication of certification informationPublication of certification information– trusted CA certificatestrusted CA certificates
– certificate revocation listscertificate revocation lists
• Publication of technical interoperability specificationsPublication of technical interoperability specifications
• According to the solution chosen, availability of a test bed to According to the solution chosen, availability of a test bed to validate the interoperability of a given CA with the other onesvalidate the interoperability of a given CA with the other ones
Required services to all user profiles
Major recommendation• A set of organisational measures and of technical tools A set of organisational measures and of technical tools
participating in establishing permanent, secure and participating in establishing permanent, secure and reliable trust between the Public Key Infrastructures reliable trust between the Public Key Infrastructures established by the Member States for the usage of their established by the Member States for the usage of their public sectorpublic sector
• The primary goal is to help civil servants to recognise the The primary goal is to help civil servants to recognise the valid credentials of their correspondents in other Member valid credentials of their correspondents in other Member States, hence to establish a secure environment for States, hence to establish a secure environment for electronic data exchangeelectronic data exchange– as a secondary goal, the same service could be provided to as a secondary goal, the same service could be provided to
companies and individuals to recognise civil servantscompanies and individuals to recognise civil servants
• Optionally, other PKIs, in particular those providing Public Optionally, other PKIs, in particular those providing Public Key Certificates to the major partners of the Key Certificates to the major partners of the Administrations, could be recognised as wellAdministrations, could be recognised as well
Set up an intermediate infrastructure
Suggested organisation
Governing body
Policy Authority
Technical assessors
Member States
European Institutions
Member CAs
Management team
Memorandum of Agreement
• Must be established before any operational start upMust be established before any operational start up
• Should cover the following descriptionsShould cover the following descriptions– responsibility, commitments and liability of all participating responsibility, commitments and liability of all participating
authoritiesauthorities
– rules for the governance of the intermediate infrastructurerules for the governance of the intermediate infrastructure
– building blocks of the certificate policies, includingbuilding blocks of the certificate policies, including• profile of contentsprofile of contents
• assurance levelsassurance levels
• management proceduresmanagement procedures
– services provided and expected from the infrastructure by the services provided and expected from the infrastructure by the participating and relying partiesparticipating and relying parties
– procedures for an applicant party to become a participating procedures for an applicant party to become a participating authorityauthority
The basic charter of collaboration
Architecture
• HierarchyHierarchy– a central Certification Authority recognises each CA of the Member a central Certification Authority recognises each CA of the Member
States or of national organisationsStates or of national organisations– relying parties just trust the central CArelying parties just trust the central CA
• MeshMesh– the Certification Authorities of the Administrations or of public the Certification Authorities of the Administrations or of public
bodies directly recognise each otherbodies directly recognise each other– each relying party justs trust its own CA that in turn trusts the each relying party justs trust its own CA that in turn trusts the
remote CAremote CA
• Web / trust model Web / trust model – a repository of trusted Certification Authoritiesa repository of trusted Certification Authorities– each relying party trusts all distributed certificates of the listeach relying party trusts all distributed certificates of the list
• Hub-and-spoke infrastructure ("bridge")Hub-and-spoke infrastructure ("bridge")– a central technical infrastructure cross-recognises each concerned a central technical infrastructure cross-recognises each concerned
CACA– each relying party justs trusts its own CA that trusts the bridge each relying party justs trusts its own CA that trusts the bridge
that in turn trusts the remote CAthat in turn trusts the remote CA
Possible ways to interconnect the Public Key Infrastructures
Hierarchical
Alice BobCarol David
CA-3CA-2CA-1
CA
A central Certification Authority recognises each CA of the Member States or of national organisationsRelying parties just trust the central CA
Mesh (peer-to-peer cross certification)
Alice
Bob
Carol
DavidCA-3
CA-1
CA-2
The Certification Authorities of the Administrations directly recognise each otherEach relying party justs trust its own CA that in turn trusts the remote CA
Web / trust (distribution of trusted lists)
Alice
Bob
Carol
DavidCA-3
CA-1
CA-2
CTL
A repository of trusted Certification AuthoritiesEach relying party trusts all distributed certificates of the list
Bridge model
Ellen
Frank
Gwen
Harry
Bridge
Alice BobCarol David
Hierarchical PKI Archtecture
Mesh PKI Archtecture
A central technical infrastructure cross-recognises each CAEach relying party justs trusts its own CA that trusts the bridge that in turn trusts the remote CA
Modified bridge CA model
National CA PKC
Bridge CAEurodomain
Local Domain A
Local Domain B
Local Domain C
National CA TL
Sectoral CA TL
National CA
National CA
National CA
Sectoral CA
Bridge model + web / trust model
Suggested BCA model
• The bridge trusts (i.e. accepts to certify) each The bridge trusts (i.e. accepts to certify) each proposed member CAproposed member CA
• ‘‘Root certificates be distributed by the bridge under Root certificates be distributed by the bridge under the form of signed liststhe form of signed lists– relying parties trust each CA recorded in the listrelying parties trust each CA recorded in the list
– Member States could update the list and re-sign itMember States could update the list and re-sign it
• ‘‘Cross-certification’ with the bridge CACross-certification’ with the bridge CA
• -- relying parties trust their own CA that is cross-certified with relying parties trust their own CA that is cross-certified with the bridge that in turn trusts remote CAs that are cross-certified with the bridge that in turn trusts remote CAs that are cross-certified with the bridgethe bridge
• Member States may implement validation authorities Member States may implement validation authorities inside their own administrations or public bodiesinside their own administrations or public bodies
A compromise between the proposed models
Simple certification
Functioning of the suggested architecture
Bridge CA
CA ACross certification
CA C
CA ACA BCA C…(signedbridge CA)
Validation authority
CA B
Relying party
Consultation of status
Relying party
Consultation of certificates
Simple certificatio
n
DOMAIN A DOMAIN CDOMAIN B
Relying partyLocal
verification
Certificate policies
• A Policy Authority should be created by the Governing Body to:A Policy Authority should be created by the Governing Body to:– define the intended usage of families of certificatesdefine the intended usage of families of certificates
– establish the associated assurance levels and minimum management establish the associated assurance levels and minimum management proceduresprocedures
– draw up and publish the resulting Certificate Policiesdraw up and publish the resulting Certificate Policies
• European policies (possibly sectoral) rather than national European policies (possibly sectoral) rather than national policiespolicies– simpler managementsimpler management
– unique understandingunique understanding
– no need for complex mappingno need for complex mapping
• In the long term, the identity of policies should be registered In the long term, the identity of policies should be registered into the certificates and the relying parties requested to verify into the certificates and the relying parties requested to verify the proper usage of certificatesthe proper usage of certificates
A set of European-level policies
Current Phase: 1• Step-by-step approachStep-by-step approach
• Draft Memorandum of Agreement / Draft Memorandum of Agreement / UnderstandingUnderstanding
• Outline Certificate PolicyOutline Certificate Policy
• Outline Technical Requirements for Outline Technical Requirements for participating CAsparticipating CAs
• CTL Feasibility Study
• Outline Operational Procedures
• Outline of Pilot and Test Plan
Current Phase: 2• Memorandum of Agreement / Understanding Memorandum of Agreement / Understanding
for participating Member Statesfor participating Member States
• Bridge CA Certificate PolicyBridge CA Certificate Policy
• Technical Requirements for participating CAsTechnical Requirements for participating CAs
• Bridge CA Technical Architecture
• Recommendations on use of CTLs
• Bridge CA Operational Procedures
• Agreed Pilot and Test Plan
Next Phase• Pilot of Bridge CA:Pilot of Bridge CA:
– Generate CTLs;Generate CTLs;
– Generate Cross-CertificatesGenerate Cross-Certificates
– Publicly accessible directoryPublicly accessible directory
• Test:
– Operation of bridge CA
– Bridge CA in a simulated IDA network
– Member State to Member State exchanges
• Bridge CA Certificate Practices Statement
• Bridge CA Certificate PolicyBridge CA Certificate Policy
• Technical Requirements for participating CAsTechnical Requirements for participating CAs
• Bridge CA Technical Architecture
• Recommendations on use of CTLs
• Bridge CA Operational Procedures
• Agreed Pilot and Test Plan
Then
• Decision TimeDecision Time
Bridge CA feasibility study
• http://europa.eu.int/ISPO/ida/jsps/index.jsp?http://europa.eu.int/ISPO/ida/jsps/index.jsp?fuseAction=showDocument&parent=news&dfuseAction=showDocument&parent=news&documentID=581ocumentID=581
European vs Global Signatures?
• IDA needs ‘pan-European’ signaturesIDA needs ‘pan-European’ signatures
– ability to use electronic certificates in ability to use electronic certificates in trans-border applications (e.g. public e-trans-border applications (e.g. public e-procurement)procurement)
• Establish trust in CAs in other Member StatesEstablish trust in CAs in other Member States
– cross-certification?cross-certification?
– Mutual recognition?Mutual recognition?
– Bridge CA?Bridge CA?– Allow for local controlAllow for local control
European vs Global Signatures?
• Establish the authenticity and validity of Establish the authenticity and validity of electronic certificates issued in a Member electronic certificates issued in a Member State other then the relying party’sState other then the relying party’s
• European level certificate policiesEuropean level certificate policies
– Correspondence with national certificate Correspondence with national certificate policiespolicies
• InteroperabilityInteroperability
Why do we introduce PKIs?
• Work electronically with business partnersWork electronically with business partners
• Reduce costs or increase profitsReduce costs or increase profits
• Increase operational efficiencyIncrease operational efficiency
• Be more effective in achieving objectivesBe more effective in achieving objectives
• Provide value added services that cannot be Provide value added services that cannot be provided with paper-based workingprovided with paper-based working
• Government policy (public administration)Government policy (public administration)
Basic requirements for PKIs
• Provide a real business benefitProvide a real business benefit
• Cost-effectiveCost-effective
• Easy / easier than paper-based equivalentsEasy / easier than paper-based equivalents
• Easy to set upEasy to set up
• Easy to operateEasy to operate
• Interoperable with other PKIsInteroperable with other PKIs
• Add valueAdd value
Some PKI Problems
• S/MIME v2: Authentication and confidentialityS/MIME v2: Authentication and confidentiality
• ScalabilityScalability
• Certificate PoliciesCertificate Policies
• The way people and organisations workThe way people and organisations work
• EncryptionEncryption
• Other problemsOther problems
How work is performed
• Personal certificates vs. functional Personal certificates vs. functional organisational unitsorganisational units
• Functional certificatesFunctional certificates
– organisational units are not legal entitiesorganisational units are not legal entities
• non-repudiationnon-repudiation
• electronic signatureelectronic signature
• ‘‘Registration’ of organisational unitsRegistration’ of organisational units
How work is performed
• PKIPKI
– Personal certificatesPersonal certificates
• WorkWork
– Organised on functional unitsOrganised on functional units
• Shared functional certificatesShared functional certificates
How work is performed
• Role-based certificates Role-based certificates
– The role confirms the authority of the The role confirms the authority of the certificate holdercertificate holder
– The role may determine the validity of the The role may determine the validity of the business eventbusiness event
– Volatility of personnelVolatility of personnel
• X.509 v3 certificate extensionsX.509 v3 certificate extensions
– Interoperability and language problemsInteroperability and language problems
Other problems• Directory and discovery problemsDirectory and discovery problems
• Trust relationshipsTrust relationships
– ‘‘Bridge’ CABridge’ CA
– Ability to follow a certification pathAbility to follow a certification path
• Certificate revocation status checkingCertificate revocation status checking
• CRLs, OCSP, etc.CRLs, OCSP, etc.
• Cross-certificationCross-certification
• etc.etc.
What do we need?
• Interoperable standards-based products that are:Interoperable standards-based products that are:
– Available from multiple suppliers,Available from multiple suppliers,
• Interoperable with or can Interoperable with or can – Exchange information with the Exchange information with the
» Office products typically found in Office products typically found in modern enterprises and public sector modern enterprises and public sector organisations, andorganisations, and
– Work across Europe’s borders.Work across Europe’s borders.
• Agreed PKI models that are congruent with the Agreed PKI models that are congruent with the way business is carried outway business is carried out
• IDA programme of DG EnterpriseIDA programme of DG Enterprise
• IDA bridge CA projectIDA bridge CA project
– historyhistory
– current developmentscurrent developments
• Some PKI issuesSome PKI issues
Thank you
Paul E. MurphyPaul E. Murphy
IDA programmeIDA programme
European Commission (SC 15 02/65)European Commission (SC 15 02/65)
B-1040 Brussels, BelgiumB-1040 Brussels, Belgium
fax: +32 2 299 0286 fax: +32 2 299 0286
e-mail: Paul-E.Murphy@cec.eu.inte-mail: Paul-E.Murphy@cec.eu.int
Recommended