The Need for Trusted Credentials
Information Assurance in Cyberspace
Mary MitchellDeputy Associate Administrator
Office of Electronic Government & Technologywww.cio.gov/eauthentication
www.cio.gov/fpkisc
A Few Assertions
The Internet is perceived as being inherently anonymous
In order to conduct trusted transactions, we need to know with whom we are dealing
Transactions must be within reasonable risk limits
Trusted electronic credentials provide the means to link an asserted identity in the electronic world to physical entities
Facets of Building Trust
Facet DescriptionIdentification Who are you?
Authentication How do I know you are who you claim to be?
Authorization Are you allowed to perform this transaction?
Integrity Is the data you sent the same as what I received?
Confidentiality Are we sure no one else read the data you sent?
Auditing Record of transactions to assist in looking for security problems?
Non-repudiation Can you prove the sender sent it, and the receiver received the identical transaction?
Thanks to Karl Best, Director of Technical Operations, OASIS
The Challenge of Trust Online
Unrealistic expectations• Immediacy but with safety, personal autonomy and control• Personalization without surveillance• Security and privacy without inconvenience, loss of immediacy
Privacy Concerns are Real• Issuing credentials raises privacy concerns, strong identity
proofing increases these concerns• Reasonable use extended beyond initial use over time• Basic conflict with convenience– the key to security is less data
and more control
Preconditions for Credential ‘Trustworthiness’
Unique to the person using it
Under the sole control of the person using it
Capable of verification
Credential Pedigree
– Institutional Standing of the Provider
– Governance
– Establishment of Identity
– Credential Control
Challenges of Identity Management
• Most identity management systems were built one application at a time– No scalable, holistic means of managing identity, credentials,
policy across boundaries– Fragmented identity infrastructure, inconsistent policy
frameworks, process discontinuities– Potential security loopholes, expensive to manage
• Few Agency enterprise approaches exist• Infrastructure requirements extend reach and range:
– Increase scalability, lower costs– Balance of centralized and distributed management– Infrastructure must be more general-purpose and re-usable
E-Authentication
In Addition to Policy, Three Focus Areas:
Agency Application Risk Analysis Modified proven process for E-Authentication Needs (eRA) Focused on Identity Assurance at the Transaction Level
Authentication Gateway Provide validation services for multiple forms of ID credentials Prototype gateway used to technical understanding of products Agency business processes to broker identity assurance model Establish common interfaces for doing electronic transactions
• Establish Process to Evaluate Electronic Credential Providers
Determining Authentication Needs
• Standardize process to assess the security risk• Three primary risks:
– Improper disclosure– Program fraud– Image/reputation of Agency
• Determine transaction risk – Recommend “appropriate” authentication for a given
transaction– Examine transaction flow and vulnerabilities– Estimate cost and identify alternatives
Conducting eRA
– An interdisciplinary team -- comprised of:• business or mission-related staff• information technology staff
– eRA self-directed tool available to • guide team through process• produce consistent risk report with reduced effort
– Provides basis for selecting Assurance Level
Basis: SEI
eAuthenticationGateway
Academia
Health Care
State or FederalGovernmentIdentity
VerificationRequired
Identity
Verification
Not Required
Future of the Gateway
Federal AgencyRelying Parties
CredentialProviders
CitizenBusinessAgent
DirectAccess
CapabilityPreserved
CredentialValidationProcess
The GATEWAY Concept
ECP 1
ECP 2
ECP 3
DCP 2
DCP 1
TechnologyMapping
Ap1
Ap2
Ap3
Ap4
Ap5
GATEWAY Agency ApplicationsCredentialProviders
0 None
1Medium
2Substantial
3Strong
FED
BRIDGE
Federal Authentication Infrastructures
• Existing Infrastructures for trusted transactions– E-Authentication Gateway provides a mechanism to
evaluate ANY type of electronic Credential – Federal Bridge links together Public Key Infrastructure
(PKI) based Trust domains– ACES provides an outsourced common infrastructure
and PKI credentials for Trust domain with the public– NFC provides a managed infrastructure and PKI
credentials for Trust domain for Agency operations – Common Access Card provides for common, secure
platform for maintaining credentials• Each has benefits for overall trust relationship
The Problem with PKI
Concerns about complexity and cost
Suitable when strong authentication needed
Multiple Public Key Infrastructures operated by Agencies
Operational PKIs have incorporated differing– Technical Solutions– Policy Decisions
Federal Government also needs a mechanism for reliance on internal and external Trust Domains.
Interoperability is the CHALLENGE!– Both Policy and Technical Interoperability
• Acts as a trust “anchor”
• Enables digital credentials issued by one agency to be used /trusted at other agencies that have been cross-certified.
Benefits of the Federal Bridge:• Use of certificate policies and standards-based technologies and
processes provides flexiblity
• Allows all organizations to make one security agreement with the Bridge CA, rather requiring multiple security agreements
• Allows trust interoperability between organizations and minimizes impact on the organization’s infrastructures and end-user applications
Federal Bridge Certification AuthorityEnables certification between organizations so
agencies “trust” each others public key credentials. The Federal Bridge:
Federal Bridge Certification Authority
Certificate Policy
Certificate Repository
CertificationAuthority
Certificate Holder
Relying Party
(Agency)
Certificate Policy
Certificate Repository
CertificationAuthority
Cross
Certificate
Certificate Policy
7
CertificationAuthority
Relying Party
(Agency)
Certificate Holder
Certificate Repository
Path Construction:
• Kathy Pink
• Pink FBCA
• FBCA Green
• Green Mike
S/MIME EMAIL
Kathy Mike
Thank YouFor your Time & Attention