Government Smart Card Interagency Advisory Board Moving to SHA-2: Overview and Treasury Activities October 27, 2010
Interagency Advisory Board Meeting Agenda, October 27, 2010 1. Opening Remarks 2. A Discussion on the Implementation of Treasury s SHA-256 (Mike Cockrell and Darren Kiel, Treasury HSPD-12 / IdAM PMO) 3. The Relationship of Fair Information Practice Principles to Identity and Credentialing Programs (Helen Foster, DHS and Naomi Lefkovitz, FTC) 4. The Impact of Identity Theft (Anne Wallace, Identity Theft Assistance Corporation) 5. A Discussion on the Improvements to FPKI Infrastructure (Judy Spencer, GSA and Chris Louden, Protiviti) 6. Closing Remarks
Moving to SHA-2 Today s Agenda 1. Introduction: Treasury HSPD-12 high-level solution architecture 2. SHA-2 overview: drivers, requirements and impact 3. Treasury activities: Treasury s SHA-2 migration plan 4. Audience engagement: Participation and feedback from you 5
Moving to SHA-2: Introduction Treasury HSPD-12 high-level solution architecture Treasury continues to work with GSA to ensure SHA-2 compliance on Treasury PIV cards Treasury Production Migration: November 7 GSA Production Migration: Early-mid December 6
Moving to SHA-2: Overview The need to migrate to SHA-2 Weaknesses recently discovered in SHA-1 dramatically lower its practical security strength below 80 bits, to the point where it is theoretically possible to produce a collision This in turn puts trust at risk for Federal PIV-reliant applications Examples: Someone is authenticating to my network environment as me Someone authored this document, but it wasn t me My application trusts a PIV certificate signed by a rogue CA because it looks trustworthy 7
Moving to SHA-2: Overview SHA-2 requirements and recommendations To mitigate this risk, the Federal community is migrating to SHA-2, which employs up to 256 bits of security and strengthens the PIV PKI trust model The Federal community has published various documents reflecting the need to move to SHA-2, particularly as it pertains to digital signatures, by the end of 2010: NIST SP800-57, Recommendation for Key Management. http://csrc.nist.gov/publications/pubssps.html NIST SP800-78, Cryptographic Algorithms and Key Sizes for Personal Identification Verification (PIV). http://csrc.nist.gov/publications/pubssps.html DRAFT NIST SP800-131, Recommendation for the Transitioning of Cryptographic Algorithms and Key Sizes http://csrc.nist.gov/publications/pubsdrafts.html NIST s Policy on Hash Functions. http://csrc.nist.gov/groups/st/hash/policy.html Federal Common Policy. http://www.idmanagement.gov/fpkipa/ 8
Moving to SHA-2: Overview Impact to PIV card usage Not all PIV-reliant solutions support SHA-2 According to Microsoft, Windows Vista, Windows 7 and Server 2008/2008 R2 provide full SHA-2 support Windows XP SP3 and Server 2003 SP2, with hotfixes applied, provide limited support, though they are incapable of generating new hashes based on SHA-2. http://blogs.technet.com/b/pki/archive/2010/09/30/sha2-and-windows.aspx Other PIV-reliant solutions vary in SHA-2 capability. Sources for determining solution interoperability: Vendor material, such as product documentation and administrator guides FPKI SHA-256 Tracking Spreadsheet (via SHA-256 WG mailing list) NIST material, such as the Secure Hash Standards Validation List. This is a list of products that have been validated for SHA-1, SHA-224, SHA-256, SHA-384, and SHA-512. http://csrc.nist.gov/groups/stm/cavp/documents/shs/shaval.htm Test results 9
Moving to SHA-2: Overview Federal recommendations for SHA-256 readiness Recommendations from the Federal PKI Policy Authority (Source: FPKI SHA-256 Memorandum. October 07, 2010) Inventory existing PK-enabled applications that use certificates for authentication, digital signature and/or encryption Determine which applications are at risk by verifying COTS SHA-256 support and minimum required versions Request SHA-256 signed test CA certificates from the FICAM SHA-256 Test Infrastructure (email: wendy.brown@pgs.protiviti.com) or through the GSA/ USAccess Program (email: stephen.duncan@gsa.gov) Create a SHA-256 test plan, testing three fundamental capabilities: Capability to accept SHA-256 signed PIV certificates and CRLs Capability to process SHA-256 signed data Capability to produce SHA-256 signatures Report test results to: https://www.idmanagement.gov/fpkipa/sha2 Contact FPKI.Webmaster@gsa.gov for username/password Contact FPKI.Webmaster@gsa.gov to obtain further SHA-256 information or participate in the SHA-256 dialog 10
Moving to SHA-2: Treasury Activities Treasury PKI SHA-2 migration plan Phase 1 - Test Card Acquisition: Treasury Bureaus acquired test cards and device certificates issued with SHA-2 Phase 2 Application Testing: Bureaus test applications against development environment Periodic, temporary transition of development PKI environment is necessary Bureaus have further opportunities to obtain SHA-2 PIV cards and device certs Phase 3 Development Transition: Development PKI environment permanently transitions to SHA-2. This includes all Treasury-issued certificates and validity data Development CA certificates are also re-keyed to reflect SHA-2 Treasury is currently in this phase Phase 4 Production Transition: Production PKI environment permanently transitions to SHA-2. This includes all Treasury-issued certificates and validity data Production CA certificates are also re-keyed to reflect SHA-2 Other activities such as Federal Bridge re-certification may occur at this time Bureaus do not need to re-key cards previously issued with SHA-1 11
Moving to SHA-2: audience engagement Has your organization started using SHA-2 already, and if so, what were your biggest lessons learned? Examples: Issue PIV/PKI certificates and validity data with SHA-2 Domain authentication using SHA-2 PIV card Remote access using SHA-2 PIV card Sign and validate SHA-2 secure email What are some of the biggest challenges preparing for SHA-2 as your organization has discovered? Does your organization have remaining SHA-2 issues to address prior to the end of the year? 12