File submissions to VINN and KRITA

Transcription

1 Date Page (10) Recipient: Respondents to VINN and KRITA File submissions to VINN and KRITA Summary This document briefly describes the VINN/KRITA solution for file submissions in the form of texts or sequence diagrams. The document also contains a brief description of the technical solution from a security perspective Postal address Box 24300, SE STOCKHOLM SE ÖREBRO Corporate ID number: Visiting address Karlavägen 100 Klostergatan 23 scb@scb.se VAT no.: SE Telephone Fax

2 2 (10) Contents File submission... 3 Text description... 3 Delivery of certificates... 3 Delivering data M2M... 3 Manual submission of data... 4 File delivery status... 5 M2M client... 5 Sequence diagrams... 6 Delivery of certificates... 6 Delivering data M2M... 7 Manual submission of data... 8 General security initiatives for Vinn/Krita... 9 Penetration tests... 9 SSL LABS test... 9 Risk analysis... 9 Security related to authentication and transfers... 9 M2M solution... 9 Manual submissions Server certificates Protocols... 10

3 3 (10) File submission Text description Delivery of certificates 1. The data provider contacts Statistics Sweden by to or requesting a certificate for the machine-to-machine solution. 2. The order of a certificate is verified by an administrator at Statistics Sweden. 3. The administrator at Statistics Sweden registers the certificate user in the Vinn/Krita administrator interface. 4. A certificate is created by the authentication solution. 5. The password for the certificate s private key is displayed on the screen for the administrator 6. The administrator prints the password 7. The administrator sends the password for the certificate s private key by registered mail to the data provider who requested the certificate. 8. The data provider receives the message that the certificate is ready for downloading, together with the certificate password. 9. The data provider logs in according to the flow for manual reporting. 10. The data provider chooses which certificate to get. 11. The data provider chooses to download the certificate. Delivering data M2M 1. The respondent s M2M client transmits the file with a POST call to undersökning}/{filformat}/{version?} 2. Verification of certificate a. verification against the root certificate that the signature is correct and belongs to Statistics Sweden s internal CA b. verification of the certificate s validity date c. verification against the revocation list 3. The certificate s serial number is matched with a user identity. 4. Vinn/Krita receives the file and authenticated user

4 4 (10) 5. Verification of whether the user is allowed to submit the file for the a. organisation stated b. survey c. file format (XML Schema) 6. The format of the submitted file is validated 7. If the submission is correct a. The file is saved in a database b. The uploading ID is returned 8. Otherwise, an error code is returned (401 or 500) Manual submission of data 1. The data provider attempts to connect to the Vinn/Krita e- service and is requested to enter the user name and password they received from Statistics Sweden. 2. An OTP is sent as a text message together with instructions to the mobile phone number associated with the data provider. At the same time, the data provider is prompted in the login view to provide the OTP they received to their mobile phone. 3. When the correct OTP has been entered, the data provider can submit data in the e-service. 4. The data provider chooses Submit data in the main menu. 5. The data provider chooses the respondent to which the data refer. 6. The data provider chooses survey. 7. The data provider enters the file format (contract) for reporting. 8. The data provider enters the path to the relevant XML file and presses Upload to submit the file to Statistics Sweden. 9. When the file is uploaded, a row will be created in the list of total uploads, with the current status shown as Verification in progress. 10. If the upload was successful, the file will be given the status Uploaded, but if something went wrong, the status will be changed to Error message and require action by the data provider. Statuses: a. Verification in progress A file is currently being uploaded.

5 5 (10) b. Uploaded The file has been uploaded, passed the validation step without problems and been transferred to the VINN or KRITA system. c. Error message One or more errors were identified during the validation process and the file has been stopped. 11. If an error has occurred: The data provider corrects the file in their systems and resubmits it to Statistics Sweden. Please note that the complete file should be resubmitted, for new verification. 12. To log out actively, there is a Log out button on the upper right side. 13. If the user is inactive, the session will be terminated after 65 minutes. The longest time a user can remain logged in is 10 hours; thereafter, they are logged out automatically. File delivery status The indata portal includes a list with statuses for submissions made. A corresponding list can also be obtained via API using a GET call to the address The parameter ID refers to the uploading ID that was returned when uploading files using the machine-to-machine solution. The response is returned in json format and contains information on whether an uploaded file has been received and uploaded or if potential error messages has occured. If the call is made without an ID, a list of results will be returned for all file upload attempts made for the combination of corporate identification number and survey linked to the certificate. M2M client Each respondent is free to develop their own M2M client for file submission, but to facilitate matters, Statistics Sweden has developed client software with support for the machine-to-machine solution. The source code for the client software can be provided upon request. It is possible to carry out a test to verify that the connection to the machine-to-machine solution works properly and that the certificate is validated, through a GET call to If the call works properly, 200 (OK) is returned along with the time of the call.

6 6 (10) Sequence diagrams Delivery of certificates

7 Delivering data M2M Page 7 (10)

8 Manual submission of data Page 8 (10)

9 9 (10) General security initiatives for Vinn/Krita Penetration tests At the request of Statistics Sweden, an external security company carried out a security review of the Vinn/Krita solution for file submissions via the indata portal and machine-to-machine interface for the corresponding service, with good results. SSL LABS test Tests at SSL LABS for HTTPS give the rating A+, which is the highest possible rating. Risk analysis In the autumn of 2016, a number of workshops have been held to identify and analyse risks regarding the authentication and file delivery in Vinn/Krita. The participants in the workshops were members of the Vinn/Krita project and representatives of the security department, the operations department, the project for a general authentication solution and the architecture department. During the discussions, it was established that the prioritised risks involve the leaking of sensitive information. The risk of attacks against data integrity is considered low, as Statistics Sweden has functioning procedures in place for analysing data and identifying deviations. Security related to authentication and transfers M2M solution A client certificate is used to identify clients in the Vinn/Krita M2M solution. The client certificates are issued by an internal CA at Statistics Sweden. These certificates should be trusted by Statistics Sweden and are distributed to banks. The client certificates are not linked to an individual but to a company, and they are used by client software run on a server. The certificates are not linked to a specific machine but can be transferred if needed. It is up to the bank to keep the private key secure after it has been distributed by Statistics Sweden. The certificates have been signed using SHA-256 and both rootca and SubCA use RSA 4096 bit RSA keys. Certificates are valid for two years, after which they will be replaced.

10 10 (10) Manual submissions For manual submission via the indata portal, user names, passwords and OTP (One Time Passwords) by text message are used, and this solution is linked to an individual person. Server certificates For the secure verification of Statistics Sweden s identity and for client-server communication, a server certificate issued by an external CA is used. The certificates are signed using SHA-256 with a 2048 bit key. Protocols The current active protocols for the M2M and manual submission solutions are TLS 1.0, TLS 1.1 and TLS 1.2, to avoid imposing too severe limitations on the respondents client software.