Public Key Infrastructure (PKI)

What is PKI? “A public key infrastructure (PKI) is a set of roles, policies, and procedures needed to create, manage, distribute, use, store, and revoke digital certificates and manage public-key encryption. The purpose of a PKI is to facilitate the secure electronic transfer of information for a range of network activities such as e-commerce, internet banking and confidential email. It is required for activities where simple passwords are an inadequate authentication method and more rigorous proof is required to confirm the identity of the parties involved in the communication and to validate the information being transferred” Wikipedia

SWIM Objectives The Yellow Profile (YP) targets: Support for a wide variety of interactions in a flexible manner and that is affordable for the service consumer The interaction must be able to run over Public Internet and must be sufficiently secured Use of technologies based on standard Web Services The technology must be supported out-of-the-box Keeping as many options open as possible PKI based security solutions supports the above by: Support for message signing to satisfy integrity, identification, authenticity and more PKI is not restricted to yellow profile.

Business drivers Provider and consumer interaction build on trust All involved parties can be trusted (authorized entities only) Exchange mechanism can be trusted (secured, reliable, on-time) Information can be trusted (non-repudiation, accountability) No abuse of information (adequate access control)

Comprehensive PKI Certification Authority Certificate Repository Revocation Key Backup Recovery Automatic Key Update Key History Management Cross Client Software Authentication Integrity Confidentiality Secure Time Stamping Notarization Non-repudiation Support Secure Data Archive Privilege/Policy Creation Privilege/Policy Verification

Aeronautical PKI Architecture USA Root CA / RA EUR USA Bridge Certificates EURRoot FAA Root Policy 1 Policy 2 Policy 3 CA / RA EDxx Airports Example based on discussions with FAA. ICAO’s role have to be further elaborated and coordinated with ICAO.

One bridge-two certificates A bridge between to separate PKI’s consists of two certificates between the PKI’s root certificates USA shows that it trusts EUR by signing EUR’s public key with USA’s private key Thereby issuing a new certificate “USA trusts EUR” EUR shows that it trusts USA by signing USA’s public key with EUR’s private key Thereby issuing a new certificate “EUR trusts USA”

The Bridge Only two certificates to administer to trust across the Atlantic ocean Can easily and automatically be revoked from Europe towards USA and vice versa CPH have validated this scenario with standard tools available today on the internet

Different types of certificates All are issued under the X.509 standard The different types of certificates are issued according to different policies and by different intermediate certificate The format and content of the fields can be different Ideas for types and policies of certificates Different certificates (policies) for different purposes (criticality) Airlines, Airports, ANSP, Suppliers / Ground handler Personnel in the above (ATSEP, Cabin Crew, Pilots)

Policies and Governance Who generates the private key for each certificate? How does the public key (certificate) get signed? How to establish initial trust between CA and certificate users (ANSP, Airport, AO)? Who can obtain a certificate? What can they be used for? What is the format and other content? CA / RA EURRoot Policy 1 Policy 2 Policy 3

Policy 1 – high criticality example Who generates the private key for each certificate? By national security service and kept in the “vault” of the national trust store How does the public key (certificate) get signed? Transported by courier and with senior officials from CA present How to establish initial trust between CA and certificate users (ANSP, Airport, AO)? The same way diplomats become accredited Who can obtain a certificate? Only ANSP’s or Military What can they be used for? Only to be used to secure very critical infrastructure What is the format and other content? To be defined, depends on business context

Policy 2 – low criticality example Who generates the private key for each certificate? The CA generates and keeps the private key How does the public key (certificate) get signed? Automatically by the CA’s servers How to establish initial trust between CA and certificate users (ANSP, Airport, AO)? By an email from the relevant organization (AO, ANSP, Airport) Who can obtain a certificate? Any organization in the industry What can they be used for? Any information that needs to be kept confidential or signed What is the format and other content? To be defined, depends on business context

Additional