European Federated Validation Service Study. Solution Profile EuroPKI Top Level Certification Authority

Transcription

1 Eurpean Federated Validatin Service Study Slutin Prfile EurPKI Tp Level Certificatin Authrity

2 This reprt / paper was prepared fr the IDABC prgramme by: Authr s name: Indicated in the slutin prfile belw, under cntact infrmatin Crdinated by: Hans Graux (time.lex), Christian Staffe (Siemens), Eric Meyvis (Siemens) Cntract N. 1, Framewrk cntract ENTR/05/58-SECURITY, Specific cntract N 14 Disclaimer The views expressed in this dcument are purely thse f the writer and may nt, in any circumstances, be interpreted as stating an fficial psitin f the Eurpean Cmmissin. The Eurpean Cmmissin des nt guarantee the accuracy f the infrmatin included in this study, nr des it accept any respnsibility fr any use theref. Reference herein t any specific prducts, specificatins, prcess, r service by trade name, trademark, manufacturer, r therwise, des nt necessarily cnstitute r imply its endrsement, recmmendatin, r favuring by the Eurpean Cmmissin. All care has been taken by the authr t ensure that s/he has btained, where necessary, permissin t use any parts f manuscripts including illustratins, maps, and graphs, n which intellectual prperty rights already exist frm the titular hlder(s) f such rights r frm her/his r their legal representative. This paper can be dwnladed frm the IDABC website: Eurpean Cmmunities, 2009 Reprductin is authrised, except fr cmmercial purpses, prvided the surce is acknwledged. 2

3 Executive summary The Eurpean Federated Validatin Service (EFVS) Study was initiated by IDABC in rder t assess the feasibility f specific measures t ensure the availability f a Eurpean scale federated electrnic signature verificatin functinality. As a first step in the EFVS Study, infrmatin has been cllected n twenty existing slutins that already prvide all r sme f the functinalities assciated with Eurpean signature verificatin functinality, r that culd prvide valuable insights n hw such an EFVS culd be rganised. This has been dne by drafting standardised prfiles f the identified slutins, fcusing specifically n hw each f these slutins (a) determine the validity f signature certificates; (b) verify electrnic signatures created using these certificates; and (c) prvide specific guarantees t their custmers n the utcmes f these prcesses. The present dcument cntains the slutin prfile fr: EurPKI Tp Level Certificatin Authrity. 3

4 Table f Cntents EXECUTIVE SUMMARY 3 1 DOCUMENTS APPLICABLE DOCUMENTS REFERENCE DOCUMENTS 5 2 GLOSSARY DEFINITIONS ACRONYMS 8 3 SOLUTION PROFILE EUROPKI TOP LEVEL CERTIFICATION AUTHORITY 9 4

5 1 Dcuments 1.1 Applicable Dcuments [AD1] Framewrk Cntract ENTR/05/58-SECURITY 1.2 Reference Dcuments [RD1] [RD2] [RD3] Prject Management and Quality Plan (EFVS SC14 PMQP) DIRECTIVE 1999/93/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL f 13 December 1999 n a Cmmunity framewrk fr electrnic signatures n.pdf Preliminary Study n Mutual Recgnitin f esignatures fr egvernment applicatins 5

6 2 Glssary 2.1 Definitins In the curse f this reprt, a number f key ntins are frequently referred t. T avid any ambiguity, the fllwing definitins apply t these ntins and shuld als be used by the crrespndents. Entity: anyne r anything that is characterised thrugh the measurement f its attributes in an eidm system. This includes natural persns, legal persns and assciatins withut legal persnality; it includes bth natinals and nn-natinals f any given cuntry. eidm system: the rganisatinal and technical infrastructure used fr the definitin, designatin and administratin f identity attributes f entities. This Prfile will nly elabrate n eidm systems that are cnsidered a key part f the natinal eidm strategy. Decentralised slutins (state/regin/prvince/cmmune ) can be included in the scpe f this Prfile if they are cnsidered a key part f the natinal eidm strategy. eidm tken (r tken ): any hardware r sftware r cmbinatin theref that cntains credentials, i.e. infrmatin attesting t the integrity f identity attributes. Examples include smart cards/usb sticks/cell phnes cntaining PKI certificates, Authenticatin 1 : the crrbratin f the claimed identity f an entity and a set f its bserved attributes. (i.e. the ntin is used as a synnym f entity authenticatin ). Authrisatin: the prcess f determining, by evaluatin f applicable permissins, whether an authenticated entity is allwed t have access t a particular resurce. Unique identifiers: an attribute r a set f attributes f an entity which uniquely identifies the entity within a certain cntext. Examples may include natinal numbers, certificate numbers, etc. Official registers: data cllectins held and maintained by public authrities, in which the identity attributes f a clearly defined subset f entities is managed, and t which a particular legal f factual trust is attached (i.e. which are generally assumed t be crrect). This includes Natinal Registers, tax registers, cmpany registers, etc. egvernment applicatin: any interactive public service using electrnic means which is ffered entirely r partially by r n the authrity f a public administratin, fr the mutual 1 Fr the purpses f this Prfile, the ntin f authenticatin is cnsidered t be synnymus with entity authenticatin, as ppsed t data authenticatin. The ntin f identificatin shuld be avided t avid cnfusin. 6

7 benefit f the end user (which may include citizens, legal persns and/r ther administratins) and the public administratin. Any frm f electrnic service (including stand-alne sftware, web applicatins, and prprietary interfaces ffered lcally (e.g. at a lcal ffice cunter using an electrnic device)) can be cnsidered an egvernment applicatin, prvided that a certain degree f interactivity is included. Interactivity requires that a transactin between the parties must be invlved; ne-way cmmunicatin by a public administratin (such as the publicatin f standardised frms n a website) des nt suffice. esignature: data in electrnic frm which are attached t r lgically assciated with ther electrnic data and which serve as a methd f authenticatin with regard t this data. Nte that this als includes nn-pki slutins. Advanced electrnic signature: an electrnic signature which meets the fllwing requirements: (a) it is uniquely linked t the signatry; (b) it is capable f identifying the signatry; (c) it is created using means that the signatry can maintain under his sle cntrl; and (d) it is linked t the data t which it relates in such a manner that any subsequent change f the data is detectable; Again, this definitin may cver nn-pki slutins. Qualified electrnic signature: advanced electrnic signatures which are based n a qualified certificate and which are created by a secure-signature-creatin device, as defined in the esignatures Directive 2. Validatin: the crrbratin f whether an esignature was valid at the time f signing. 2 See 7

8 2.2 Acrnyms A2A...Administratin t Administratin A2B...Administratin t Businesses A2C...Administratin t Citizens CA...Certificatin Authrity CRL...Certificate Revcatin Lists CSP...Certificate Service Prvider eid...electrnic Identity eidm...electrnic Identity Management IAM...Identity and Authenticatin Management IDM...Identity Management OCSP...Online Certificate Status Prtcl OTP...One-Time Passwrd PKCS...Public-Key Cryptgraphy Standards PKI...Public Key Infrastructure SA...Supervisin Authrity SOAP...Simple Object Access Prtcl SCVP...Server-based Certificate Validatin Prtcl SSCD...Secure Signature Creatin Device USB...Universal Serial Bus TTP...Trusted Third Party XAdES...XML Advanced Electrnic Signature XML...eXtensible Markup Language XML-DSIG...XML Digital Signature 8

9 3 Slutin Prfile EurPKI Tp Level Certificatin Authrity Name and rganisatin Plitecnic di Trin Certificatin Authrity, managed by the Security Grup ( f the Plitecnic di Trin Reference (n-line surce) Cntact infrmatin Plitecnic di Trin Certificatin Authrity c/ prf. Antni Liy Dip.Autmatica e Infrmatica Plitecnic di Trin crs Duca degli Abruzzi TORINO Phne: ca@plit.it 9

10 Scpe f the slutin Services ffered (What services des the slutin ffer t a relying party? This shuld include mst ntably the three basic services abve validatin f certificates, verificatin f the signature, and ensuring trustwrthiness and legal liability but may als cver additinal services e.g. semantic services, archiving f dcuments/signatures, maintenance, time stamping, security/reliability metrics fr the security level f the signature and the certificate, Services that are nt currently available but which are planned fr the future may als be indicated. ) The Plitecnic di Trin Certificatin Authrity is a n-prfit rganizatin established t create and develp a pan-eurpean public-key infrastructure (eurpki). It has its rts in the PKI established by the ICE-TEL prject (see als and further develped by the ICE-CAR ne (see als Bth these prjects were funded by the Eurpean Cmmissin under the Telematics fr Research prgramme. The Rt CA f ICE-CAR prject is hsted by Plitecnic di Trin. The Plitecnic di Trin Certificatin Authrity ffers public-key certificatin services t the wide Eurpean Internet cmmunity t supprt brderless netwrk security. Services are ffered t public and private rganizatin, as well as t individuals, by emissin f public-key certificates t identify individuals, netwrk ndes (e.g. IPsec hsts), and netwrk services (e.g. web servers). Applicatin dmain (e.g. sectr r applicatin types) (Is the slutin usable in any sectr r applicatin field (i.e. is it generic in scpe), r is it currently limited t a specific sectr, applicatin r dmain? If it is currently restricted, wuld it be pssible t extend the slutin t ther sectrs, applicatins r dmains? What wuld need t be changed?) The slutin is applicable t any sectr (public r private) CAs cvered by the slutin (Hw many CAs are presently cvered by the slutin, and which nes? D they include CAs established in multiple cuntries r states?) 10

11 The slutin prvides a list f hierarchical CAs. The current list cntains: EurPKI Tp Level CA EETIC CA (Eurpean Entrapreneurs Telematics Initiatives Cmmittee) Italian CA (EurPKI) CSP CA Centr di Supercalcl Piemnte Plitecnic di Trin CA CA del cmune di Rma (discntinued) CA del cmune di Mdena Prvincia di Macerata CA CA UniMRe (Università di Mdena e Reggi Emilia) Slvenian CA Trade Pint Slvenia CA Plish CA Research and Academic Cmputer Netwrk EurPKI CA NASK EurPKI Certificatin Authrity EurPKI CKPL_LODMAN_CA Technical University Cmputer Center Rmanian CA Nrwegian CA (UNINETT) British CA (University Cllege f Lndn) Irish CA (Trinity Cllege f Dublin) Austrian CA (Institute fr Applied Infrmatin Prcessing and Cmmunicatins) Lithuanian CA Spanish CA (IRIS-PCA) Extensibility f the slutin (Can additinal CAs be integrated int the slutin? If s, are there restrictins? Have such extensins been dne in the past yet, r are any extensins currently planned?) Any certificatin authrity may request t becme an eurpki-affiliated CA, prvided that it respects the EurPKI Certificate Plicy (see The prcedure is explained n-line ( and will be further cmmented belw. Business mdel/cst mdel f the slutin (Hw is the slutin funded? Is it envisaged as a fr-prfit mdel? Wh pays cntributins, and fr what type f services? What prfits (if any) are made with the services prvided by the slutin? Upn request f the crrespndent, any cmmunicated price infrmatin r ther cmmercially sensitive infrmatin will nt be disclsed.) Plit is a nn prfit rganizatin, and bears the csts fr the maintenance f the repsitry. Given that the EurPKI Certificate Plicy disclaims any financial respnsibility and that n ancillary services are ffered, csts are limited.. 11

12 Technical apprach Validatin apprach (Des the slutin validate signature certificates, electrnic signatures based n a hash value f the signed dcument(s), r signed dcuments with embedded signatures?) Nt applicable. As nted abve, EurPKI is a PKI hierarchy cntaining trusted CAs; there is n validatin cmpnent. With regard t certificates (Hw des the validatin f certificates wrk based n OCSP, CRLs, r bth? What certificate prfiles are supprted by the slutin?) Nt applicable. As nted abve, EurPKI is a PKI hierarchy cntaining trusted CAs; there is n validatin cmpnent. It is wrth nting hwever that whenever a CA rt certificate needs t be revked r replaced, the EurPKI administratr must be ntified by the CA representative, in accrdance with the EurPKI Certificate Plicy.. With regard t signatures (What signature frmats are supprted by the slutin - PKCS #7, CMS, XML signatures, PDF signatures, XAdES, CAdES, r thers?) Nt applicable. As nted abve, EurPKI is a PKI hierarchy cntaining trusted CAs; there is n validatin cmpnent. Multi-signatures (Is the slutin capable f validating multiple signatures n a dcument?) Nt applicable. As nted abve, EurPKI is a PKI hierarchy cntaining trusted CAs; there is n validatin cmpnent. Lgging and auditing (Is the use f the slutin lgged, and if s, t what extent? D users f the slutin have the 12

13 pssibility t perfrm audits r t gain access t independent auditing reprts?) Nt applicable. As nted abve, EurPKI is a PKI hierarchy cntaining trusted CAs; there is n validatin cmpnent t be lgged. Restrictins impsed n CAs (What technical requirements are impsed n CAs, e.g. with regard t standards, frmats r certificate prfiles that they need t adpt? This includes e.g. the inclusin f certain infrmatin in signature certificates that is necessary in specific sectrs.) Cnditins fr inclusin are defined in the EurPKI Certificate Plicy. Cnfrming CAs must supprt at least PKCS#10 and SPKAC frmats, and ptinally may supprt ther nes. The minimum length f the private key f an end entity t be certified must be decided by the CA issuer and must nt be less than the value f 512 bits. It is recmmended that the key wuld have a minimum length f 1024 bits. Usage f the slutin by relying parties (Hw d relying parties use the slutin? Are there sftware cmpnents which they need t integrate int their wn systems, is it a web service, etc.) Nt applicable. As nted abve, EurPKI is a PKI hierarchy cntaining trusted CAs; it is up t the participants t decide if/hw they want t use the infrmatin in the repsitry. Technical flexibility (Given the technical characteristics utlined abve, culd the technical requirements f the slutin be changed t increase its flexibility (e.g. by supprting ther signature standards, validatin methds, certificate prfiles, etc.). The nly limitatin in flexibility is the need fr a cmmn plicy that is cnsidered t be sufficiently trustwrthy by the participants. Frm a technical perspective, this implies n real restrictin. Status f the prject/actual usage f the slutin (What is the status f the prject (e.g. in develpment, prttyped, in prductin, etc.). 13

14 What is the actual usage f the slutin (e.g. in terms f relying parties adpting the slutin t validate electrnic signatures) and what are the impacts f its use? Hw many transactins, hw many certificates des it handle?) The slutin is currently in prductin phase. Legal apprach Relatinship with the CAs 3 (What requirements des a CA need t meet befre being able t accede t the slutin? Specifically, which prcesses and prcedures have been freseen t vet CAs? What kind f agreements are put in place with the CAs, and what are the main issues addressed in these agreements?) T becme a Certificatin Authrity within EurPKI, the requesting CA shuld be sure that it is able t fllw the EurPKI Tp Level certificatin plicy. The requesting CA may have a security plicy that diverges frm the EurPKI Tp Level CA ne, prvided that this is mre secure and mre restricted than the EurPKI Tp Level CA ne. The requesting CA must peridically send t the EurPKI Tp Level CA's staff its wn plicy fr verificatin that stated plicy is the ne used in practice. Hwever, as stated in the EurPKI plicy, cmpliance with this plicy is determined by self-assessment by each participating CA, nt by Plit r by external audits. T request t becme an EurPKI-affiliated CA, the requesting party shuld d: 1. generate key pairs f the CA (ONLY 2048bits key length fr the CA's keys is accepted); 2. generate the certificatin request (in PKCS#10 r selfsigned certificate frmats); 3. carefully read and fill in the declaratin frm ( Micrsft Wrd.dc frmat); 4. make a cpy f the identity card with pht r f the passprt f the declaring persn; 3 Within the EU, the term CA shuld be taken t mean a certificatin service prvider as defined in article 2.11 f the esignatures Directive (Directive 1999/93/EC) and utside the EU, this means a Certificatin Authrity in the technical sense, i.e. an entity issuing signature certificates t third parties. 14

15 5. carefully read and fill in the certificatin request frm ( Micrsft Wrd.dc frmat); 6. make a cpy f the identity card with pht r f the passprt; 7. send the certificatin request prepared n step 2 by ca@eurpki.rg; 8. send the dcuments prepared in steps 3-6 by mail t the address: EurPKI Tp Level Certificatin Authrity c/ prf. Antni Liy Dip. Autmatica e Infrmatica Plitecnic di Trin crs Duca degli Abruzzi Trin (Italy) and by fax: wait fr further infrmatin. Relatinship with the relying parties (Hw des a relying party get the right t use the slutin? What kind f agreements are put in place in relatin with the relying parties, and which services can be ffered t the relying parties via these agreements?) Plit emphasises in the EurPKI plicy that cmpliance with this plicy is determined by selfassessment by each participating CA, nt by Plit r by external audits. Anyne is free t install and use the rt CA certificates ffered thrugh the EurPKI repsitry. Hwever, this is dne at ne s wn risk; the plicy declares that each relying party must be familiar with the CPS and the plicy befre drawing any cnclusin n hw much trust he will put in the use f a certificate issued frm a cnfrming CA. It is therefre the user s respnsibility t check the respective CA plicies befre using the CA rt certificate. Reliability f the signature certificates (What prcedures des the slutin put in place t determine the reliability f signature certificates? Are certificate plicies checked? Are supervisin/accreditatin schemes cnsidered? Have specific security criteria been defined, and des the slutin supprt multiple levels f reliability? If s, can the slutin distinguish between qualified and nnqualified signature certificates?) Each CA must sign an agreement with the Tp Level CA. Hwever, n further verificatin takes place. Only a single EurPKI plicy is defined, which specifies sme fundamental bligatins fr the CAs (specifically the bligatin t keep the infrmatin in the repsitry up t date). Supervisin/accreditin is nt cnsidered in this plicy, and neither is the status f qualified/nnqualified certificates. 15

16 Legal value f the signatures (Can the slutin make a statement n the legal value f signatures? If s, what factrs are taken int accunt? If multiple degrees f validity are supprted by the system (i.e. a statement n the reliability f the signature as a whle is prvided), then hw are these reliability levels defined and cmmunicated t the relying party? Can the slutin identify if a signature can be cnsidered a qualified signature (i.e. if it is an advanced electrnic signature based n a qualified certificate created by using a secure signature creatin device, as defined in the esignatures Directive)? Finally, if the certificate plicies cntain restrictins n the use f the signatures (e.g. limitatin t transactins f a certain amunt r exclusin f certain sectrs), then are these restrictins taken int accunt when cmmunicating the legal value f the signature?) EurPKI is merely intended as a PKI hierarchy cntaining trusted CAs, based n the criteria which Plit sets frth in its plicy. EurPKI makes n statement n the legal value r validity f any signatures created using certificates issued by a CA participating in the repsitry. Liability f the slutin prvider (What liability (if any) des the slutin prvider accept with regard t its services? Specifically, if the signatures rely n qualified certificates as defined under the Eurpean esignatures Directive (if this is applicable t the slutin), then hw des the slutin address its liability fr prviding guarantees t the public in relatin t such certificates?) Plit explicitly disclaims any financial liability fr the EurPKI framewrk. The status f qualified r nnqualified certificate is nt cnsidered by the EurPKI plicy, and Plit des nt cnsider itself t be prviding any guarantees in relatin t qualified certificates (indeed, it explicitly disclaims this rle, as nted abve). Quality f service and availability (Des the slutin prvide any guarantees with regard t the quality f its service (i.e. the reliability f the infrmatin it prvides) and its availability t relying parties, ther than already mentined abve?) N, as nted abve, n respnsibility r liability is accepted by Plit in this respect. Independence f the slutin (Is the slutin fully unaffiliated (legally unrelated) with all f the CAs that are integrated int the 16

17 slutin? If nt, then hw is trust created twards the relying party fr affiliated CAs?) Independence is nt fully guaranteed, since EurPKI is managed by the Security Grup ( f the Plitecnic di Trin, and the latter is als ne f the CAs in the hierarchy. Cmpliance with the prvisins f the esignatures Directive (Des the slutin supprt signatures frm CAs established in cuntries that are nt subjected t the prvisins f the esignatures Directive (Directive1999/93/EC)? If s, hw are they integrated and hw des the slutin address their legal value?) Currently, nly Eurpean CAs are included in the hierarchy. As nted abve, EurPKI prvides n judgment n the value f any signatures created using certificates issued by the participating CAs. Suitability f the slutin at the Eurpean level Assessment f the slutin wner (Des the slutin wner feel that the slutin culd be adapted t perate at the Eurpean level nt applicable if the slutin already functins at the Eurpean level?) EurPKI is already used in academic envirnments acrss Eurpe. Issues t be addressed (Which issues des the slutin wner feel wuld still need t be addressed befre the slutin culd be made t perate at the Eurpean level?) Nt applicable. Cnsidering its scpe and gals there are n further issues t be addressed. Hwever, t grw beynd its current cntext, it is likely that sme frm f guarantees/liabilities wuld be required t increase trustwrthiness f EurPKI t utside parties. Integratin with ther validatin slutins 17

18 (Is there any strategy t allw the slutin t interperate with ther validatin slutins, i.e. can the slutin cnnect t ther islands f trust?) Any slutin that is cvered by an identifiable rt CA can be integrated. It wuld thus als be pssible t integrate e.g. PKI bridges r hierarchies, prvided that a rt CA can be identified. Market Impacts (Hw culd the slutin impact r influence the Eurpean market?) EurPKI is interesting as a trust mdel; hwever, it des nt accept any liabilities as it stands, nr des it distinguish between different levels f trustwrthiness f certificates issued t the public, which is an inherent limitatin f the scpe and apprach. Any ther cmments? (The slutin wner can prvide any ther cmments that (s)he feels were nt adequately cvered elsewhere) N further cmments. 18

19 19