The Need for Trusted Credentials Information Assurance in Cyberspace Mary Mitchell Deputy Associate Administrator Office of Electronic Government & Technology.

Slides:

Advertisements

Similar presentations

PKI Solutions: Buy vs. Build David Wasley, U. California (ret.) Jim Jokl, U. Virginia Nick Davis, U. Wisconsin.

Advertisements

1 Leveraging Your Existing Campus Systems to Access Resource Partners: Federated Identity Management and Tales of Campus Participation EDUCAUSE 2006 October.

Overview of US Federal Identity Management Initiatives Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority and Asst. CIO E-Authentication, NIH.

Levels of Assurance: An Overview Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

Copyright Judith Spencer This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

S.1 Using a Global Validation Service to Unite Communities Jon Shamah EMEA Head of Sales, BBS eSecurity.

ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.

Identity Management In A Federated Environment Identity Protection and Management Conference Presented by Samuel P. Jenkins, Director Defense Privacy and.

The SAFE-BioPharma Identity Proofing Process Author of Record SWG (Digital Credentials) October 3, 2012 Peter Alterman, Ph.D. Chief Operating Officer,

1 Authentication Trustworthiness The Next Stage in Identity-Based Access and Security Tom Board, NUIT.

1 ARPA A regional infrastructure for secure role-based access to RTRT services Ing. Laura Castellani Tuscany Region.

PKI in US Higher Education TAGPMA Meeting, March 2006 Rio De Janeiro, Brazil.

Federal Approach to Electronic Credentials For services to citizens, businesses, other governments, and employees Mary J. Mitchell Office of Electronic.

The U.S. Federal PKI and the Federal Bridge Certification Authority

EDUCAUSE Fed/Higher ED PKI Coordination Meeting

Electronic Authentication for Flexible Learning Workshop Presentation (5 August 2003) Chris Connolly, CEO, Galexia Consulting.

NIH-EDUCAUSE Interoperability Project, Phase 3: Fulfilling the Promise Dartmouth PKI Implementation Workshop Peter Alterman, Ph.D. Assistant CIO for E-Authentication.

Identity and Access Management IAM A Preview. 2 Goal To design and implement an identity and access management (IAM) middleware infrastructure that –

The E-Authentication Initiative: A Status Report Presented at Educause Meeting June 16, 2004 The E-Authentication Initiative.

The E-Authentication Initiative An Overview Peter Alterman, Ph.D. Assistant CIO for e-Authentication, NIH and Chair, Federal PKI Policy Authority The E-Authentication.

Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy.

Public Key Infrastructure Ammar Hasayen ….

1 Data Strategy Overview Keith Wilson Session 15.

The Need for Trusted Credentials Information Assurance in Cyberspace Judith Spencer Chair, Federal PKI Steering Committee

Policy, Trust and Technology Mitigating Risk in the Digital World David L. Wasley Camp 2006 © David L. Wasley, 2006.

Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Dao Dinh Kha National Centre of Digital Signature Authentication - Agency of Information Technology Application A vision on a national Electronic Authentication.

Trusted Systems Laboratory Hewlett-Packard Laboratories Bristol, UK InfraSec 2002 InfraSec 2002 Bristol, October 2002 Marco Casassa Mont Richard.

NENA Development Conference | October 2014 | Orlando, Florida Security Certificates Between i3 ESInet’s and FE’s Nate Wilcox Emergicom, LLC Brian Rosen.

TFTM Interim Trust Mark/Listing Approach Paper Analysis of Current Industry Trustmark Programs and GTRI PILOT Approach Discussion Deck TFTM Committee.

Cyber Authentication Renewal Project Executive Overview June – minute Brief.

1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

U.S. General Services Administration Federal Technology Service November 9, 1999 Judith Spencer Director, Center for Governmentwide Security Office of.

Garry Compton Manager Government Authentication ANTA Workshop 05/08/03 Canberra, Australia An update on Commonwealth Authentication.

U.S. Department of Agriculture eGovernment Program July 15, 2003 eAuthentication Initiative Pre-Implementation Status eGovernment Program.

HIT Policy Committee NHIN Workgroup Recommendations Phase 2 David Lansky, Chair Pacific Business Group on Health Danny Weitzner, Co-Chair Department of.

E-Authentication: Enabling E-Government Presented to PESC May 2, 2005 The E  Authentication Initiative.

E-Authentication: Simplifying Access to E-Government Presented at the PESC 3 rd Annual Conference on Technology and Standards May 1, 2006.

Name Position Organisation Date. What is data integration? Dataset A Dataset B Integrated dataset Education data + EMPLOYMENT data = understanding education.

PKI and the U.S. Federal E- Authentication Architecture Peter Alterman, Ph.D. Assistant CIO for e-Authentication National Institutes of Health Internet2.

The Federal Bridge A Brief Overview 1. 4BF Industry Forum April Fed PKI: View from 20,000 km FBCA C4 Common Policy CA (HSPD-12) CertiPath SSPs.

The privacy risks and rewards of distributed identity Conference Presentation (8 September 2003) Surveillance and Privacy 2003, University of New South.

1 Standard Student Identification Method Jeanne Saunders Session 16.

Jimmy C. Tseng Assistant Professor of Electronic Commerce

Leveraging Campus Authentication for Grid Scalability Jim Jokl Marty Humphrey University of Virginia Internet2 Meeting April 2004.

“Trust me …” Policy and Practices in PKI David L. Wasley Fall 2006 PKI Workshop.

Identity Federations and the U.S. E-Authentication Architecture Peter Alterman, Ph.D. Assistant CIO, E-Authentication National Institutes of Health.

1 Federal Identity Management Initiatives Federal Identity Management Initatives David Temoshok Director, Identity Policy and Management GSA Office of.

Transforming Government Federal e-Authentication Initiative David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

Electronic Security and PKI Richard Guida Chair, Federal PKI Steering Committee Chief Information Officers Council

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Peter Alterman, Ph.D. Chair, Federal PKI Policy Authority Meet FedFed.

Interoperability and the Evolving Federal PKI Richard Guida, P.E. Member, Government Information Technology Services Board Chair, Federal PKI Steering.

1 David C. Kibbe, MD MBA DirectTrust Collaborating to Build the Security and Trust Framework for Direct Exchange June 20, 2013.

Shared Services and Third Party Assurance: Panel May 19, 2016.

Federal Initiatives in IdM Dr. Peter Alterman Chair, Federal PKI Policy Authority.

The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.

E-Authentication Guidance Jeanette Thornton, Office of Management and Budget “Getting to Green with E-Authentication” February 3, 2004 Executive Session.

EAuthentication – Update on Federal Initiative Jacqueline Craig IR&C September 27, 2005.

Identity Management Overview

Law Enforcement Information Sharing Program (LEISP) Federated Identity Management Pilot February 27, 2006.

U.S. Federal e-Authentication Initiative

EDUCAUSE Fed/Higher ED PKI Coordination Meeting

Technical Approach Chris Louden Enspier

The E-Authentication Initiative

HIMSS National Conference New Orleans Convention Center

Presentation transcript:

The Need for Trusted Credentials Information Assurance in Cyberspace Mary Mitchell Deputy Associate Administrator Office of Electronic Government & Technology

A Few Assertions The Internet is perceived as being inherently anonymous In order to conduct trusted transactions, we need to know with whom we are dealing Transactions must be within reasonable risk limits Trusted electronic credentials provide the means to link an asserted identity in the electronic world to physical entities

Facets of Building Trust FacetDescription IdentificationWho are you? AuthenticationHow do I know you are who you claim to be? AuthorizationAre you allowed to perform this transaction? IntegrityIs the data you sent the same as what I received? ConfidentialityAre we sure no one else read the data you sent? AuditingRecord of transactions to assist in looking for security problems? Non-repudiationCan you prove the sender sent it, and the receiver received the identical transaction? Thanks to Karl Best, Director of Technical Operations, OASIS

The Challenge of Trust Online Unrealistic expectations Immediacy but with safety, personal autonomy and control Personalization without surveillance Security and privacy without inconvenience, loss of immediacy Privacy Concerns are Real Issuing credentials raises privacy concerns, strong identity proofing increases these concerns Reasonable use extended beyond initial use over time Basic conflict with convenience– the key to security is less data and more control

Preconditions for Credential ‘Trustworthiness’ Unique to the person using it Under the sole control of the person using it Capable of verification Credential Pedigree –Institutional Standing of the Provider –Governance –Establishment of Identity –Credential Control

Challenges of Identity Management Most identity management systems were built one application at a time –No scalable, holistic means of managing identity, credentials, policy across boundaries –Fragmented identity infrastructure, inconsistent policy frameworks, process discontinuities –Potential security loopholes, expensive to manage Few Agency enterprise approaches exist Infrastructure requirements extend reach and range: –Increase scalability, lower costs –Balance of centralized and distributed management –Infrastructure must be more general-purpose and re-usable

E-Authentication In Addition to Policy, Three Focus Areas: Agency Application Risk Analysis  Modified proven process for E-Authentication Needs (eRA)  Focused on Identity Assurance at the Transaction Level Authentication Gateway  Provide validation services for multiple forms of ID credentials  Prototype gateway used to technical understanding of products  Agency business processes to broker identity assurance model  Establish common interfaces for doing electronic transactions Establish Process to Evaluate Electronic Credential Providers

Determining Authentication Needs Standardize process to assess the security risk Three primary risks: –Improper disclosure –Program fraud –Image/reputation of Agency Determine transaction risk –Recommend “appropriate” authentication for a given transaction –Examine transaction flow and vulnerabilities –Estimate cost and identify alternatives

Conducting eRA –An interdisciplinary team -- comprised of: business or mission-related staff information technology staff –eRA self-directed tool available to guide team through process produce consistent risk report with reduced effort –Provides basis for selecting Assurance Level Basis: SEI

eAuthentication Gateway Academia Health Care State or Federal Government Identity Verification Required Identity Verification Not Required Future of the Gateway Federal Agency Relying Parties Credential Providers Citizen Business Agent Direct Access Capability Preserved Credential Validation Process

The GATEWAY Concept ECP 1 ECP 2 ECP 3 DCP 2 DCP 1 Technology Mapping Ap1 Ap2 Ap3 Ap4 Ap5 GATEWAY Agency Applications Credential Providers 0 None 1 Medium 2 Substantial 3 Strong FEDBRIDGEFEDBRIDGE

Federal Authentication Infrastructures Existing Infrastructures for trusted transactions –E-Authentication Gateway provides a mechanism to evaluate ANY type of electronic Credential –Federal Bridge links together Public Key Infrastructure (PKI) based Trust domains –ACES provides an outsourced common infrastructure and PKI credentials for Trust domain with the public –NFC provides a managed infrastructure and PKI credentials for Trust domain for Agency operations –Common Access Card provides for common, secure platform for maintaining credentials Each has benefits for overall trust relationship

The Problem with PKI Concerns about complexity and cost Suitable when strong authentication needed Multiple Public Key Infrastructures operated by Agencies Operational PKIs have incorporated differing – Technical Solutions – Policy Decisions Federal Government also needs a mechanism for reliance on internal and external Trust Domains. Interoperability is the CHALLENGE! – Both Policy and Technical Interoperability

Acts as a trust “anchor” Enables digital credentials issued by one agency to be used /trusted at other agencies that have been cross-certified. Benefits of the Federal Bridge: Use of certificate policies and standards-based technologies and processes provides flexiblity Allows all organizations to make one security agreement with the Bridge CA, rather requiring multiple security agreements Allows trust interoperability between organizations and minimizes impact on the organization’s infrastructures and end-user applications Federal Bridge Certification Authority Enables certification between organizations so agencies “trust” each others public key credentials. The Federal Bridge:

Federal Bridge Certification Authority Certificate Policy Certificate Repository Certification Authority Certificate Holder Relying Party (Agency) Certificate Policy Certificate Repository Certification Authority Cross Certificate Certificate Policy 7 Certification Authority Relying Party (Agency) Certificate Holder Certificate Repository Path Construction: Kathy  Pink  FBCA  Green  Mike S/MIME Kathy Mike

Thank You For your Time & Attent ion