ABCsofPKI-ICAO.pptVIP

ABC’s of PKI TAG Presentation 18th May 2004 Paul Butler Agenda Role of trust PKI concepts PKI components Management framework Passport signing requirement Deployment issues Operational Issues Guidance Security Model Must answer the questions: What data are we protecting? integrity of biometric information on chip in passport Why are we protecting it? Maintain integrity of passport Who or what are we protecting it against? Those who would seek to alter data to falsify passport When are we protecting it? Throughout the life of the passport For passport issuers, the model revolves around TRUST The Role of Trust Trust is usually based on some form of identity Direct Trust Based on personal relationship, where trust is handled directly Breaks down when too many members in trusted relationship to handle directly Third Party trust Trust in individual changes to trust in a system Passports represent the national identity of an individual PKI Concept Public Key Infrastructure based on asymmetric cryptography. Relies on a key pair, one private and one public Private key is secret Public key is freely available, linked to identity of certificate owner Private key cannot be computed from public key Concept is then applied into applications Public Key Infrastructure Business uses include: Authentication of identity for individual, organization or device (authentication) Confirmation that data has not been tampered with (integrity) Confirmation that transaction took place (non-repudiation) Maintain data confidentiality (encryption) Guarantee that transaction took place at specific time (secure time stamp) PKI Components Mechanism to issue certificates Certificate authority (CA) Mechanism to validate certificates Directory services Certificate Revocation List Key history Potentially, source of trusted time for stamping Controlled Process to enroll and manage certificate holders - Registration Authority (RA) Process to revoke certificates which are no longer valid (distinct f