digital certification standards and policies - spec 2000 · solutions that can still use the...
TRANSCRIPT
1
Why?
♦ Secure way to transmit critical data across a public network
♦ Ensure integrity of information received and a way for the recipient to verify this fact
♦ Validate the identity of the sender♦ In a more vulnerable environment, data
security has risen to the top of the agenda ♦ As electronic data use increases, requirement
for proof via Non-Repudiation becomes increasingly important.
2
Original Member Companies
♦Airbus AE GE♦Air France KLM♦ARINC Northwest♦Al Italia Pratt & Whitney♦Boeing Rockwell Collins♦British Aerospace Rolls-Royce♦British Airways SITA♦Snecma United Airlines ♦CertPlus The Open Group♦Carillon Information Security♦Delta
3
Digital Certificate Working Group
♦A “Community of Interest” Working Group– Recognized need for digital signatures to improve security– Respond to industry requirements to reduce paperwork– Agreed to establish a standard methodology for the acceptance of X.509 certificates to support the use of Digital Signatures.
.
4
2002 Goals
♦Establish an Air Transport standard for the issuing and acceptance of digital certificates to support individual identity and digital signature of participants.♦Allow Subscribers to use the same certificate at multiple locations once acceptance agreements are established.♦Demonstrate the technology between two real entities. ♦Education & Communication with our customers and sponsors
5
2002 Achievements
♦Standard Certificate Policies coveringAssurance Levels 1-3 (Class 1-3)♦Standard Framework for operation of Policies♦Test Plan available for Airlines, Manufacturers, Regulatory Agencies♦Technical Assistance available to help adoption of technology
6
2003 Goals
♦Gain acceptance & support from ATA for establishment of an Aerospace Bridge CA♦Work with other Aerospace organizations to build the Aerospace Bridge CA using DCWG standards♦Work with Federal Public Key Infrastructure (PKI) Steering Committee& the Office of Electronic Government for cross-certifying ABCA
7
2004 Achievements
♦The Aerospace Bridge project is launched by ARINC, SITA & Exostar “CertiPath”♦Established standards for X.509v3 will be honored♦The Federal PKI Steering Committee Chair participating in cross-certification policy requirements for CertiPath to the FBCA♦Boeing & Airbus following DCWG X.509 v3 standards in their PKI implementations
8
2004 and BeyondNo resting on our laurels
♦ Data security– The use of public networks to send and receive
safety critical data – Airlines using data received on the internet to
maintain their aircraft must be able to verify:• The data is appropriate for the aircraft• The data has not been modified in transit• The data has been sent by an authorized employee of the
manufacturer or OEM
9
The 9/11 Report
♦ The 9/11 Report requires stronger security at airports and a solution for non-responding aircraft……………however
♦ No new regulations for data security♦ All voluntary – it is up to the airline industry to
implement a standard way to ensure the – Confidentiality of data sent and received– Authentication of the sender
11
Business Need
♦ Transaction security between systems and entities including airplanes
♦ Real-time online collaborative working environments
♦ Digital signatures on documents & code
♦ Secure role-based application access
♦ Universal method for certificate exchange
♦ Secure e-mail
Secure document exchange and collaborative engineering
12
Government and Digital Certificates
♦ There are substantial efforts being made in thegovernment and defense sectors to protect the integrityand confidentiality of data
♦ US/UK government defined PKI architecture for cross-organization identity federation– US Government Federal Bridge– UK cross-certification to Federal Bridge– HSPD-12 and FIPS 201(Policy for Common Identification
Stand for Federal Employees & Contractors)
♦ DoD requiring medium-level identity assurance certificates to access DoD websites and to digitally sign unclassified documents
13
Digital Certificates & the ATA Electronic Documentation Task Force
♦ Develop an industry specification for standardized processes and associated technologies to enable electronic creation, transmittal, and storage of aircraft product and parts airworthiness documentation (such as the FAA 8130-3/JAA Form One). Key factors include:
– Adoption of a data-centric approach for the definition and transmission of information, rather than a document-centric approach.
– Leverage existing regulatory guidance regarding the use of electronic signature– Recommendations must meet applicable legal and regulatory requirements.– Application of available technologies and best practices for digital security
♦ First aviation industry initiative to truly REQUIRE the use of digital certificates
– Electronic-based mechanism will replace paper-based process– Security/trust will be GREATER than the paper-based process– Builds upon foundation of the FAA documents/US governments on digital data and
signatures
♦ Data Security– Key behind security for this process is the ability to identify, authenticate and TRUST
the originator of the transmitted/stored data (authentication)– Be able to trust that the data has not been tampered with (data integrity)– Assurance that data was sent (non-repudiation of transmission) and that the data was
received by the intended recipient (non-repudiation of receipt)
14
Industry & Digital CertificatesA Love/Hate Technology
♦ Industry is fragmented but increasing demand for common identity management framework– Imperative for partner collaboration; requirement for
common authorization service– Certificate sharing for confidentiality, authentication
and non-repudiation
♦ Need for industry interoperability – Reduce costs and – Reduce need for multiple credentials
15
CertiPath Architecture
♦ Provide interoperability of existing credentials across industry and government
♦ Provides relying parties a Trust Path to validate digital certificates issued by other organizations
♦ Bridge issues cross-certificates to enterprise CAs
BoeingAirbus/EADS
LockheedMartin
NorthropGrumman
RollsRoyce
CertiPath – PKI Commercial Bridge
Bridge Model
DoD NASA DoT DHS
Federal Bridge CA
CA Providers:- ARINC- Exostar- SITA
SME & companies which do not want to operate
their own CA’sOther Govt. Bridges (EU, AsiaPac, Middle
East, etc.) & other industry Bridges (automotive, transportation/cargo, banking,
etc.)
16
The Vision
Single electronic employee credential:§ Used and accepted across multiple organizations§ Legally binding, global electronic signatures § Easy and straightforward§ Obtained from an accredited source
of the user’s choice
Secure Badge and
PIN
Trust-based, collaborative
framework using standard electronic
processes to conduct business
transactions
CompanyC
Trust
CompanyB
FAA
DoD
DOS
Commercial Bridge Federal Bridge
CompanyA
CompanyD
If the bridge trusts you, then we trust you
17
Communication
Channels
Boeing
PartnersPartnersCustomersCustomers
AircraftAircraftSuppliersSuppliers
Applications
Data
Boeing Boeing UsersUsers
IT Infrastructure Challenges
External users include partners, customers, suppliers, governments, and sometimes competitors…
They access Boeing from different technical, political, corporate and jurisdictional environments outside of our control.
The access ranges from external web browsing to deep penetration into corporate applications and data necessary for joint collaboration.
Applications and data are typically protected by vulnerable operating systems and application systems which are readily accessible once inside corporate network.
Internal users often work from home or in transit in potentially hostile environments and bring the same machines or data inside the corporate network either physically or virtually using VPNs.
18
BoeingBoeing
Partner APartner A
Authentication FlowWeb Single Sign On (WSSO) service
Application AApplication A
Application BApplication B
Partners, Customers, and suppliers authenticate locally and send credentials
Boeing employees use X.509 enabled SecureBadge and PIN
External credentials:First choice – SAML assertionsAlternative – X.509 Certificates
19
Policy Decision and Enforcement
Policy Store
Dynamic Data Feeds:Principal Attributes,HR Data, Roles, Env, etc.Resource information
Static Data:Principal Identities, Corp. Policy, Contracts, Business and Legal Req, etc
External Policies:Partners, Customers,Suppliers, Government,Legal and Regulatory
Access DecisionsAccess Decisions
RedirectedRedirected Access Access RequestsRequests
Applications
Data
Access RequestsAccess RequestsPrincipal:Principal:
Person, Person, Application, Application, or Aircraftor Aircraft
Policy Enforcement
Point
Targeted Targeted Resource:Resource:
Application, Application, Data, Network, Data, Network, or other or other resourceresource
Policy Store:Policy Store:
Directories, databases, Directories, databases, etc. accessed through a etc. accessed through a common interfacecommon interface
Policy Engine
AccessAccess
AccessAccess
Policy Management
Identity Management
20
Multiple Collaborative Identity Management Efforts
NAC
TSCP
AFEII-CIDM
Common Objectives – Efforts Aligned
Statement of Requirements for
Common Framework
Identity Management & Technical WG
Namespace & Application Standards
ATA
DCWG Technical working group for Digital Standards
& Policies
22
2005 Objectives
♦ Support DCWG promotion of Collaboration and Identity Management standards using PKI as theenabling infrastructure it was intended to be
♦ Harmonize digital credential standards
♦ Focus on Aircraft Data Security Infrastructure– Looking at the dynamic security requirements of a
connected aircraft
24
TSCP Summary
Export Control Guidance CIDM Framework Guidance
§ Enable secure exchange of export control data in a manner that complies with US, Canadian, UK laws and regulations, with a view to extending operation to other European countries and Australia
§ Monitor and control the onward transmission of export controlled data
§ Disallow unauthorized access to data
§ Provide an affordable, manageable and scaleable mechanism to monitor, control the access to and transfer of data, and audit compliance
§ Provide manageable and cost effective mechanisms for ongoing verification of authorized users and support accreditation requirements for sharing of export controlled information
§ Address legacy export controlled data in new environment
§ Develop recommendations that can be implemented using current technologies
§ Design an affordable, manageable and scaleable identity management framework for collaboration
§ Provide identity proofing within and across the organizations
§ Support role management within and across the organization
§ Provide interoperable yet manageable identity schemas that can be utilized by a wide range of organizations
§ Protect the intellectual and proprietary data through identity proofing and role management
§ Enable collaborative access to sensitive information controlled for purposes of national security (e.g. UK RESTRICTED and US Controlled Unclassified Information)
§ Comply with privacy regulations
§ Support digital signature or other requirements for contractually binding agreements
§ Identify affordable CIDM technical solutions to collaborative participants that find PKI cost-prohibitive while building technical solutions that can still use the advanced capabilities provided by PKI
§ Satisfy information sharing requirements for certification and accreditation
§ Develop guidance for multiple stakeholders, including companies, governments, certifying and registration authorities, and Bridge providers that can be implemented quickly in a variety of environments
Phase 2June 2004
Phase 1March 2003
Secure Collaboration Framework
“Generic DMZ Requirements”
Export Compliance and Identity and Access Mgmt Issues
“Commercial Bridge Requirements”
Phase 32004-2005
• Bridge Validation through Pilots/Demonstrators• Demonstrate Secure Data Exchanges
25
International Collaborative Identity Management (I-CIDM)
♦ Formed on 5/25/2004 by Association for Enterprise Integration (AFEI)
♦ Working Groups:– Bridge2Bridge
Identifying and addressing issues concerning Bridge-to-Bridge cross-certification in the cross-organizational space
– TechnicalTechnical issues with making PKI work at the application layer in an end-to-end trust environment across 2 bridges
– Identity Proofing & VettingIdentification, capture, and gap analysis of relevant documents
26
CertiPath
♦ Joint Venture organization to develop and operate a Commercial PKI Bridge Service for A&D – ARINC– SITA – EXOSTAR
♦ Cooperation and Competition– Jointly Own and Operate the bridge addressing the
stability of CertiPath– Provide the industry with three Competing vendors
that supply similar Digital Credentials (PKI Certificates)
27
CertiPath Industry Value Proposition
♦ Leverage Technology investments not “rip and replace”
♦ Reduced Cost and Complexity – single cross-certification for customer, partners and suppliers
♦ Maintains company security policy autonomy, while guaranteeing interoperability– CertiPath facilitates Peer-to-Peer relationship,
– Common trust framework that is legally binding
♦ CertiPath is owned by companies that are currentlyprovide mission critical services to the A&D– Common infrastructure for survivability and redundancy– Retains competition for digital certificates and value-added services