0

Digital CertificationStandards and Policies

Jacqueline KnollBoeing

1

Why?

♦ Secure way to transmit critical data across a public network

♦ Ensure integrity of information received and a way for the recipient to verify this fact

♦ Validate the identity of the sender♦ In a more vulnerable environment, data

security has risen to the top of the agenda ♦ As electronic data use increases, requirement

for proof via Non-Repudiation becomes increasingly important.

2

Original Member Companies

♦Airbus AE GE♦Air France KLM♦ARINC Northwest♦Al Italia Pratt & Whitney♦Boeing Rockwell Collins♦British Aerospace Rolls-Royce♦British Airways SITA♦Snecma United Airlines ♦CertPlus The Open Group♦Carillon Information Security♦Delta

3

Digital Certificate Working Group

♦A “Community of Interest” Working Group– Recognized need for digital signatures to improve security– Respond to industry requirements to reduce paperwork– Agreed to establish a standard methodology for the acceptance of X.509 certificates to support the use of Digital Signatures.

.

4

2002 Goals

♦Establish an Air Transport standard for the issuing and acceptance of digital certificates to support individual identity and digital signature of participants.♦Allow Subscribers to use the same certificate at multiple locations once acceptance agreements are established.♦Demonstrate the technology between two real entities. ♦Education & Communication with our customers and sponsors

5

2002 Achievements

♦Standard Certificate Policies coveringAssurance Levels 1-3 (Class 1-3)♦Standard Framework for operation of Policies♦Test Plan available for Airlines, Manufacturers, Regulatory Agencies♦Technical Assistance available to help adoption of technology

6

2003 Goals

♦Gain acceptance & support from ATA for establishment of an Aerospace Bridge CA♦Work with other Aerospace organizations to build the Aerospace Bridge CA using DCWG standards♦Work with Federal Public Key Infrastructure (PKI) Steering Committee& the Office of Electronic Government for cross-certifying ABCA

7

2004 Achievements

♦The Aerospace Bridge project is launched by ARINC, SITA & Exostar “CertiPath”♦Established standards for X.509v3 will be honored♦The Federal PKI Steering Committee Chair participating in cross-certification policy requirements for CertiPath to the FBCA♦Boeing & Airbus following DCWG X.509 v3 standards in their PKI implementations

8

2004 and BeyondNo resting on our laurels

♦ Data security– The use of public networks to send and receive

safety critical data – Airlines using data received on the internet to

maintain their aircraft must be able to verify:• The data is appropriate for the aircraft• The data has not been modified in transit• The data has been sent by an authorized employee of the

manufacturer or OEM

9

The 9/11 Report

♦ The 9/11 Report requires stronger security at airports and a solution for non-responding aircraft……………however

♦ No new regulations for data security♦ All voluntary – it is up to the airline industry to

implement a standard way to ensure the – Confidentiality of data sent and received– Authentication of the sender

10

The Case for PKI

11

Business Need

♦ Transaction security between systems and entities including airplanes

♦ Real-time online collaborative working environments

♦ Digital signatures on documents & code

♦ Secure role-based application access

♦ Universal method for certificate exchange

♦ Secure e-mail

Secure document exchange and collaborative engineering

12

Government and Digital Certificates

♦ There are substantial efforts being made in thegovernment and defense sectors to protect the integrityand confidentiality of data

♦ US/UK government defined PKI architecture for cross-organization identity federation– US Government Federal Bridge– UK cross-certification to Federal Bridge– HSPD-12 and FIPS 201(Policy for Common Identification

Stand for Federal Employees & Contractors)

♦ DoD requiring medium-level identity assurance certificates to access DoD websites and to digitally sign unclassified documents

13

Digital Certificates & the ATA Electronic Documentation Task Force

♦ Develop an industry specification for standardized processes and associated technologies to enable electronic creation, transmittal, and storage of aircraft product and parts airworthiness documentation (such as the FAA 8130-3/JAA Form One). Key factors include:

– Adoption of a data-centric approach for the definition and transmission of information, rather than a document-centric approach.

– Leverage existing regulatory guidance regarding the use of electronic signature– Recommendations must meet applicable legal and regulatory requirements.– Application of available technologies and best practices for digital security

♦ First aviation industry initiative to truly REQUIRE the use of digital certificates

– Electronic-based mechanism will replace paper-based process– Security/trust will be GREATER than the paper-based process– Builds upon foundation of the FAA documents/US governments on digital data and

signatures

♦ Data Security– Key behind security for this process is the ability to identify, authenticate and TRUST

the originator of the transmitted/stored data (authentication)– Be able to trust that the data has not been tampered with (data integrity)– Assurance that data was sent (non-repudiation of transmission) and that the data was

received by the intended recipient (non-repudiation of receipt)

14

Industry & Digital CertificatesA Love/Hate Technology

♦ Industry is fragmented but increasing demand for common identity management framework– Imperative for partner collaboration; requirement for

common authorization service– Certificate sharing for confidentiality, authentication

and non-repudiation

♦ Need for industry interoperability – Reduce costs and – Reduce need for multiple credentials

15

CertiPath Architecture

♦ Provide interoperability of existing credentials across industry and government

♦ Provides relying parties a Trust Path to validate digital certificates issued by other organizations

♦ Bridge issues cross-certificates to enterprise CAs

BoeingAirbus/EADS

LockheedMartin

NorthropGrumman

RollsRoyce

CertiPath – PKI Commercial Bridge

Bridge Model

DoD NASA DoT DHS

Federal Bridge CA

CA Providers:- ARINC- Exostar- SITA

SME & companies which do not want to operate

their own CA’sOther Govt. Bridges (EU, AsiaPac, Middle

East, etc.) & other industry Bridges (automotive, transportation/cargo, banking,

etc.)

16

The Vision

Single electronic employee credential:§ Used and accepted across multiple organizations§ Legally binding, global electronic signatures § Easy and straightforward§ Obtained from an accredited source

of the user’s choice

Secure Badge and

PIN

Trust-based, collaborative

framework using standard electronic

processes to conduct business

transactions

CompanyC

Trust

CompanyB

FAA

DoD

DOS

Commercial Bridge Federal Bridge

CompanyA

CompanyD

If the bridge trusts you, then we trust you

17

Communication

Channels

Boeing

PartnersPartnersCustomersCustomers

AircraftAircraftSuppliersSuppliers

Applications

Data

Boeing Boeing UsersUsers

IT Infrastructure Challenges

External users include partners, customers, suppliers, governments, and sometimes competitors…

They access Boeing from different technical, political, corporate and jurisdictional environments outside of our control.

The access ranges from external web browsing to deep penetration into corporate applications and data necessary for joint collaboration.

Applications and data are typically protected by vulnerable operating systems and application systems which are readily accessible once inside corporate network.

Internal users often work from home or in transit in potentially hostile environments and bring the same machines or data inside the corporate network either physically or virtually using VPNs.

18

BoeingBoeing

Partner APartner A

Authentication FlowWeb Single Sign On (WSSO) service

Application AApplication A

Application BApplication B

Partners, Customers, and suppliers authenticate locally and send credentials

Boeing employees use X.509 enabled SecureBadge and PIN

External credentials:First choice – SAML assertionsAlternative – X.509 Certificates

19

Policy Decision and Enforcement

Policy Store

Dynamic Data Feeds:Principal Attributes,HR Data, Roles, Env, etc.Resource information

Static Data:Principal Identities, Corp. Policy, Contracts, Business and Legal Req, etc

External Policies:Partners, Customers,Suppliers, Government,Legal and Regulatory

Access DecisionsAccess Decisions

RedirectedRedirected Access Access RequestsRequests

Applications

Data

Access RequestsAccess RequestsPrincipal:Principal:

Person, Person, Application, Application, or Aircraftor Aircraft

Policy Enforcement

Point

Targeted Targeted Resource:Resource:

Application, Application, Data, Network, Data, Network, or other or other resourceresource

Policy Store:Policy Store:

Directories, databases, Directories, databases, etc. accessed through a etc. accessed through a common interfacecommon interface

Policy Engine

AccessAccess

AccessAccess

Policy Management

Identity Management

20

Multiple Collaborative Identity Management Efforts

NAC

TSCP

AFEII-CIDM

Common Objectives – Efforts Aligned

Statement of Requirements for

Common Framework

Identity Management & Technical WG

Namespace & Application Standards

ATA

DCWG Technical working group for Digital Standards

& Policies

21

DCWG Next Steps

22

2005 Objectives

♦ Support DCWG promotion of Collaboration and Identity Management standards using PKI as theenabling infrastructure it was intended to be

♦ Harmonize digital credential standards

♦ Focus on Aircraft Data Security Infrastructure– Looking at the dynamic security requirements of a

connected aircraft

23

?

24

TSCP Summary

Export Control Guidance CIDM Framework Guidance

§ Enable secure exchange of export control data in a manner that complies with US, Canadian, UK laws and regulations, with a view to extending operation to other European countries and Australia

§ Monitor and control the onward transmission of export controlled data

§ Disallow unauthorized access to data

§ Provide an affordable, manageable and scaleable mechanism to monitor, control the access to and transfer of data, and audit compliance

§ Provide manageable and cost effective mechanisms for ongoing verification of authorized users and support accreditation requirements for sharing of export controlled information

§ Address legacy export controlled data in new environment

§ Develop recommendations that can be implemented using current technologies

§ Design an affordable, manageable and scaleable identity management framework for collaboration

§ Provide identity proofing within and across the organizations

§ Support role management within and across the organization

§ Provide interoperable yet manageable identity schemas that can be utilized by a wide range of organizations

§ Protect the intellectual and proprietary data through identity proofing and role management

§ Enable collaborative access to sensitive information controlled for purposes of national security (e.g. UK RESTRICTED and US Controlled Unclassified Information)

§ Comply with privacy regulations

§ Support digital signature or other requirements for contractually binding agreements

§ Identify affordable CIDM technical solutions to collaborative participants that find PKI cost-prohibitive while building technical solutions that can still use the advanced capabilities provided by PKI

§ Satisfy information sharing requirements for certification and accreditation

§ Develop guidance for multiple stakeholders, including companies, governments, certifying and registration authorities, and Bridge providers that can be implemented quickly in a variety of environments

Phase 2June 2004

Phase 1March 2003

Secure Collaboration Framework

“Generic DMZ Requirements”

Export Compliance and Identity and Access Mgmt Issues

“Commercial Bridge Requirements”

Phase 32004-2005

• Bridge Validation through Pilots/Demonstrators• Demonstrate Secure Data Exchanges

25

International Collaborative Identity Management (I-CIDM)

♦ Formed on 5/25/2004 by Association for Enterprise Integration (AFEI)

♦ Working Groups:– Bridge2Bridge

Identifying and addressing issues concerning Bridge-to-Bridge cross-certification in the cross-organizational space

– TechnicalTechnical issues with making PKI work at the application layer in an end-to-end trust environment across 2 bridges

– Identity Proofing & VettingIdentification, capture, and gap analysis of relevant documents

26

CertiPath

♦ Joint Venture organization to develop and operate a Commercial PKI Bridge Service for A&D – ARINC– SITA – EXOSTAR

♦ Cooperation and Competition– Jointly Own and Operate the bridge addressing the

stability of CertiPath– Provide the industry with three Competing vendors

that supply similar Digital Credentials (PKI Certificates)

27

CertiPath Industry Value Proposition

♦ Leverage Technology investments not “rip and replace”

♦ Reduced Cost and Complexity – single cross-certification for customer, partners and suppliers

♦ Maintains company security policy autonomy, while guaranteeing interoperability– CertiPath facilitates Peer-to-Peer relationship,

– Common trust framework that is legally binding

♦ CertiPath is owned by companies that are currentlyprovide mission critical services to the A&D– Common infrastructure for survivability and redundancy– Retains competition for digital certificates and value-added services