How To Write A New System For A Bank Account (For A Bank)

Transcription

1 eidas Regulation esignature & eseal Towards Real Implementation - an Overview of & Experiences with applying CEN/ETSI Standards & Best Practices Sylvie Lacroix EEMA TrustCore meeting 25 February Brussels

2 Agenda Standardisation developments status Introduction to the M460 mandate Key points & items in each standardisation area 0. Framework 1. Signature creation and validation 2. Signature creation & other related devices 3. Cryptographic suites 4. TSPs supporting digital signatures 5. Trust application service providers 6. Trust service status list providers Testing conformance & interoperability Building a service : illustration Alignment with eidas Regulation

3 Agenda Standardisation developments status

4 M-460 Objectives: - Inventory - Rationalised structure - Gap Analysis - Work Programme - Quick fixes Rationalised structure: 6 Trust Service Status Lists Providers TSPs supporting esignature 4 Signature Creation & other related Devices 1 Signature Creation & Validation Introductory deliverables Trust Application Service Providers Cryptographic Suites Consistent numbering (x series): DD L19 xxx-z - Functional Area & Sub-Area - Document type Guidance Policy & Security Requirements Technical Specifications Conformity Assessment Testing Conformance & Interoperability

5 M460 output: framework for digital signature stds TSP issuing certificates Time Stamping Auth ies Signing services Validation services Rules & procedures Signature creation / validation protection profiles CC Protection Profiles - Smart Cards - HSM s - Signing Services 6 Trust service status lists providers TSPs supporting digital signature 4 Signature creation & other related devices 1 Signature Creation & Validation Introductory deliverables Trust application service providers Cryptographic suites List of TSP services approved (supervised) by National Bodies (e.g. Trusted lists) edelivery / Reg ed Long term preservation XAdES CAdES PAdES AdES in mobile env mt ASiC (containers) Key generation Hash functions Signature algorithms Parameters,

6 Area 0 - Framework documents Phase 1 resulted in Rationalized Framework (SR ) Phase 2 & Post Phase 2 work in progress Updating framework presentation document (TR as update of SR / approved in June 2015) Study on The framework for standardisation of signatures: Extended structure including electronic identification and authentication (TR to be updated according to Implementing Regulation (EU) 2015/1502 on LoA) Study on The framework for standardisation of signatures: Standards for AdES in mobile environments (SR published) Guidelines for SMEs & citizens (TR & TR draft) Document centralising definitions and abbreviations (TR published & under updating process) Quite all the documents in this area are new! Introductory documents of the framework for signature standardisation Replaces Expected publication Sub-areas Guidance TR The framework for standardisation of signatures: overview SR v1.1.1 published TR The framework for standardisation of signatures: Extended structure including electronic identification and authentication (new) March 2016 (hand over to CEN) SR The framework for standardisation of signatures: Standards for AdES digital signatures (new) published in mobile environments TR The framework for standardisation of signatures: Best practices for SMEs CWA Dec TR The framework for standardisation of signatures: Guidelines for citizens CWA Dec SR Rationalised framework of standards for electronic registered delivery applying (new) published electronic signatures Policies TR The framework for standardisation of signatures: Definitions and abbreviations (new) published

7 Area 1 - Signature Creation & Validation Phase 1 Quick fixes Phase 2 & Post Phase 2 work in progress Guidance on the use of standards for creation & validation of dig. sig. (new - TR ) Policy & security requirements for applications for signature creation and signature validation (new - TS on approval) Protection Profiles for signature creation & validation applications (new - EN ) C/X/PAdES & ASiC formats (baseline & additional signatures/containers profiles) Revisions and migration to ENs (EN /132/142/162 under EN Approval) Procedures for creation and validation of digital signatures New - EN (TB approved) Signature policies New - TS (published) Conformity assessment for SCA / SVA New - EN (on approval) Testing conformance & interoperability Signature formats - TS 119 1x4 Signature creation and validation Sub-areas Guidance TR Guidance on the use of standards for signature creation and validation Policy & Security Requirements TS Policy and security requirements for applications for signature creation and signature validation EN Protection profiles for signature creation and validation application Technical Specifications EN Procedures for creation and validation of AdES digital signatures EN CAdES digital signatures EN XAdES digital signatures EN PAdES digital signatures TS Architecture for AdES digital signatures in distributed environments EN Associated Signature Containers (ASiC) TS Signature policies Conformity Assessment EN Conformity assessment for signature creation & validation (applications & procedures) Testing Conformance & Interoperability TS CAdES Testing conformance & interoperability TS XAdES Testing conformance & interoperability TS PAdES Testing conformance & interoperability TS Testing conformance & interoperability of AdES in mobile environments TS ASiC Testing conformance & interoperability

8 Area 2 - Sig. & other related devices Phase 1 resulted in a work plan including new topics and revision and maintenance of existing documents Protection Profiles for SSCD: EN parts (for user managed devices, ex CWA 14169) Phase 2 work in progress Guidance on the use of related standards (TR ) Protection Profiles for TSPs: Trustworthy System supporting time Stamping (new): EN Ex CWA 14167, PP for TSP crypto module: move to EN EN & (e.g. sec. reqs. For trustworthy system managing certificates for electronic signatures) Security requirements for Trustworthy System supporting server signing: EN Security requirements for device for authentication: EN Application Interfaces for SSCDs EN

9 Area 2 - Sig. & other related devices Area 2 list of deliverables Signature creation and other related devices Sub-areas Guidance TR Guidance on the use of standards for signature creation and other related devices Policy & Security Requirements EN Protection profiles for secure signature creation device - Part 1: Overview - Part 2: Device with key generation - Part 3: Device with key import - Part 4: Extension for device with key generation and trusted communication with certificate generation application - Part 5: Extension for device with key generation and trusted communication with signature creation application - Part 6: Extension for device with key import and trusted communication with signature creation application EN Protection Profiles for TSP cryptographic modules - Part 1: Overview - Part 2: Cryptographic Module for CSP signing operations with backup Protection Profile (CMCSOB-PP) - Part 3: Cryptographic module for CSP key generation services Protection Profile (CMCKG-PP) - Part 4: Cryptographic module for CSP signing operations without backup Protection Profile (CMCSOPP) - Part 5: Protection Profile for cryptographic module for TSPs EN Protection profile for trustworthy systems supporting time stamping EN Trustworthy systems supporting server signing - Part 1: General system security requirements - Part 2: Protection Profile for QSCD for Server Signing EN Security requirements for device for authentication - Part 1: Protection profile for core functionality - Part 2: Protection profile for extension for trusted channel to certificate generation application - Part 3: Additional functionality for security targets TS Security requirements for trustworthy systems (incl. managing certificates for electronic signatures) Technical Specifications EN Application interfaces for secure elements used as qualified electronic signature (seal) creation devices - Part 1: Introduction - Part 2: Basic services - Part 3: Device authentication - Part 4: Privacy specific protocols - Part 5: Trusted eservices Conformity Assessment no requirement identified Testing Conformance & Interoperability no requirement identified

10 Area 2 application to server signing (managing key on behalf of signatories) Applicable new protection profiles (PP) for server signing: Server signing PPs: EN , (1) 3 parts Security reqs., PP for trusted sig. creation module, PP for Sig. Activation data mngt & Sig. Activation protocol Cryptographic modules for Trust Services (2) (new part 5 of EN series) For TSP operation in secure environment Multipurpose crypto module (protection of signatories keys, authentication mechanisms) Security requirements for device for authentication: EN (3) TSP Signature Creation Module (1) Crypto Module (2) Signer s SDC Sole control (1-3)

11 Area 3 - Cryptographic suites Main activities TR published in 05/2015 (under update) TS published in 11/2014 (under update) Maintenance & monitoring : collaboration ETSI - ENISA Cryptographic suites Replaces Expected publication Sub-areas Guidance TR Guidance on the use of standards for cryptographic suites (new) published Technical Specifications TS Cryptographic suites TS published Testing Conformance & Interoperability no requirement identified

12 Area 4 - TSPs supporting signatures Main activities Business Guidance (TR ) TSP Conformity Assessment EN (EN approved) TSP Policy requirements (EN approved) Revised EN : General reqmts Revised EN x TSPs issuing certificates EN Time-stamping Certificate and time-stamp profiles (EN approved) EN to -5 Certificates (natural, legal, web, qualified) EN Time-stamping Next Phase TSPs supporting digital signatures and related services Sub-areas Guidance TR Guidance on the use of standards for TSPs supporting digital signatures and related services Policy & Security Requirements EN General policy requirements for trust service providers EN Policy and security requirements for trust service providers issuing certificates - Part 1: General requirements - Part 2: Requirements for trust service providers issuing EU qualified certificates EN Policy & security requirements for trust service providers issuing time-stamps EN Policy and security requirements for trust service providers providing AdES digital signature generation services EN Policy and security requirements for trust service providers providing AdES digital signature validation services Technical Specifications EN Certificate profiles - Part 1: Overview and common data structures - Part 2: Certificate profile for certificates issued to natural persons - Part 3: Certificate profile for certificates issued to legal persons - Part 4: Certifcate profile for web site certificates - Part 5: QCStatements EN Time-stamping protocol and time-stamp token profiles EN Protocol profiles for trust service providers providing AdES digital signature generation services EN Protocol profiles for trust service providers providing AdES digital signature validation services Conformity Assessment EN Trust Service Provider Conformity Assessment - Requirements for conformity assessment bodies assessing trust service providers Testing Conformance & Interoperability no requirement identified for such a document EN : Signature Generation Service Providers Sec. Pol. Protocol Profiles EN : Signature Validation Service Providers Sec. Pol. Protocol Profiles

13 Area 5 Trust applic service providers Main activities Business Guidance (TR ) Study on e-delivery standardisation needs (SR published 06/2015) Addressing e-delivery services as defined in Regulation proposal Identify standards required to be produced Define scope and purported contents Raise recommendations Phase 3: Study on Preservation Services potentially followed by actual standardization (on going) e-registered delivery services policy requirements & profiles (EN /522) Registered Electronic Mail (REM) Services policy requirements & profiles (EN /532) + Quick fix maintenance of ETSI TS (REM) SR : Rationalised Framework of Standards for Electronic Delivery Electronic Deliver abstract model Analysis of standardisation status for e-delivery components Proposed Framework of Standards Amended Framework of Standards for Registered Proposal for e-delivery standardisation activities Drafted Being drafted Trust application service providers Sub-areas Guidance TR Guidance on the use of standards for trust application service providers SR Scoping study and framework for standardization of long term data preservation services, including preservation of/with digital signatures Policy & Security Requirements EN Policy & security requirements for trust service providers providing long term data preservation services, including preservation of/with digital signatures EN Policy & security requirements for electronic registered delivery service providers EN Policy & security requirements for registered electronic mail (REM) service providers Technical Specifications EN Long term data preservation services, including preservation of/with digital signatures EN Electronic registered delivery services: EN Registered electronic mail (REM) services: Conformity Assessment no requirement identified for such a document - relying on TS / EN Testing Conformance & Interoperability TS General requirements for technical conformance and interoperability testing for trust application service providers and the services they provide TS Testing conformance and interoperability of electronic registered delivery services: TS Testing conformance & interoperability of registered electronic mail services.

14 Area 6 - TSLs & Trusted Lists Phase 2 Published Business driven guidance (TR may 2015) Testing conformance & interoperability (TS ) Trusted Lists (TS ) V1.1.1 published June 2013 on which CD 2013/662/EU builds EU MS TL specifications (currently applicable) V2.1.1 published July 2015 on which CID (EU) 2015/1505 builds EU MS TL specifications under eidas Regulation (Art 22 (5)) Allow non-eu countries and International organisations to set-up TL s in order to facilitate (mutual) recognition of approved trust services Tools available (sustained under CEF): TLManager (EC Joinup) TL Conformance Tester (ETSI / UPC) Trust service status lists providers Replaces Expected publication Sub-areas Guidance TR Guidance on the use of standards for trust service status lists providers new published Policy & Security Requirements TS Policy & security requirements for trusted lists providers Undefined Technical Specifications TS Trusted lists TS published Conformity Assessment no requirement identified for such a document - relying on TS / EN Testing Conformance & Interoperability TS Testing conformance & interoperability of trusted lists: (new) Undefined

15 Testing conformance & interoperability Published Special Report SR formalizing plans for: Organization, definition and conduction of test events (run during the implementation and deployment of the Rationalised Framework) Production of a set of Technical Specifications defining test suites for testing interoperability and conformity against core standards of the RF. Design and implement a set of conformity testing tools. Schedule available from ETSI Publications Download Area: PAdES Plugtests May 2015 CAdES Plugtests 11 June - 10 July 2015 XAdES Plugtests planned for October 2015 (NEW) esignature Validation remote Plugtest 6-29 April 2016

16 Agenda Building a service : illustration

17 M460 Illustration: build a signature creation service Start with (Guidance on the use of applicable standards) Select appropriate signature formats (E.g. EN CAdES) test(ed) against ) Design appropriate security controls as per (Security Policy for Signature Creation Applications) Built appropriate technical controls as per (Protection Profile for Signature Creation Applications) Follow correct security policy as TSP as per and (Generic TSP security Policies security Policies for TSP generating signature ) Ask audit as per and (conformity assessment)

18 Agenda Alignment with eidas Regulation

19 Key points Mapping to eidas legal requirements Mandatory (3 dated or 1 not) vs non mandatory acts Acts for which the EC is empowered to define the technical requirements and specifications that when met will grant presumption of compliance vs acts for which the EC may/shall establish reference numbers of standards but is not empowered to determinate directly their content. (Non automatic referencing principles established by EC). ENISA s assistance: Standards assessment: Eligibility for enabling eidas compliance Study on TSPs standards IAS2 study

20 Mapping with eidas Mandatory acts: eid area s IAs are out of scope except bridge with Commission Implementing Regulation (EU) 2015/1502 of 8 September 2015 on setting out minimum technical specifications and procedures for assurance levels for electronic identification means pursuant to Article 8(3)) (EC emp) Commission Implementing Decision (EU) 2015/1506 of 8 September 2015 laying down specifications relating to formats of advanced electronic signatures and advanced seals to be recognised by public sector bodies pursuant to Articles 27(5) and 37(5) of Regulation conformance levels B, T or LT points to TS to 174 versions of C/P/XAdES ASiC baseline profiles (EC emp) Commission Implementing Decision (EU) 2015/1505 of 8 September 2015 laying down technical specifications and formats relating to trusted lists pursuant to Article 22(5) of Regulation Establishes EU MS TL specifications and requirements building on ETSI TS v2.1.1

21 Mapping with eidas Mandatory acts: (EC emp) Commission Implementing Regulation (EU) 2015/806 of 22 May 2015 laying down specifications relating to the form of the EU trust mark for qualified trust services QSCD (on going) Art 30 3 (no date) list of standards for the security assessment of information technology products (how to certify) Art 30 4 (D.A. - EC emp - no date) establishment of specific criteria to be met by the designated bodies Art 29 2 IA (may) list of standards for presumption of compliance with Annex II (QSCD) (what to certify)

22 Mapping with eidas QSCD complex Standards for QSCD (what to certify), of no use when not recognised under mandatory certification process (how to certify) Selecting a process may risk to limit actual devices to the ones conforming to recognised stds (e.g. by ISO (CC) or EC 765/2008) i.e. may impede activation of Art 30 3 (b) on alternatives (pros and cons) * Scope of QSCD mandatory certification is limited (recital 56) to the heart of the device (SCD protection & use): PP exists for devices managed by signatories where resp. on environment (or QSCD borders) is on signatories More difficult for devices for which TSP are managing key on behalf of signatories (must be QTSP) and/or use of devices in non-secure environments (e.g. public lockets). Transitional measure for signatures - nothing for seal (*)

23 Mapping with eidas Might be referred in IA Article 20.4 Supervision QTSP layered model Commission Implementing Decision (EU) 2015/1505 (Trusted list) Def. (18) : CAB accredited under EC Reg. 765/2008. EA established CAB accreditation framework: L1: ISO (with hooks to ISO & 17021), for accrediting CAB competencies (to assess products & services) L2: ETSI EN , reqs for CABs for assessments of (Q)TS(P)s L3: TSP audit criteria (control objective list for eidas conformity) being eidas requirements on QTSPs/QTSs L4: (not mandatory): policy and security requirements to achieve L3 (controls): e.g. ETSI 319 4x1 series Fine-tuned for the regulation (e.g. cert. status info kept beyond expiry in technical terms) Requires bridges with Assurances Levels (e.g. NCP cert. level High)

24 Mapping with eidas Supervision QTSP layered model EA model in place for CAB accreditation ISO/IEC EN (the scheme document) eidas regulation No 910/2014 No need for IA in theory CAB needs to demonstrate it meets accreditation requirements TSP needs to demonstrate it meets QTSP/QTS requirements of eidas Competent Supervisory Body needs to be convinced on CAB accreditation model TSP audited by accredited CAB meets QTSP/QTS requirements of eidas Importance of assessment scope and conformity assessment report s: Content and details / Template versus QTSP/QTS eidas requirements Transparency Legitimacy (not addressed by IA nor by ESO but likely by ACAB-c and/or by SB?)

25 Mapping with eidas Other implementing acts / may wait that industry selfregulate Standards for AdES (art 27.4) relies on: Technical specs of SCDev, certificates (e.g. level low, high), long term preservation features. Standards for establishing LoA of above components (e.g TSP practices certified as high ) Numerous standards exist. Combination complex IA Needed? Standards for Q-validation, Q-preservation, etc.

26 Mapping with eidas Non in acts while sometimes believed to be: TPS offering signature services and/or handling SCDev for the users Qualified Signature Creation is not subject to Qualification but: TSP can offer QES creation services without being Q-TSP if QSCD is managed by the TSP, TSP must be a QTSP offering a Q-Service (e.g. timestamping, certification, preservation, validation services). => but connected to IAs on QSCD, QTSP and of course, standards are recommended (e.g. EN , EN , , TS , TS )

27 Website & Stakeholders mailing list Stakeholders mailing list: Subscription via above website (via Subscribe to the newsletter ). To get news. To receive drafts. To be notified of commenting periods. Etc.

28 Useful links e-signature Standards Portal: STF web pages STF 457: STF 458: STF 459: ETSI Publications Download Area: ETSI Electronic Signatures Portal: Standardisation mandate m460 to CEN and ETSI on electronic signatures Study on Cross-Border Interoperability of esignature (CROBIES) - ( ): European Commission page on EU Member States Trusted Lists: Revision aspects of European electronic signature Directive 1999/93/EC & Draft proposal for a Regulation "on electronic identification and trusted services for electronic transactions in the internal market": Studies on an electronic identification, authentication and signature policy ( , 2013):