The Open Protocol for Access Control Identification and Ticketing with PrivacY

Similar documents
August, Actividentity CTO Office

Getting to Grips with Public Key Infrastructure (PKI)

PKI Credentialing Handbook

DFARS Requirements for Defense Contractors Must Be Satisfied by DECEMBER 31, 2017

Who s Protecting Your Keys? August 2018

Strategies for the Implementation of PIV I Secure Identity Credentials

FIPS Security Policy

Open Mobile API The enabler of Mobile ID solutions. Alexander Summerer, Giesecke & Devrient 30th Oct. 2014

ID-One PIV (Type A) FIPS Security Policy. (PIV Applet Suite on ID-One Cosmo V7-n) Public Version

g6 Authentication Platform

CREDENTSYS CARD FAMILY

PRODUCT INFORMATION BULLETIN

SecureDoc Disk Encryption Cryptographic Engine

BlackVault Hardware Security Platform SECURE TRUSTED INTUITIVE. Cryptographic Appliances with Integrated Level 3+ Hardware Security Module

Seagate Secure TCG Enterprise SSC Pulsar.2 Self-Encrypting Drive FIPS 140 Module Security Policy

Single Secure Credential to Access Facilities and IT Resources

Changes to SP (SP ) Ketan Mehta NIST PIV Team NIST ITL Computer Security Division

This version of the IDGo 800 middleware contains the following components: IDGo 800 Credential Provider build 01

Secure Government Computing Initiatives & SecureZIP

IDCore. Flexible, Trusted Open Platform. financial services & retail. Government. telecommunications. transport. Alexandra Miller

YubiKey Smart Card Minidriver User Guide. Installation and Usage YubiKey 4, YubiKey 4 Nano, YubiKey 4C, YubiKey 4C Nano, YubiKey NEO, YubiKey NEO-n

Revision 2 of FIPS 201 and its Associated Special Publications

Guidance for Requirements for qualified trust service providers: trustworthy systems and products

Mobile Devices as Identity Carriers. Pre Conference Workshop October 14 th 2013

Security in NFC Readers

OCF 2.3 RBSTG: Bridging Security Editorial Cleanup Sec WG CR Legal Disclaimer

SmartCards as electronic signature devices Progress of standardization. Helmut Scherzer, CEN TC224/WG16 (Editor) IBM Germany

AXIAD IDS CLOUD SOLUTION. Trusted User PKI, Trusted User Flexible Authentication & Trusted Infrastructure

Designing Network Encryption for the Future Emily McAdams Security Engagement Manager, Security & Trust Organization BRKSEC-2015

White Paper for Wacom: Cryptography in the STU-541 Tablet

YubiKey Smart Card Minidriver User Guide. Installation and Usage YubiKey 4, YubiKey 4 Nano, YubiKey 4C, YubiKey 4C Nano, YubiKey NEO, YubiKey NEO-n

Next Generation Physical Access Control Systems A Smart Card Alliance Educational Institute Workshop

Digital Certificates Demystified

Interagency Advisory Board Meeting Agenda, February 2, 2009

FIPS Non-Proprietary Security Policy. Level 1 Validation Version 1.2

Operated by Los Alamos National Security, LLC for the U.S. Department of Energy's NNSA

IMPLEMENTING MICROSOFT CREDENTIAL GUARD FOR ISO 27001, PCI, AND FEDRAMP

Interagency Advisory Board HSPD-12 Insights: Past, Present and Future. Carol Bales Office of Management and Budget December 2, 2008

SafeNet Authentication Client

Connecting Securely to the Cloud

WHAT FUTURE FOR CONTACTLESS CARD SECURITY?

hidglobal.com Still Going Strong SECURITY TOKENS FROM HID GLOBAL

Using PIV Technology Outside the US Government

DataTraveler 5000 (DT5000) and DataTraveler 6000 (DT6000) Ultimate Security in a USB Flash Drive. Submitted by SPYRUS, Inc.

NFC Identity and Access Control

PKI Knowledge Dissemination Program. PKI Standards. Dr. Balaji Rajendran Centre for Development of Advanced Computing (C-DAC) Bangalore

Past & Future Issues in Smartcard Industry

SENETAS ENCRYPTION KEY MANAGEMENT STATE-OF-THE-ART KEY MANAGEMENT FOR ROBUST NETWORK SECURITY

Dissecting NIST Digital Identity Guidelines

Security Requirements for Crypto Devices

FIPS Non-Proprietary Security Policy

Public Key Infrastructure PKI. National Digital Certification Center Information Technology Authority Sultanate of Oman

Identity and Authentication PKI Portfolio

Keep your fingers off my keys today & tomorrow

Interagency Advisory Board Meeting Agenda, Wednesday, May 23, 2012

Interagency Advisory Board Meeting Agenda, February 2, 2009

White paper. Combatant command (COCOM) next-generation security architecture

FIPS SECURITY POLICY FOR

Key Management. Digital signatures: classical and public key Classic and Public Key exchange. Handwritten Signature

Internet Engineering Task Force (IETF) Category: Informational ISSN: October 2013

Apple Inc. Certification Authority Certification Practice Statement

Leveraging HSPD-12 to Meet E-authentication E

U.S. E-Authentication Interoperability Lab Engineer

egov & PKI By: Alaa Eldin Mahmoud Aly YOUR LOGO

MAESON MAHERRY. 3 Factor Authentication and what it means to business. Date: 21/10/2013

Strong Authentication for Physical Access using Mobile Devices

ADmitMac PKI Executive Summary. 2010, Thursby Software Systems, Inc.

CERN Certification Authority

The SafeNet Security System Version 3 Overview

The Benefits of EPCS Beyond Compliance August 15, 2016

SafeNet Authentication Client

Secure Lightweight Activation and Lifecycle Management

IDPrime MD 830-revB FIPS Cryptographic Module Non-Proprietary Security Policy Level 3

SafeNet Authentication Client

SmartCard-HSM. n-of-m Authentication Scheme

An Overview of Draft SP Derived PIV Credentials and Draft NISTIR 7981 Mobile, PIV, and Authentication

SafeNet Authentication Client

Introducing Hardware Security Modules to Embedded Systems

FIPS Security Policy. for Marvell Semiconductor, Inc. Solaris 2 Cryptographic Module

1) Revision history Revision 0 (Oct 29, 2008) First revision (r0)

DoD Wireless Smartphone Security Requirements Matrix Version January 2011

YubiKey Smart Card Deployment Guide

Applications using ECC. Matthew Campagna Director Certicom Research

Multiple Credential formats & PACS Lars R. Suneborn, Director - Government Program, HIRSCH Electronics Corporation

Hypori Virtual Mobile Infrastructure Platform Android Cloud Environment Client Common Criteria Assurance Activities Report

WAP Security. Helsinki University of Technology S Security of Communication Protocols

AN12120 A71CH for electronic anticounterfeit protection

Internet Engineering Task Force (IETF) ISSN: January Suite B Profile for Transport Layer Security (TLS)

PIN Security Requirements

DHS ID & CREDENTIALING INITIATIVE IPT MEETING

Advanced Security Mechanisms for Machine Readable Travel Documents and eidas Token

Assurance Activity Report (AAR) for a Target of Evaluation

YubiKey Smart Card Deployment Guide

ID-One Cosmo V7-a Smart Card Cryptographic Module

About FIPS, NGE, and AnyConnect

Digital signatures: How it s done in PDF

ENTRUST DATACARD DERIVED PIV CREDENTIAL SOLUTION

FIPS and NIST Special Publications Update. Smart Card Alliance Webinar November 6, 2013

SafeNet Authentication Client

Security Specification

Transcription:

The Open Protocol for Access Control Identification and Ticketing with PrivacY For Secure Contactless Transactions and Enabling Logical and Physical Access Convergence October 2010 Actividentity 2

OPACITY The Program 3

What is OPACITY The program. Open Protocol for Access Control Identification and Ticketing with privacy A program to design and promote a new protocol suite to allow the removal of usage restrictions on contactless transactions A protocol suite A set of specifications A reference implementation A standardization initiative A review program A proof of concept A statutory invention registration A proof of concept A product 4

What is OPACITY The program. A protocol Suite: generic, standard, authentication and key agreement protocols specially optimized for fast contactless transactions. a stable target (20/30 years) for Physical Access Control Systems (PACS). 5

What is OPACITY The program. A protocol suite: Designed to protect information over the air End to end secure channel protection for digital transactions With security enhancements, such as forward secrecy and full privacy, sensitive or privileged information can now be exchanged over the air with assurance. Designed for performance Optimized for performance. (Elliptic curve, persistent binding, single command) Designed for easy integration Simple cryptographic key management Easy integration (one command one response) 6 Designed to be easily certified and last NSA Suite-B, NIST 800-56A compliant (FIPS 140-2 approved protocol)

What is OPACITY The program. A set of specifications, The specification fully describes the protocol constructs but also its standard, ISO compliant implementation at the card-edge on a User smart card and on a Secure Authentication Module (SAM) smart card. The specification fully describes the protocol constructs but also its standard, ISO compliant implementation at the card-edge on a User smart card and on a Secure Authentication Module smart card. The specification itself is covered by an Apache 2.0 license so that no Intellectual Property claims can be made on it and is provided royalty free to the community. See http://www.apache.org/licenses/license-2.0. See the current OPACITY specifications. Opacity-protocol-specification-3-5.doc. 7

8 What is OPACITY The program. A reference implementation, The reference implementation provides an immediate and unambiguous guidance on interpreting the specification. For the first time, and uniquely a reference implementation includes applet code, For the first time, a reference implementation covers the concept of a SAM, which is a smartcard chip, issued with the same infrastructure than user card and with the same level of certification. For the first time, in compliance with NIST guidance, ALL the crypto on the terminal side is implemented in the FIPS boundary of the SAM reference, which considerably facilitates and speeds up integration. Also the resulting level of Assurance and Certification of the integration is much higher. The reference implementation has been successfully tested on cards from Oberthur, Gemalto, G&D, NXP, Infineon. The reference implementation is covered by an Apache 2.0 license so that no Intellectual Property claims can be made on it and is provided royalty free to the community. See "http://www.apache.org/licenses/license-2.0"

What is OPACITY The program. A review program, The specifications and/or the reference implementation have been reviewed by personnel of: US NIST, US Dod, BT, and members of the PACS community such as NEDAP, BORER, TDS, Hirsch/SCM 9

What is OPACITY The program. A Standardization initiative: Various contribution were made under the program. ISO 24727-3 (SMAV3) ISO 24727-6 (the final registration of the protocol as an ISO standard is in progress and should be completed by end of August). ANSI-GICS part1/part2: the next revision of PIV targeted for publication in December 2010. A Proof Of Concept Includes the complete provisioning of an OPACITY PIV 2-7 card as well as physical and logical access usage. A few download sites are being identified: ActivIdentity SmartCard Alliance Muscle ORG. 10

What is OPACITY The program. A Statutory Invention Registration A special type of patent, which protects the protocol but excludes royalties, has been filed and protects the community using OPACITY from anyone trying to patent the protocol. A product, with supporting Actividentity applets, middleware and CMS with FIPS certification targeted for completion in December 2010 on multiple card platforms. 11

Status of the OPACITY Program 12 Specification and standardization OPACITY Protocol Specification 3.5. Compliance with the NIST SP 800-56A protocol recommendations has been reviewed and greenlighted by NIST Based on optimizations of NIST SP 800-56A compliant ECC-based authentication protocols contributed by Actividentity to ISO 24727-3 in 2008. Written into current draft of GICS part 2. First protocol registered to ISO24727-6 (SAI Global - ISO registry) Publication Published to SCA as first industry contribution http://www.smartcardalliance.org/pages/smart-cards-contributions-opacity Reference implementation Current is Revision 7 with Apache license 2.0 Currently distributed on http://sourceforge.net/projects/opacity Proof of Concept ActivIdentity Windows7 mini-driver part of the OPACITY POC Actividentity prototype PACS Communicated to a few PACS vendors.

OPACITY Technology and Solutions 13

Opacity protocol Overview Only one Command for robust transactions ICC Full PKI protocol based on NSA Suite B and NIST 800-56 for easy FIPS140-2 level3 certification Client Application Host SAM full privacy in response Full protection No Skimming No Sniffing No Man-in-the-middle Forward secrecy 14 Contact or contactless interface Simple, lightweight SAM Integration

Use Cases what can we do with OPACITY Strong Authentication and Secure channel to the door or door controller for physical access Return encrypted code in one fast contactless transaction Use of end-to-end secure messaging to transport PIN or biometrics or PACS credential via a contactless communication Strong Authentication and Secure channel for transit applications and ticketing Strong Authentication and Secure channel to remote services via trusted terminals (desktops, laptops, tablets, phones and kiosks) Use of secure messaging to provide an end-to-end protected path for identity proofing and cloud service transaction signing Strong Authentication and Secure channel to desktops, laptops and kiosks for logical access Use of secure messaging to provide an end-to-end protected path for document or transaction decryption and signature using a secure element or a smart card 15

Opacity Use cases Mobile Phone Secure Element OR Smart Card OPACITY - FS OPACITY - FS Doors SAM OPACITY - ZKM OPACITY - FS OPACITY - FS OPACITY - FS Laptops Desktops Kiosks Laptops Desktops Kiosks SAM Transportation Ticketing SAM SE Application and Key Management HSM 16

OPACITY Simple Key Management: the CVCs OPACITY is a PKI based Key establishment and Authentication protocol that relies on Elliptic Curve Cryptography ECDH and ECDSA as well as AES (128/256) and SHA256. OPACITY is optimized for secure contactless transaction such as Physical Access. In order to combine very fast performance and very high security OPACITY uses Card Verifiable Certificates, ie, CVC, which are tiny certificates defined per ISO7816-8 annex B, and specialized as in EN 14890-1 section 14. The CVCs are created and securely injected on smartcards by a Card Management System operating with a Digital Signatory based on a Hardware Security Module or a CA. (CVCs are not self-signed!). OPACITY simple key management principles: Secret or private keys are never shared (keys are always unique to a device). No Master key is needed. 17

Opacity Simple and efficient Key Management ICC CVC For each Domain SAM CVC Da Db ICC SAM Dc Dz Root public keys of host domains for verifying SAM CVCs for Opacity- FS N/A to ZKM Private ICC Auth Key Private SAM Auth Key Root public keys of ICC domain for verifying ICC CVC 18 No Distribution of Secret keys

Opacity Cross Domain PKI SAM Private Auth Key Door Host A0 SAM Dz Laptop A1 SAM Domain Da Hosts Dz Da Db ICC (Domain Dz) Dc Kiosk B0 Host SAM Root public keys of ICC domain for verifying ICC CVC Dz 19 ICC CVC ICC Private Auth Key Domain Db Hosts

OPACITY Modes: ZKM and FS OPACITY supports two main protocols: - Zero Key Management (ZKM aka. SMAv3) that does not require ANY secrets to be stored on a terminal. - Forward Secrecy (FS), that provides enhanced privacy protection and durable confidentiality and very high level of Assurance, but require a static PKI credential stored and operated by the terminal. An other mode, Forward Privacy (FP), in addition provides durable privacy. The OPACITY reference implementation provides an Secure Authentication Module (SAM) applet. A SAM is a secure ICC or a smartcard device embedded into a Terminal, such as a Door Controller. 20 The ZKM/SMA v3 protocol does not require a SAM since it does not require any static secrets to be operated on the Terminal. Instead it only requires the root Public Key of the CVC Digital Signatory to be protected by the Terminal (in contrast other protocols require MASTER keys and private keys to be distributed to ALL terminals)

Opacity Zero Key Management (SMA) option ICC CVC For Domains ICC SAM Dz ICC Private Auth Key Root public keys of ICC Domain 21

OPACITY Implementation: SAMs Nevertheless, implementing advanced and CERTIFIED cryptography in an embedded device such as a door controller in software is both tricky, long, expensive and frustrating because the level of certification reached can never go beyond fips140-2 level 1. For those who are still interested in a software implementation, the Opacity reference implementation provides a soft SAM library. But, in order to facilitate a quick and cheap integration into embedded devices the OPACITY reference implementation provides an applet that embeds ALL terminal cryptographic functions into a hardware SAM which can reach a FIPS140-2 level3 certification level! In addition, the CMS and Key Management infrastructure that is deployed to issue smartcards to Users can also be leveraged to issue SAMs in a cheap, assured and scalable manner. 22

Opacity Simple Command Flow Single ICC Command - response Host Easy SAM integration Client Application 2 1 ICC 3 SAM Privacyprotected response ICC response forwarded to SAM 1. Generate SAM key pair 2. Authenticate SAM to ICC 3.Authenticate ICC to SAM clear protected forward 23

ICC CVC ICC Private Auth Key Opacity Secure Messaging Host ICC Client Application SAM OPACITY protocol Trusted application data (eg. Biometric Template) Clear Protected Secure messaging 24 Full protection command and response Trusted application data eg. PIN Session Keys (AES) Forward

Opacity Secure Credential Transfer Host ID Credential in CVC (e.g. GUID) Client Application ICC SAM Privacy-protected response Authenticated ID Credential (e.g. GUID) clear protected forward 25

Other OPACITY Concepts: SAM Activation SAM activation: SAM operations are protected by an Access Control Rule.( Only an authorized system can operate the SAM so that if a Terminal/SAM is stolen, nothing is gained by the attacker). Admin operations are protected by GlobalPlatform Secure Channels. Usage operations are protected by a PIN based or an OPACITY based authentication by the Control Panel to the SAM. (The Control Panel is usually in a secured location) The SAM ACR must be fulfilled by the PACS control panel, ie, the panel activates the SAM. If a SAM is de-powered it loses its activation state. 26

Opacity SAM Activation Host 1. SAM Activation No User Access SAM (Domain IT DI) OPACITY protocol Admin ICC (Domain Admin DA) DI 2. User Access ICC (Domain USER DU) DI OPACITY protocol DA DU Admin domain root public key No User Access 3. Policy-based Deactivation User domain root public key 27

Other OPACITY Concepts: Persistent Binding Persistent Binding (PB): The OPACITY pre-session keys are cached by the User applet and the Terminal applet. This allows even faster transactions after the first time a card sees a terminal. The time to leave of persisted pre-session keys is policy dependant. 28

Opacity User experience ICC Time to open door or computer logon (W/O PB) ICC Time to open door or computer logon (W/ PB) 29

Opacity Persistent Binding Da Db Dc Not Used Not Used Dz Dy Dx ICC A SAM B SAM B SAM B Z AB ICC A ICC A Z AB 30 PB table entry Persistent binding table Shared Secret Secure messaging Full protection Session Key Session Key derivation

Opacity Scalable Persistent Binding Small PB table (<100 records) Indexed search on SAM Client Application B SAM B ICC A Z AB ICC A Client Application C SAM C ICC A PBaddress PBaddress Z AC Large PB table (>100 records): Indexed search on Host 31 No search Direct access on SAM Secret in SAM

OPACITY The Protocol 32

Client Applicaiton ZKM ICC CertC, PrivKeyC GenECKeyPair ( PubKeyEphT,PrivKeyEphT) Verify CertC, get PubKeyC Z=ECDH(PubKeyC,PrivKeyEphT) SK = KDF(Z NonceC) IdC = AES-1 (SK, EncIdC) Check AuthCryptC= AES (SK, PubKeyEphT) IdT, PubKeyEphT NonceC, EncIdC, CertC, AuthCryptC Generate NonceC Z = ECDH (PubKeyEphT, PrivKeyC) SK = KDF (Z NonceC) EncIdC = AES(SK, IdC) AuthCryptC = AES (SK, PubKeyEphT) 33 Secure Messaging Verify and Process ICC Commands

Client Applicaiton PrivKeyT, CertT Forward Secrecy ICC CertC, PrivKeyC 34 GenECKeyPair ( PubKeyEphT,PrivKeyEphT) Z1=ECDH (PubKeyEphC, PubKeyT) K1 = KDF(Z1) CertC = AES-1(K1, EncCertC) Verify CertC, get PubKeyC Z2=ECDH(PubKeyC,PrivKeyEphT) SK = KDF(Z1,Z2) Check AuthCryptC= AES (SK, ChallT) CertT, ChallT, PubKeyEphT PubKeyEphC, EncCertC, AuthCryptC Secure Messaging Verify CertT, Get PubKeyT GenECKeyPair ( PubKeyEphC, PrivKeyEphC) Z1 = ECDH (PubKeyT,PrivKeyEphC) K1 = KDF(Z1) EncCertC = AES(K1, CertC) Z2=ECDH(PubKeyEphT,PrivKeyC) SK = KDF(Z1,Z2) AuthCryptC = AES (SK, ChallT) Verify and Process ICC Commands

Questions and Answers -elesaint@actividentity.com 35

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback