Sicherheitsaspekte des neuen deutschen Personalausweises

Transcription

1 Sicherheitsaspekte des neuen deutschen Personalausweises Dennis Kügler Bundesamt für Sicherheit in der Informationstechnik egov Fokus 2/2013: Identity- und Access Management im E-Government

2 Rethinking the ID Card Motivation Stronger link of document and holder via biometry analogous to electronic passport Cryptography as new security feature New technologies require secure electronic identity e.g. for ebusiness egovernment Therefore: Integration of a chip ID-1 size Purely contactless Lots of cryptographic protocols

3 Design Criteria Infrastructure Citizens are reluctant to spend money......on readers, on certificates, for service providers,... No Users No Services Privacy by Design User must remain control of his personal data Complete Roll-Out takes time years to replace all cards in circulation Updates in the field are difficult Be ahead of time or you'll end up with an outdated system

4 eid vs. esign German ID-Card separates eid and esign Applications Electronic Identification For online authentication Available by default (opt out) Qualified Electronic Signatures For signing legally binding contracts Electronic Identity EMustermann64 Mustermann, Erika, ? = Electronic Signature Optional, must be bought separately Why shouldn't eid and esign be mixed up?

5 Authentication Mechanisms Identity Verification is volatile Verifier allows someone to do something Successful verification cannot be proven. Transactions are legally binding Signer authorizes someone to do something Declaration of intent Signature can be verified by any 3 rd party! Authentication Level Traditional Authentication Electronic Authentication 1-factor 2-factor Identity Verification Showing ID Card Password eid Transaction Written Signature PIN/TAN Electronic Signature

6 Electronic Identity Mutual Authentication Citizen: Can the service provider prove its identity? Service provider proves identity using its access certificate Service Provider: Is the citizen able to prove his/her identity? Both, the citizen and the service provider, have reliable proof of the identity of the other party Citizen uses eid to prove identity Privacy/Data Protection friendly design Full user control Reading data only after entering the PIN

7 Example: Online Authentication Service Provider Identity Requested Access Rights PACE Terminal Authentication Display Service Provider Identity (Restrict and ) approve access rights by entering PIN Chip Authentication End-to-End Secure Messaging User Approved Access Rights EAC 2

8 Costs Card Reader Categories Basic reader (eid only) Suitable for mobile usage No specific formfactor Standard reader PIN-Pad for entering PIN for applications with higher security requirements Display, optional Comfort reader (eid + QES) PIN-Pad and display required Suitable for qualified signature, approved according to German Electronic Signature Law ID-Card enforces use of comfort reader for qualified electronic signature

9 Is the Basic Reader a Security Flaw? No PIN-Pad + no Display Intercept PIN entered on the PC keyboard......pin alone is not sufficient Manipulation of information on the Service Provider......only authorized Service Provider can access personal data...maximum access rights are determined by certificates End-to-End Encryption Personal data cannot be eavesdropped Cost It's better to have many users with high security than a few users with highest security Password ****** Security

10 Pseudonyms and Privacy Pseudonymous Identifier Identifier allows to uniquely recognize each Card Setup a user account Login later as the same user Card generates different identifiers for different Service Providers 6D58...4E0F6 Linking identities across Service Providers is impossible Additional Privacy Features Minimizing disclosed data Age Verification Document Validity Community ID A

11 From eid to esign Set esign PIN Holder eid Secure Channel Access Certificate Erika Mustermann, Generate Key Pair Public Key... Qualified Certificate Certificate Service Provider Authenticate with Access Certificate: Read First Name, Last Name, DoB,... Install Qualified Certificate Generate & Publish Qualified Certificate

12 eid-client Open Specification: ecard API Communication Protocol ID-Card Service Provider Based on ISO (Draft) Testspecification available eid-clients currently available AusweisApp: the official eid-client provided by the government PersoApp: An Open Source Project funded by the government Open ecard: Another Open Source Project AuthentApp: An Open Source Java Applet Commercial Clients,...

13 Summary Focus on eid! Low costs High security Basic Reader sufficient for eid NFC-Phones are Basic Readers Ad-hoc QES possible, but more expensive reader required How to get citizens on board? Be patient! Make use of existing Infrastructure Privacy protection is important for citizens egovernment Services as an enabler Don't forget the eid-client software