Policy on Standardization of Airport Access Security 14.May.2008

Transcription

1 Policy on Standardization of Airport Access Security 14.May.2008 Security Solutions & Services

2 Agenda What s happening in aviation security? What are the key policy drivers? What s happening to improve the situation? 1 Security Solutions & Services

3 Six events, all at once Security breaches Picked up by the press OMG factor Leads to Congressional action Consortium/Association actions DHS/TSA regulatory initiatives TSA specifications Rumored HSPD on biometrics for airports Oy 2 Security Solutions & Services

4 Generalized Weaknesses for IdM-CIS (Weaknesses are numbered, specific aspects are lettered) 1.Inappropriate Granting of an ID Card (or unwarranted Credential approval) a. Undetected ineligibility based on citizenship/immigration status b. Undetected previous derogatory information DHS c. Undetected previous derogatory information Criminal d. Undetected previous derogatory information Employment e. Mis-adjudicated identified derogatory/eligibility information all sources f. Insider support to avoid disqualification (NOTE: in items a-f, consideration must be given to both proactive imposters and inadvertent oversights/errors. Proactivity could take the form of aliases, false SSN, forged/tampered breeder documents, collusion, etc. 2.Fraudulent use of Active ID Card by Imposter a. Lost and unreported ID Card b. Stolen ID Card (and possibly PACS PIN) prior to reporting as stolen c. Cloned ID Card (and possibly PACS PIN) d. Spoofing biometrically enabled ID Card 3.Uncontrolled Revoked ID Card a. Local Privileges not removed with knowledge of ID revocation b. Local Privileges not removed due to absence of knowledge of revocation (e.g. transient employees with PACS Interoperable ID Card) i. Failure to report revocation by sponsor to issuer ii. Failure to report revocation by issuer to central services iii. Failure to request revocation information from central service iv. Failure to disseminate revocation information to PACS decision points v. Failure to validate revocation status at decision point c. Gain access at unattended, PACS controlled entry point using piggybacking (incidental) d. Gain access at unattended, PACS controlled entry point using piggybacking (collusion) e. Gain access at attended (not PACS controlled) entry point (photo sufficient likeness, human Identity verification error by attendant, attendant not diligent, etc.) (NOTE: italicized items are not IdM-CIS related issued, but rather are PACS related or external) 3 Security Solutions & Services

5 Taxi Bus Limo Public Terminal Area LANDSIDE Exit (Parking & Checkpoint Terminal Curbside checkin Entrance) LEO Courtesy Vans Rental Cars SCA Ft Train SCA Ft VIP Train Sterile Terminal Area FIS Utility tunnel G Gate G G O P S EAA/TSP Vendor Supplies A T C Air Operations Area (AOA) Secured Area & SIDA Catering Construction Vehicles & Changes Fuel CHRC/ID ACS Escort Challenge T&D DDR Aircraft Maintenance ARFF/ Structural Employee Parking Apt Maint & Vehicles Trash Cargo / Mail Remote or in-terminal.. FBO / GA Military & Joint Use Natural Barrier

6 Who Owns the Problem? By regulation and current law Airports Full ID verification to make an access decision ID Proofing may have been done by the employer Threat assessment Federal component Local component Issuance, activation and revocation In the future ID Proofing by DHS? Why are airports liable for the failure of EEV, STA, SAVE, etc.? 5 Security Solutions & Services

7 Many Parallel Events 14.March Federal Identity and Credentialing Committee s architecture working group published the draft Back-end Attribute Exchange Architecture and Technical Specification (BAE Spec) 1.April National Institute for Standards and Technology published Special Publication (SP ) in draft form 2.April AAAE forms the Biometric Airport Security Identification Consortium (BASIC) 29.April RTCA Special Committee 207 voted approval and completion of its work on the revisions to the DO-230A. This work is anticipated to publish as the DO-230B in June April The TSA just published to airports their draft Aviation Credential Interoperability Solution (ACIS) Technical Specification to the aviation community 7.May.2008 HR 5982??? HSPD? 6 Security Solutions & Services

8 Congressional H.R The Biometric Enhancement and Airport-Risk Reduction (BEAR) Act of 2008 The bill requires: The Transportation Security Administration (TSA) to study existing and proposed industry programs that enhance our biometric security systems at airports. TSA to study how airports can transition to uniform, standardsbased and interoperable biometric identifier systems for airport workers with unescorted access. TSA to submit to Congress a breakdown on best practices for issuing biometric credentials for airport workers. The Secretary of Homeland Security to spearhead a working group with industry stakeholders to strengthen private and public partnerships as they support the Secretary and Assistant Secretary in carrying out this Act. 7 Security Solutions & Services

9 ID and Systems managing the risk RTCA DO-230B takes a System of Systems approach Offensive strategies for positive controls IdM-CIS PACS Defensive and response strategies Intrusion Detection and Perimeter Detection Video Surveillance Central to all Communications infrastructure Security Operations Center (SOC) New territories Interoperable credentials 8 Security Solutions & Services

10 What is the key driver? Identity Assurance for an access decision FIPS 201 compliant technology and processes Credentials defined have three missions Personal Identity Verification (biometrics) Physical Access PACS Logical Access (PKI) LACS FIPS 201 is critical enabling technology Defines opportunity for Convergence between PACS and LACS More importantly Identity Assurance 9 Security Solutions & Services

11 Depending on your point of view FIPS 201 is upside down! HSPD-12 drove Federal Agencies to converged ID Extensive use of PKI in Federal applications FIPS 201 was driven by PKI policies and methods PACS was secondary Focused on interoperability across the federal enterprise Aviation environment defined by DO-230B Driven by Physical Access for safety and security of airport facilities and personnel Logical access using PKI is mentioned, but not exploited In airports, interoperability is _not_ required For the moment, that is 10 Security Solutions & Services

12 Consider the Opportunities Identity Assurance Confidence in WHO we are granting access to assets Convergence One person, one ID card, common understanding of access Revoke the ID card, revoke all access to the airport s networks, systems and services Using PKI login DoD experience: 90% reduction in penetration of critical systems Coordinated Identification Friend/Foe 11 Security Solutions & Services

13 System of Systems 12 Security Solutions & Services

14 Transfer Trust Link at privilege granting Application Authority Identity Authority An ID card asserts the identity of the legitimate cardholder, but may not grant explicit privilege Attribute Attribute Certification Certification Subject Verification Link at use Identity Identity Assertion Assertion Link at enrollment and vetting Establish Trust Person/ Subject 13 Security Solutions & Services

15 External revocation Federal/State/Local Business Suitability Sponsor Collect Biographic Collect Biometric Send enrollment Collect/examine Breeder Collect/examine sponsorship Sign complete enrollment STA/CHRC Revoke Evaluate Enrollment data Adjudicate Resolve disputes Redress Data Issue Renew Re-issue Re-Enroll Confirm applicant Identity Finalize card Confirm operation Issue Check Duplicate aviation wide Identify local duplicates Receive Secure prior to issuance External Duplicate ID Service (aviation wide) Print Personalize Control Inventory Send/Ship cards PACS/LACS

16 Sponsor Subject Applicant Apply Trusted Agent Enroll & Approve Participant Trusted Agent Bearer Issue Card Cardholder Register to PACS Trusted Agent Cardholder Imposter Cardholder Authorized Cardholder in ISSA

17 Threat/Risk Assessment ID Management and Credential Issuance System Gateway svcs DHS/TSA EAA TSP 1:n Biometrics PACS Gateway IDMS CMS Cert Auth Applicant Enrollment Issuance Workstation Cardholder

18 Threat/Risk Assessment 3 rd Party Shared Service Providers 1:n Biometrics Airport Owner/Operators Airlines DHS Gateway SSP Cert Auth Card Production Facility Local Law Enforcement Gateway IDMS PACS CMS ID Management and Credential Issuance System Applicant Enrollment Issuance Workstation Cardholder

19 Threat/Risk Assessment SSP Cert Auth 1:n Biometrics Applicant IDMS CMS Enrollment Card Production Facility Participant Issuance Workstation Cardholder ID Management and Credential Issuance System Registrant Registration Workstation PACS Gateway

20 Minimal ID Record Never divulged Credential Data Tables Driver s License Passport Social Security Card TWIC ACIS credential SIDA 1 lost SIDA 2 expired SIDA 3 current Person ID Credential Data Attribute Data PI Pointer Pointer Breeder Documents Encrypted at rest ID Binding Operational/ Issued Customer Credentials Svc Info; Operational Security Info Attribute Data Tables Fingerprint Images Iris Images Facial Image Fingerprint Templates Name Addr Contact Status Audit Activity

21 SSP Cert Auth PACS Gateway Gateway IdM-CIS PACS Appliance

22 SSP Cert Auth PACS Gateway Gateway IdM-CIS Registration Workstation Applicant

23 SSP Cert Auth PACS Gateway Gateway IdM-CIS Enrollment Registration Workstation Applicant Access Card Applicant

24 SSP Cert Auth SSP Cert Auth Gateway Attributes PACS Gateway Gateway IdM-CIS Gateway IdM-CIS Registration Workstation Applicant Applicant

25 Summary about Interoperable ID ID is not the end game Need both offense and defense involved Recognize challenges of our real world security Not just about me, more about situational awareness Interoperability is an end game the critical tool Enables management of situations Reduces costs, security risks Improves efficiency Shared Services are critical Duplication checking reduces ID fraud and known risks Secure ID can be expensive Share the load 24 Security Solutions & Services

26 TSA ACIS ACIS, in current draft, enables Phase 1 - Identity Assurance, through a standardized ACIS credential and trust model, supporting local decisions for access control Phase 2 - Field challenge programs for identity within an airport Phase 3 - Over time, the opportunity for an interoperable access tool Carefully designed, it does not specify contactless operations until phase 3 Allows use of existing PACS infrastructure Supports migration planning Allows time for interoperable contactless biometric application to be developed 25 Security Solutions & Services

27 BASIC BASIC Concept of Operations thumbnail: Airports participating in BASIC have identified several key principles that must be part of any future biometric-based badging and access control systems, including: Safeguards on local control and issuance of credentials, Leveraging of existing capital investments and resources, Open architecture and local determination of qualified vendors, and Phased implementation that migrates over time. No public meetings yet. These are anticipated soon. Should gain significantly from prior art RTCA DO-230B ACIS specification RTIC process (not necessarily resulting spec) 26 Security Solutions & Services

28 Concerns to Manage Federation When and if it is needed Privacy and security Of the information in the credential Of the information in databases/on networks Of the information printed on the credential Against attackers By policy and law Weighed against Operational need Expectations of the bearer 27 Security Solutions & Services

29 ID coming to you Federal Initiatives advance around FIPS 201 Drives lower costs of total system ownership Mitigates risks for fraudulent access Impacts parallel environments Hospitals Airports Enterprise seeking to do business with Government Enterprise with extranet relationships Opportunities to exploit OpenID Use of a secure ID in your customer relationship 28 Security Solutions & Services

30 Significant Areas Yet to be Addressed Identity Assurance technology for interoperability is there Policies and cultures yet to be updated Visual ID challenge programs vs. Electronic challenge Trust infrastructures Federal Bridge availability Access to NACI or ability to define equivalency Technologies to finalize gateways Look to Back-End Attribute Exchange Specification by GSA AWG 29 Security Solutions & Services

31 Stephen P. Howard VP Thank Business You! Development, Identity Management Thales e-security, Inc Security Solutions & Services