Annex B : Time-stamps using digital signatures

Transcription

1 Annex B : Time-stamps using digital signatures [unofficial version] revised I. DEFINITION 1. Definition of the service In this mechanism, the TSA assures the reliability of time-stamp tokens by digitally signing each time-stamp token with a specific key for that purpose, where the TSA s corresponding public key certificate has been issued from a trusted CA (Certification Authority). The time-stamp token contains a hash value of a data item to be time-stamped, a time value at which the time-stamp token has been generated, the public key certificate (TSA certificate) or its issuer information and information about a signature algorithm and key length for the digital signature used. The time-stamp token is further digitally signed with the specified signature algorithm by the TSA. For verification of a time-stamp, a series of following procedures, (1) verification of a hash value of the data item targeted for time-stamping, (2) verification of the digital signature of the time-stamp token, (3) verification of a valid certification path including CRL(Certificate Revocation List) confirmation, are executed. The verification by an entity which possesses a time-stamp token, shall be possible without depending on the TSA. In this service, the reliability of time-stamp verification depends on the reliability of the digital signature applied to each time-stamp token. Consequently, the TSA is required to create digital signatures with the private key to which the public key certificate has been issued from the trusted CA, to use secure enough signature algorithms and hash functions, and is required to protect the private key used for signatures strictly. Relating standards: ISO/IEC , ISO/IEC , RFC Terms and Definition TSA certificate: The TSA must digitally sign each time-stamp token with the private key reserved specifically for that purpose. The public key certificate which proves this specific private key is called as a TSA certificate. The TSA certificate contains

2 information to identify the TSA, the issuing CA, its validity period and location of the CRL. The TSA certificate is digitally signed by the CA. Verification: over-all procedure for entity which possesses time-stamp tokens to confirm their authenticity and validity. The verification consists of three processes shown below, 1 the process to compare a hash value computed from the data item targeted for time-stamping with the hash value contained in the time-stamp token and to confirm coincidence of two values. 2 the process to decrypt the digital signature of the time-stamp token with the public key and to check consistency between the hash value obtained from the decryption and the recalculated hash value from corresponding components in the time-stamp token. 3 the process to confirm a valid certification path and revocation status of relating certificates. Tamper resistance: Resistance to tampering by which hardware and software systems used to protect sensitive information make external analysis of it difficult. Examples of tamper resistant mechanisms include a software system with contrivance to be resistant to analysis by disassembler etc. and a hardware system with contrivance to lose sensitive data stored in it automatically against deliberate decomposition of the hardware or giving a shock to it. Typical tamper resistant devices are HSMs (Hardware Security Module) certified by FIPS Requirements for tamper-resistant devices are ; 1. Leakage of internal data outside from devices is protected against malicious access into them. 2. Modification of internal data is prevented against external malicious access into them. 3. Modification of internal function is prevented against external malicious access into them. HSM: A cryptographic processing device which provides physically secure key management function by tamper resistant mechanisms and protects physically confidentiality of cryptographic processing by PCI bus specification module and IC card type. Examples of tamper resistant mechanisms include a mechanism to lose sensitive data stored in a HSM automatically against deliberate decomposition of its inner hardware or giving a shock to it, or against environmental changes such as temperature or atmospheric pressure.

3 The physical security level is assigned as FIPS140-2 and is assessed and certified by conformity assessment bodies. Requirements for HSMs are ; 1. Leakage of internal data outside from devices is protected against malicious access into them. 2. Modification of internal data is prevented against external malicious access into them. 3. Modification of internal function is prevented against external malicious access into them. 4. Requirements above are certified by official assessment bodies.

4 II. CRITERIONS OF TSA SERVICES (Time-stamps using digital signatures) 1 Technical issues 1-1 Time source The TSA shall offer measures by which subscribers or verifiers can identify the clock of the time-stamping server, that is, the time source to generate time-stamp tokens. 1-2 Accuracy of time source The clock of the time-stamping server shall be synchronized with UTC (NICT) within the accuracy of 1 second. 1-3 Assurance of accuracy The TSA shall possess measures to prove that the clock of the time-stamping server is being time-distributed by the TAs accredited by this program to assure the stated accuracy of the clock and that the TA is a third party or independent of the TSA The TSA shall possess measures to prove that the clock of the time-stamping server is being calibrated by the TAs accredited by this program to assure the stated accuracy of the clock and that the TA is a third party or independent of the TSA. 1-4 Identification and authentication of time-stamping servers The TSA shall ensure measures to identify and authenticate the time server of the TA which distributes time to the time-stamping server The TSA shall ensure measures for subscribers to identify and authenticate the time-stamping server which provides them with the time-stamping services. 1-5 Secure transmission paths from TSAs to subscribers The TSA shall ensure secure communications between the TSA time-stamping servers and subscribers. 1-6 TSA policy link in time-stamp tokens The information to identify the TSA policy uniquely, such as its identifier, reference information and hash values, shall be included in time-stamp tokens. 1-7 Data format of time-stamp tokens Data formats of a time-stamp token shall be clearly defined and published in the TSA policy. 1-8 Information to be included in time-stamp tokens The time-stamp token shall include; - an identifier for the TSA policy,

5 - a time value at which the time-stamp token has been generated, - a hash value for the data being time-stamped as provided by the requestor, - information on public key cryptography used, - a public key certificate or its issuer relating information, and - a signature value. 1-9 Information not to be included in time-stamp tokens The time-stamp token shall not include the information concerning the subscriber Integrity of time-stamp tokens The TSA shall provide measures to detect tampering with time-stamp tokens, in order to assure the integrity of tokens Cryptographic techniques to generate time-stamps Hash functions to calculate a hash value for the data to be time-stamped shall have at least security strength recognized by the e-government recommended ciphers list. In the case of SHA algorithm, SHA-256 or higher shall be used The public key encryption used to generate time-stamp tokens shall have at least security strength recognized by the e-government recommended ciphers list Private key protection The private signing key to generate time-stamp tokens shall be protected within a FIPS or FIPS level 3 or higher HSM (Hardware Security Module) Requirements for a public key certificate issued for the private signing key (TSA public key certificate) The signature algorithm used shall have at least security strength recognized by the e-government recommended ciphers list The certificate shall include the issuer s name The certificate shall include the subscriber s name or the subscriber s service name The certificate shall include the CRL (Certificate Revocation List) distribution points The certificate shall include validity period of the certificate Issuance, control, distribution and verification of the TSA public key certificate The certificate issued shall be for exclusive use of the TSA services The certificate or its issuance related information shall be included in a time-stamp token The certificate shall be issued by a third party or an entity independent of the TSA The information to show the propriety of the certificate shall be given Time-stamp token generating process

6 The TSA shall ensure that programs used to generate time-stamp tokens works correctly The programs shall be implemented so as to prevent their modification and the detected results of the modification shall be recorded if detected The TSA shall ensure and confirm that processes to generate time-stamp tokens are in operation correctly and that processes irrelevant to the generation of time-stamp tokens are not operated. The detected results shall be recorded if wrong processes are detected to have been in operation Quality of time in time-stamp tokens The TSA shall ensure that a time included in a time-stamp token is the distributed time from the accredited TA of this program The TSA shall provide measures to prevent issuing a time-stamp token if the clock of the time-stamping server is detected as being out of the stated accuracy Provisions for secure verification of time-stamp tokens The TSA shall provide secure communications between the time-stamp validation services and verifiers when the verification of a time-stamp token is performed by the TSA Requirements for verification process The TSA shall provide the appropriate verification measures to meet following requirements Verifiers or verifying tools can distinguish wrong or modified data format of a time-stamp token to be verified TSA public key certificate validation a) Verifiers or verifying tools can examine validity of the TSA public key certificate at the generating time of the time-stamp token when the certificate is being included in the token. b) Verifiers or verifying tools can acquire the certificate from the trustworthy repository and examine its validity when the TSA certificate is not being included in the time-stamp token. c) Verifiers or verifying tools can examine the signature validation created in the time-stamp token with the TSA certificate of which validity has been confirmed Verifiers or verifying tools can distinguish modification of the original data linked to the time-stamp token with it (the time-stamp token), when its validity has been confirmed Cryptographic techniques in communications Cryptographic techniques used in communications of the TSA services must fulfill at least security strength recognized by the e-government recommended ciphers list, when public key or secret key cryptography is used. 2 Operation & management 2-1 TSA services to be provided shall be defined clearly and shall include: to generate and issue time-stamp tokens,

7 2-1-2 to synchronize all clocks in the TSA services within enough accuracy of time, to generate and manage securely cryptographic keys used in the TSA services, to suspend usage of the corresponding key immediately and notify the subscribers of that relevant information when a compromise of cryptographic keys used in the TSA services has been detected, and to request revocation of the certificate immediately to the CA when the certificate of the public key paired with the private key used in the service is issued from the CA, to notify the CA of the fact in accordance with the form fixed by the CA when the TSA terminate its services or the information entered within the TSA certificate has changed, and to provide verification measures of time-stamp tokens or information related to the verification, to the verifiers. 2-2 Liability 2-1 The TSA shall disclose a policy relating to its liability and exemption of the liability of compensation 2-3 Organization and personnel management The TSA shall maintain the organizational independency to provide its services reliably The TSA shall dispose personnel which possess expertise and experience necessary for the services The structure and procedures under which the TSA operates shall posses internal checking mechanisms to prevent incidents The TSA shall assure that external checks like audit work upon it The TSA shall be able to specify the sources of incidents occurred. 2-4 Confidentiality The confidential information associated with security assurance shall be maintained and managed in accordance with a manual which describes rules, directives and procedures for handling the information Information about subscribers shall be protected so as not to be used for other purpose or not to be leaked, in accordance with a manual which describes the information classification and procedures for handling the information Storage equipment to maintain the confidential information shall be protected by key locks and isolated physically. 2-5 Temporal suspension and termination of TSA services The TSA shall determine the schedule and procedures of the temporal suspension or the termination of the TSA service in advance and shall publish or notify its information to all subscribers prior to its practice The TSA shall provide enough period of time for the subscribers to transfer to a successor TSA, in the event the TSA is terminated.

8 2-5-3 The TSA shall not make a temporal suspension of its services without pre-notifying, except for unpredicted emergency. 2-6 Subscriber s personal data The following procedures shall be executed when the TSA handles subscriber s personal data: The data shall be used only for the purposes for which they were collected The purposes of usage of the data shall be published in the TSA policy Disclosure of the data shall be permitted only when it is requested by the owner of it or his supervisors, or when it is required by law Access controls shall be applied to the data to assure confidentiality of the data The data shall be archived securely by storage system which protects falsification, deletion and leakage of the data, and also be archived so as to be accessible securely if necessary The backup of the data shall be provided to prevent their disappearance from emergency such as disaster. 2-7 Compliance audit The TSA shall be audited by third parties at least once per year to confirm that the services are being performed in conformity with the accreditation criterions The audit reports shall be completely and confidentially archived for a defined period of time The TSA shall disclose the audit results promptly to the accreditation body and shall also notify the procedures to deal with deficiencies pointed out by the auditor to it. 2-8 Provision against system trouble and disruption 8-1 The TSA shall stop its services urgently and shall start recovery work promptly when the accuracy of clocks of the time-stamping server is detected to be worse than the stated accuracy The TSA shall start recovery work promptly when the disruptions of hardware or software or data occurred, by using their backup. 2-9 Management of time-stamping server s signing key The generation of the time-stamping server s signing key shall be carried out in a trusted key generation system by personnel under, at least, dual control The signing key generated shall be stored within a HSM which meets the requirements identified in FIPS or FIPS level 3 or higher. The storage of the HSM shall be maintained by personnel under, at least, dual control so that it can not be taken out without the presence of no less than two authorized employees, for instance. The TSA shall not backup the signing key The creation of a digital signature by the stored key shall be processed within the HSM which meets the requirements identified in FIPS or FIPS level 3 or higher. The operation to connect the HSM to a time-stamp token creating system or the operation to activate the key stored in the HSM shall be carried out by using dual control.

9 2-9-4 The TSA shall archive the TSA public key certificate issued for the signing key with keeping integrity of it after its expiration to assure its availability The key shall be destroyed to prevent malicious use of it when it expires, or is revoked or compromised. The key destruction shall be performed by using dual control A private key to generate time-stamp tokens shall be re-keyed regularly in accordance with pre-determined life cycle and activation period of the key. The re-key period shall be determined appropriately in accordance with the TSA policy The life cycle and activation period of the key shall be determined appropriately in accordance with the latest security evaluation of the cryptography for hash functions to hash the subscriber s data to be time-stamped and for public key cryptography used to generate time-stamp tokens The TSA shall take precautions in advance against a leaked key or key compromise. The TSA shall notify or disclose to subscribers and relating parties immediately that the key has been revoked, when compromise of the key to generate time-stamp tokens has been detected Modification and operation of programs to generate time-stamp tokens In the case of modifying the programs to generate time-stamp tokens, the TSA shall show the modification to the accreditation body and shall obtain its check The implementation of the modified programs shall be performed by using dual control Management of keys used in communications The TSA shall manage cryptographic keys used in communications with the TA as following, when public key or secret key cryptography is used ; The generation of the keys shall be undertaken in a trusted key generation system by personnel under, at least, dual control The keys shall be stored in a physically secured environment The life-time of the keys shall be determined appropriately in accordance with the latest security evaluation of the cryptography used The keys shall be destroyed to prevent malicious use of them when they expire, or are revoked or compromised Validity period of time-stamp tokens The validity period of time-stamp tokens shall be determined appropriately in accordance with the latest security evaluation of the cryptography used and shall be notified to subscribers The TSA shall notify subscribers clearly of any possible limitations on the validity period, due to the security evaluation or compromise of keys and algorithms used to generate time-stamp tokens. 3 Facilities 3-1 Earthquakes The building containing the TSA facilities shall be conformant to the local earthquake safety

10 regulations Systems of the TSA services shall be implemented with precautions against earthquakes of predicted seismic intensity to prevent fall-down and fall-off of the instruments used. 3-2 Fires The building containing the TSA facilities shall be conformant to the local fire safety regulations. 3-3 Water exposures The building containing the TSA facilities shall be equipped with precautions against water exposures to the facilities. 3-4 Power 3-4-1The building containing the TSA facilities shall be equipped with power systems to ensure continuous and uninterrupted access to electric power. 3-5 Fire prevention and protection The building containing the TSA facilities shall be equipped with fire and smoke detection systems and with anti-fire provisions to prevent and extinguish fires. 3-6 Air conditioning The building containing the TSA facilities shall be equipped with air conditioning systems to control temperature and relative humidity. 3-7 Physical and environmental security The whole TSA servers shall be housed in locked specified rooms or locked cabinets to which only authorized personnel are permitted to access The room where the whole systems of the TSA servers are housed and the operation room shall be equipped with physical access control. 4 Network security 4-1 Access from external network Detection and protection systems (e.g. firewalls) shall be implemented to protect the TSA network and network-accessible resources from unauthorized access and attack from external network. 4-2 Internal network (LAN) The network-accessible resources in the TSA service shall be segmented properly by services or function groups (e.g. separation by layer 3 switches) to prevent unnecessary communications.

11 4-3 Servers and storages All servers related to the TSA services shall be configured appropriately to prevent accesses, applications, use of ports and others unnecessary for the operation of the services All servers related to the TSA services shall be managed appropriately (e.g. usage of security patches after careful examination, file consistency check, records of system logs and so on). 4-4 System availability The TSA shall take precautions against breakdown of the TSA system to assure service continuity capabilities. 4-5 Time synchronization of TSA system Clocks of all servers retaining event logs in the TSA system shall be synchronized within enough accuracy of time. 5 Disclosure and notification 5-1 TSA policy The TSA shall establish the TSA policy and make it available to be referred as occasion demands. The policy shall include; - the TSA information, - the identification information (e.g. OID) and the maximum allowable time offset of the time source used for the TSA services with respect to UTC, - information on the time audit (1) data format of a time audit certificate (2) information how to disclose time audit certificates and records when they are not contained in time-stamp tokens - the policy link to the TA which provides time distribution and time audit for the clock of the TSA time-stamping server, - the TSA services to be provided and the TSA obligations, - the liability and exemption of liability of compensation, - the technical information to assess security and trustworthiness of the TSA services, - the data format of a time-stamp token, - time scale for a time value included in the time-stamp token, - the hash algorithm used to represent the data being time-stamped, - the public key cryptography used to create a digital signature on the time-stamp token, - the validity period of time-stamp tokens (1) to state clearly validity period of the signature assured by hash algorithm and key length, activation period of keys and validity period of time-stamp tokens (2) to state clearly possible limitations on the validity period due to the security evaluation or compromise of keys and algorithms used to generate time-stamp tokens

12 - information necessary for verification of time-stamp tokens, - the TSA practice statement, - office hours to provide the TSA services, - the stipulation of services, - procedures to handle personal and confidential information of subscribers, - procedures for temporal suspension and termination of TSA services, - management of the signing key to generate time-stamp tokens, - procedures for system trouble and disaster, and - applicable law to be complied with. 5-2 Information to be disclosed to subscribers and parties related to subscribers 5-2-1The TSA shall disclose the following information to subscribers and parties related to subscribers in addition to the information included in the TSA policy by responding to its necessity; - contact information with the TSA, - time audit certificates and time-audit records, - the validity period of a public key certificate issued for the TSA, - information on the revocation of the public key certificate, - information to verify time-stamp tokens, - notes relating to utilization of the services provided by the TSA, and - information on how to claim disclosure of personal information related to subscribers. 5-3 Notification to subscribers The TSA shall make an effort to notify and contact promptly individual subscribers in the following cases; a) The TSA shall notify subscribers of temporal suspension and termination of TSA services in advance. b) The TSA shall notify immediately subscribers of the revocation of the key used for its services when a compromise of the key has been founded. c) The TSA shall notify promptly subscribers of the fact and a recovery prospect on the occurred system troubles, system disruption, or disaster. d) The TSA shall contact immediately with subscribers in the case that there is an alteration in the TSA policy being applied or the information to be disclosed to subscribers.