Copyright © 2008, CIBER Norge AS 1 Using eID and PKI – Status from Norway Nina Ingvaldsen and Mona Naomi Lintvedt 22 nd October 2008.

Slides:

Advertisements

Similar presentations

Smart Certificates: Extending X.509 for Secure Attribute Service on the Web October 1999 Joon S. Park, Ph.D. Center for Computer High Assurance Systems.

Advertisements

Public Key Infrastructure and Applications

Introduction of Grid Security

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Certificates Last Updated: Aug 29, A certificate was originally created to bind a subject to the subject’s public key Intended to solve the key.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

Public Key Management and X.509 Certificates

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

Identity Standards (Federal Bridge Certification Authority – Certificate Lifecycle) Oct,

Authentication Cristian Solano. Cryptography is the science of using mathematics to encrypt and decrypt data. Public Key Cryptography –Problems with key.

HIT Standards Committee: Digital Certificate Trust – Policy Question for HIT Policy Committee March 29, 2011.

6/1/20151 Digital Signature and Public Key Infrastructure Course:COSC Instructor:Professor Anvari Student ID: Name:Xin Wen Date:11/25/00.

Encryption and the Law: The need for a legal regulatory framework for PKI Yee Fen Lim Department of Law Macquarie University.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

Department of Information Engineering1 Major Concerns in Electronic Commerce Authentication –there must be proof of identity of the parties in an electronic.

16.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft® Windows® Server 2003 Active Directory Infrastructure.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 9: Planning and Managing Certificate Services.

E-Procurement: Digital Signatures and Role of Certifying Authorities Jagdeep S. Kochar CEO, (n)Code Solutions.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

A S I A P A C I F I C N E T W O R K I N F O R M A T I O N C E N T R E 36th RIPE Meeting Budapest 2000 APNIC Certificate Authority Status Report.

Presented by Xiaoping Yu Cryptography and PKI Cosc 513 Operating System Presentation Presented to Dr. Mort Anvari.

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

E-Government Security and necessary Infrastructures Dimitrios Lekkas Dept. of Systems and Products Design Engineering University of the Aegean

TrustPort Public Key Infrastructure. Keep It Secure Table of contents  Security of electronic communications  Using asymmetric cryptography.

© Julia Wilk (FHÖV NRW) 1 Digital Signatures. © Julia Wilk (FHÖV NRW)2 Structure 1. Introduction 2. Basics 3. Elements of digital signatures 4. Realisation.

Overview of Digital Signatures Introduction To Networks and Communications (CS 555) Presented by Bharath Kongara.

1. INDEX 2 A signature is a handwritten depiction of someone’s name or nickname that a person writes on documents as proof of identity and intent. Signature.

Controller of Certifying Authorities PKI Technology - Role of CCA Assistant Controller (Technology) Controller of Certifying Authorities Ministry of Communications.

INTRODUCTION Why Signatures? A uthenticates who created a document Adds formality and finality In many cases, required by law or rule Digital Signatures.

Controller of Certifying Authorities Public Key Infrastructure for Digital Signatures under the IT Act, 2000 : Framework & status Mrs Debjani Nag Deputy.

Public Key Infrastructure Ammar Hasayen ….

Digital Signature Technologies & Applications Ed Jensen Fall 2013.

Secure Systems Research Group - FAU Patterns for Digital Signature using hashing Presented by Keiko Hashizume.

Digital Certificates Public Key Deception Digital Certificates Certificate Authorities Public Key Infrastructures (PKIs)

National Smartcard Project Work Package 8 – Security Issues Report.

Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

_______________________________________________________________________________________________________________ E-Commerce: Fundamentals and Applications1.

EGovernment Services in Poland Today & in The Future Dariusz Bogucki Ph.D, IDA II, National Co-ordinator National Registers Department, Ministry of Internal.

Risks of data manipulation and theft Gateway Average route travelled by an sent via the Internet from A to B Washington DC A's provider Paris A.

SECURITY MANAGEMENT Key Management in the case of public-key cryptosystems, we assumed that a sender of a message had the public key of the receiver at.

Certificate-Based Operations. Module Objectives By the end of this module participants will be able to: Define how cryptography is used to secure information.

Digital Signatures A Brief Overview by Tim Sigmon April, 2001.

INFSO-RI Enabling Grids for E-sciencE Sofia, 22 March 2007 Security, Authentication and Authorisation Mike Mineter Training, Outreach.

Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.

Key Management. Session and Interchange Keys  Key management – distribution of cryptographic keys, mechanisms used to bind an identity to a key, and.

Compliance Defects in Public- key Cryptography “ A public-key security system trusts its users to validate each others’s public keys rigorously and to.

DIGITAL SIGNATURE.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

Electronic Security and PKI Richard Guida Chair, Federal PKI Steering Committee Chief Information Officers Council

1 Public Key Infrastructure Rocky K. C. Chang 6 March 2007.

Content Introduction History What is Digital Signature Why Digital Signature Basic Requirements How the Technology Works Approaches.

Prof. Reuven Aviv, Nov 2013 Public Key Infrastructure1 Prof. Reuven Aviv Tel Hai Academic College Department of Computer Science Public Key Infrastructure.

INFSO-RI Enabling Grids for E-sciencE Sofia, 17 March 2009 Security, Authentication and Authorisation Mike Mineter Training, Outreach.

 Introduction  History  What is Digital Signature  Why Digital Signature  Basic Requirements  How the Technology Works  Approaches.

TAG Presentation 18th May 2004 Paul Butler

Key management issues in PGP

TAG Presentation 18th May 2004 Paul Butler

Digital Signature.

IS3230 Access Security Unit 9 PKI and Encryption

Public Key Infrastructure

Technical Approach Chris Louden Enspier

CS 465 Certificates Last Updated: Oct 14, 2017.

Install AD Certificate Services

PKI (Public Key Infrastructure)

National Trust Platform

Presentation transcript:

Copyright © 2008, CIBER Norge AS 1 Using eID and PKI – Status from Norway Nina Ingvaldsen and Mona Naomi Lintvedt 22 nd October 2008

Copyright © 2008, CIBER Norge AS 2 Agenda Short introduction to PKI Framework for using PKI –Norwegian framework for eID and PKI –The PKI specification: Levels of security –The common framework: Levels of risk –The common framework: Levels of security Concepts within PKI –Definitions –Creating a signature –Validating a signature –Signed Data Objects Using eID in Norway

Copyright © 2008, CIBER Norge AS 3 Short introduction to PKI Public Key Infrastructure An arrangement that binds public keys with respective user identities by means of a certificate authority (CA) Identification and authentication Signature Encryption PKI provides the highest level of authentication, but the use of electronic ID with lower security is more common. The use should always be based on necessary and adequate security.

Copyright © 2008, CIBER Norge AS 4 Norwegian framework for eID and PKI EU Directive 1999/93 Community framework for electronic signatures Norwegian Electronic Signatures Act -Concerning the secure and efficient use of electronic signatures -Requirements for qualified certificates and the issuers of certificates A common Requirements specification for PKI for the public sector:Requirements specification for PKI for the public sector -A general, functional specification of the requirements applicable to the procurement of PKI for use in electronic communication with and within the public sector -Specifies three security levels for PKI A common framework for Authentication and Repudiation: -Advise on assessing adequate security of egovernment services to establish common criteria and practice -Divided into two categories: Level of risks and level of security

Copyright © 2008, CIBER Norge AS 5 The PKI specification: Levels of security Person High: Transactions where there is a need for a high degree of certainty about the identity of the originator; eg. access to particularly sensitive information or where damage caused by compromise would be extensive Person Standard: Transactions where there is a need for a reasonable degree of certainty about the identity of the originator or where the damage caused by compromise would be medium level Enterprise: Transactions where there is a need for a high degree of certainty that the originator is/represents a specified enterprise or where the damage caused by compromise would be extensive

Copyright © 2008, CIBER Norge AS 6 The common framework: Levels of risk -Level 1: No risk for negative consequences if there occurs a security breach during authentication/signing -Level 2: Low or minimal damages or consequences -Level 3: Moderate damages or consequences -Level 4: Large and possibly permanent damages or consequences -Risk = Probability x Consequences -Criteria’s for deciding the risk level -Consequences for life and health -Financial losses -Loss of reputation / integrity -Prevention of prosecution -Negligently contribution to violation of the law -Inconvenience

Copyright © 2008, CIBER Norge AS 7 The common framework: Levels of security -Level 1: No or low security requirements, open information -Level 2: One authentification factor -Level 3: Two authentification factors, where one is dynamic -Level 4: PKI -Criteria’s for deciding the security level -Requirements for authentication factors and their security properties -Requirements for distributing electronic IDs to the users -How stored authentication factors must be secured -Requirements to repudiation -Requirements to public approval

Copyright © 2008, CIBER Norge AS 8 Concepts of PKI Definitions: Electronic signatures –Electronic IDs –Public and private keys –Certificates Creating a signature Validating a signature –Validating the signature –Validating the certificate Signed data objects –How to store validated signatures over time

Copyright © 2008, CIBER Norge AS 9 Definitions: Electronic signature An electronic signature is used for signing electronic information in order to give the receiver a proof of the senders identity (authentication) and the documents integrity. This is done by encrypting the information using the signers private key [1]. The user receiving the information can validate the signature using the signers public key [2], that is sent together with the shipment. The public signature is also made available at a Certificate Authority, CA [3]. [1][1] A private key is a key that only is available for the owner of the key. It is used for encrypting a document or creating an electronic signature. [2][2] A public key is a key that is made public for all communication parts, and is used for decrypting an encrypted document or validating an electronic signature. [3][3] The CA is a trusted authority that issues the private / public key pair to a user (certificate), and holds a list of valid public keys for users, in addition to a Certificate Revocation List (CRL) for expired key pairs, stolen keys or other keys that no longer can be trusted.

Copyright © 2008, CIBER Norge AS 10 Creating a signature Signing modul Hash() Document private )( hash value SENDER Electronic signature

Copyright © 2008, CIBER Norge AS 11 Validating a signature Validating signature Validating certificate Electronic signature CA OK / not OK Hash() Document hash value SENDER hash value RECEIVER compare Certificate public )( Electronic signature

Copyright © 2008, CIBER Norge AS 12 Signed data objects A certificate will always end up in a CRL-list  Expired, stolen, lost… How can we in 10 years validate an electronic signature? -In Norway it is created a standard for storing validated signatures – SEID-SDO. -The standard makes it possible to store and exchange documents signed by electronic signatures over time. -It is solved by adding data into the signed data object at the time of validation; who validated the signature and the status of the signature at validation time. SEID-SDO Document Certificate Electronic signature Validation information

Copyright © 2008, CIBER Norge AS 13 Using eID in Norway Several private and public distributed eIDs are in use – mostly level 2 and 3. PKI is not commonly used Norway are developing an intercommunication hub called ’Samtrafikknavet’ ’Samtrafikknavet’ will validate already existing public eID (and possibly private), and provide Single Sign-On for the citizens of Norway in their use of e- Goverment services The project was assigned 80 MNOK on the budget for 2009 DIFI is managing the development and implementation project, and will be the administrator of the service A parallel project is to distribute a level 4 eID (PKI) in a national ID card developed by the Ministry of Justice

Copyright © 2008, CIBER Norge AS 14 Questions?