Security implementation of E- Settlement prototype. Veli-Matti Lumiala Bank Finland

Transcription

1 Security implementation of E- Settlement prototype Veli-Matti Lumiala Bank Finland

2 Security in E-Settlement Security requirements Security requirements for E-Settlement prototype BS7799 as a security management framework Security policy as guideline

3 Step 1 Define the policy Policy document Step 2 Define the scope of the ISMS Scope of ISMS Step 3 Step 4 Step 5 Threats, vulnerabilities, impacts Organization s approach to risk management Degree of assurance required BS7799 / Part 2. Sec. 3 control objectives and controls Additional controls Undertake a risk assessment Manage the risk Results and conclusions Select control objectives and controls to be implemented Risk assessment Selected control options Selected objectives and controls Step 6 Prepare a statement of applicability Statement of applicability

4 Step 1 Define the policy Policy document Step 2 Security Policy Step 3 Step 4 Step 5 Step 6 Threats, vulnerabilities, impacts Organization s approach to risk management Degree of assurance required Security Analysis BS7799 / Part 2. Sec. 3 control objectives and controls Additional controls Prototype specification Define the scope of the ISMS Undertake a risk assessment Manage the risk Select control objectives and controls to be implemented Prepare a statement of applicability Scope of ISMS Results and conclusions Risk assessment Selected control options Selected objectives and controls Statement of applicability

5 Security Policy Define the policy Define the scope of the ISMS Policy document Scope of ISMS 1. Objectives 2. Scope 3. Principles 4. Areas of info security 5. Security responsibilities 6. Incident handling

6 Security Analysis Step 3 Step 4 Threats, vulnerabilities, impacts Organisation s approach to risk management Degree of assurance required Undertake a risk assessment Manage the risk Results and conclusions Risk assessment Selected control options Common E-settlement threats BEM specific threats (Bank E-settlement) CEM specific threats (Central Bank E-settlement) SAS specific threats (System Administration Site) Risk Assessment

7 Security Architecture Bank payment system BAPS Security between BAPS and E-Settlement system Security within E-Settlement network Security in traffic via Interbank networks Hardware Security module HSM Bank E-Settlement module BEM Interbank Interbank network network Security between BEM/CEM and HSM BEM/CEM security HSM security Management of E-Settlement security Bank payment system BAPS Hardware Security module HSM Bank E-Settlement module BEM E-Settlement E-Settlement network network System Administration Site SAS Certification Authority Central Bank payment system CBPS Central Bank E-Settlement module CEM Hardware Security module HSM

8 E-Settlement security implementation Liquidity control Procedures in operation Application Physical protection Enabling technologies Identification Business continuity

9 Enabling technologies Public Key Infrastructure Hardware security module - SmartCard Electronic segregation of duties Logging and audit trail

10 E-Settlement security features: built-in Real-time monitoring of liquidity Reconciliation Continuous, based on E-Settlement stamps Bank-to-bank at reconciliation breaks and EOD System level at reconciliation breaks and EOD Bank profile checks: sum and number of transactions E-Settlement stamp structure

11 E-Settlement security features: IT system Business continuity planning Mirroring of data stores Redundancy: avoiding single points of failure Network E-Settlement modules Tamper resistant hardware Back-ups - decentralized database! Security is a balancing act: usability vs. security, redundancy vs. tamper resistant hardware

12 e -settlement security structure 4 electronic eyes and multi-storage of balance and transaction information Sending bank e-settlement module BAPS BNET BNET BAPS Receiving bank e-settlement module HSM HSM Interbank payment BEM stamp HSM stamp Encrypted storage of balance and transaction information The HSM is controlling the BEM-module The balance and transaction information are stored at least in 5 places during each payment process, which can be used in special situations for patching

13 Stamp structure 1/4 An E-Settlement stamp consists of four parts: A plaintext part for information received from the bank. This is used by banks to verify that the payment information, based on which settlement stamps have formed, is correct. A plaintext part of BEM information. This is used in situations where the encrypted BEM part cannot be decrypted to find out the possible cause of the problem. An encrypted part of BEM information. The information in this part is used for actual BEM settlement processing. Some of the fields (such as liquidity balance) are present for disaster recovery purposes and not used for actual settlement processing. An encrypted part for HSM information. This part is used between two HSMs for settlement processing.

14 Stamp structure 2/4 E-Settlement stamp parts are interlinked to facilitate cross-checking of stamp parts E-Settlement stamped payment E-Settlement stamp Bank BEM cleartext BEM encrypted HSM encrypted Hash code Hash code Sum and balance

15 Stamp structure 3/4 Cryptography of BEM/HSM encrypted stamp part SHA1 with RSA signature (sender s private key) Triple-DES encryption RSA key wrapping for intended participants (receiver s public key) The BEM and HSM stamps fields are compared to keep BEM and HSM information always synchronized

16 Stamp structure 4/4 Stamp parts contain the following information: Key payment info from the bank Cleartext transaction info to facilitate disaster recovery (sender, receiver, transaction ID) Encrypted settlement info: transaction sum, liquidity balance, sender/receiver, continuous reconciliation info (cumulative bank-to-bank sum & number) Encrypted HSM settlement info (sum, balance)