policy on standardization of airport access security 14.may · policy on standardization of airport...

Security Solutions & Services

May

14,

200

8

Policy on Standardization of Airport Access Security 14.May.2008

1 Security Solutions & Services

May

14,

200

8Agenda

What’s happening in aviation security?

What are the key policy drivers?

What’s happening to improve the situation?


May

14,

200

8Six events, all at once

Security breachesPicked up by the press OMG factor

Leads toCongressional actionConsortium/Association actionsDHS/TSA regulatory initiativesTSA specificationsRumored HSPD on biometrics for airports

Oy…


May

14,

200

8Generalized Weaknesses for IdM-CIS

(Weaknesses are numbered, specific aspects are lettered)1.Inappropriate Granting of an ID Card (or unwarranted Credential approval)a. Undetected ineligibility based on citizenship/immigration statusb. Undetected previous derogatory information – DHS c. Undetected previous derogatory information – Criminald. Undetected previous derogatory information – Employmente. Mis-adjudicated identified derogatory/eligibility information – all sourcesf. Insider support to avoid disqualification (NOTE: in items a-f, consideration must be given to both proactive imposters and inadvertent oversights/errors. Proactivity could take the form of aliases, false SSN, forged/tampered breeder documents, collusion, etc.2.Fraudulent use of Active ID Card by Impostera. Lost and unreported ID Cardb. Stolen ID Card (and possibly PACS PIN) prior to reporting as stolenc. Cloned ID Card (and possibly PACS PIN)d. Spoofing biometrically enabled ID Card3.Uncontrolled Revoked ID Carda. Local Privileges not removed with knowledge of ID revocationb. Local Privileges not removed due to absence of knowledge of revocation (e.g. transient employees with PACS Interoperable ID Card)

i. Failure to report revocation by sponsor to issuerii. Failure to report revocation by issuer to central services iii. Failure to request revocation information from central serviceiv. Failure to disseminate revocation information to PACS decision pointsv. Failure to validate revocation status at decision point

c. Gain access at unattended, PACS controlled entry point using piggybacking (incidental)d. Gain access at unattended, PACS controlled entry point using piggybacking (collusion)e. Gain access at attended (not PACS controlled) entry point (photo sufficient likeness, human Identity verification error by attendant, attendant not diligent, etc.) (NOTE: italicized items are not IdM-CIS related issued, but rather are PACS related or external)

EAA/TSP

Checkpoint

OPSPublic

TerminalArea

SterileTerminal

Area

Secured Area&

SIDA

Air Operations Area(AOA)

LANDSIDE(Parking &TerminalEntrance)

Gate

Employee Parking

Cargo / Mail

Remote orin-Terminal..

FBO / GA

Catering

Apt Maint &Vehicles Trash

ARFF/Structural

AircraftMaintenanceSCA-3

300 Ft

ConstructionVehicles & Changes

Military & Joint Use

VendorSuppliesSCA-3

300 Ft

FIS

VIP

LEO G

G

G

TaxiBus

Limo

CourtesyVans

Rental Cars Train

Train

CHRC/ID

ACS

Escort

Challenge

T&D

DDR

Exit

A

T

C

•Curbside checkin

Utility tunnel

FuelNatural Barrier


May

14,

200

8Who Owns the Problem?

By regulation and current law – AirportsFull ID verification to make an access decision

ID Proofing may have been done by the employer

Threat assessmentFederal componentLocal component

Issuance, activation and revocation

In the futureID Proofing by DHS?Why are airports liable for the failure of EEV, STA, SAVE, etc.?


May

14,

200

8Many Parallel Events

14.March.2008 - Federal Identity and Credentialing Committee’s architecture working group published the draft Back-end Attribute Exchange Architecture and Technical Specification (BAE Spec)1.April.2008 - National Institute for Standards and Technology published Special Publication 800-116 (SP800-116) in draft form2.April.2008 - AAAE forms the Biometric Airport Security Identification Consortium (BASIC)29.April.2008 - RTCA Special Committee 207 voted approval and completion of its work on the revisions to the DO-230A. This work is anticipated to publish as the DO-230B in June.2008.29.April.2008 - The TSA just published to airports their draft Aviation Credential Interoperability Solution (ACIS) Technical Specification to the aviation community7.May.2008 – HR 5982??? – HSPD ?


May

14,

200

8Congressional

H.R. 5982 - The Biometric Enhancement and Airport-Risk Reduction (BEAR) Act of 2008The bill requires:

The Transportation Security Administration (TSA) to study existing and proposed industry programs that enhance our biometric security systems at airports. TSA to study how airports can transition to uniform, standards-based and interoperable biometric identifier systems for airportworkers with unescorted access.TSA to submit to Congress a breakdown on best practices for issuing biometric credentials for airport workers. The Secretary of Homeland Security to spearhead a working group with industry stakeholders to strengthen private and public partnerships as they support the Secretary and Assistant Secretary in carrying out this Act.


May

14,

200

8ID and Systems – managing the risk

RTCA DO-230B takes a System of Systems approach

Offensive strategies for positive controlsIdM-CISPACS

Defensive and response strategiesIntrusion Detection and Perimeter DetectionVideo Surveillance

Central to allCommunications infrastructureSecurity Operations Center (SOC)

New territoriesInteroperable credentials


May

14,

200

8What is the key driver?

Identity Assurance for an access decision

FIPS 201 compliant technology and processesCredentials defined have three missions

Personal Identity Verification (biometrics)Physical Access – PACSLogical Access (PKI) – LACS

FIPS 201 is critical enabling technologyDefines opportunity for

Convergence between PACS and LACS

More importantly – Identity Assurance


May

14,

200

8Depending on your point of view…

HSPD-12 drove Federal Agencies to converged IDExtensive use of PKI in Federal applicationsFIPS 201 was driven by PKI policies and methodsPACS was secondaryFocused on interoperability across the federal enterprise

Aviation environment defined by DO-230BDriven by Physical Access for safety and security of airport facilities and personnelLogical access using PKI is mentioned, but not exploited

In airports, interoperability is _not_ requiredFor the moment, that is

FIPS 201 is upside down!


May

14,

200

8Consider the Opportunities

Identity AssuranceConfidence in WHO we are granting access to assets

ConvergenceOne person, one ID card, common understanding of accessRevoke the ID card, revoke all access to the airport’s networks, systems and servicesUsing PKI login

DoD experience: 90% reduction in penetration of critical systems

Coordinated Identification Friend/Foe


May

14,

200

8System of Systems


May

14,

200

8

IdentityAuthority

Person/ Subject

ApplicationAuthority

Link at enrollment and vetting

Link atprivilege granting

Link at use

AnAnID cardID card

asserts theasserts theidentity of theidentity of the

legitimatelegitimatecardholder,cardholder,

but may not grant explicitbut may not grant explicitprivilegeprivilege

Identity Assertion

Identity Assertion

Subject VerificationSubject Verification

Attri

bute

Cer

tifica

tion

Attri

bute

Cer

tifica

tion

TransferTrust

EstablishTrust

•Collect Biographic•Collect Biometric•Collect/examine Breeder•Collect/examine sponsorship•Sign complete enrollment

Data

•Evaluate Enrollment data •Adjudicate•Resolve disputes•Redress

•STA/CHRC•Revoke

•Check Duplicate aviation wide•Identify local duplicates

•Issue•Renew•Re-issue•Re-Enroll

Federal/State/LocalBusiness Suitability

External revocation

•Print•Personalize•Control Inventory

•Confirm applicant Identity•Finalize card•Confirm operation•Issue

•Receive•Secure prior to issuance •Send/Ship cards

•Send enrollment

ExternalDuplicate IDService(aviation wide)

PACS/LACSPACS/LACS

Sponsor

Applicant

Cardholder

Bearer

Participant

Subject

Sponsor

Enroll & Approve

Apply

Issue Card

Register to PACS

Cardholder

Authorized Cardholder in ISSA

CardholderImposter

Trusted Agent

Trusted Agent

Trusted Agent

Cert Auth

PACS Federated IDGateway

EnrollmentApplicant

IDMS CMS

Issuance Workstation

Threat/Risk Assessment

Cardholder

Federated IDGateway

Federated ID svcs

DHS/TSA

EAA

TSP

1:n Biometrics

ID Management and Credential Issuance

System

ID Management and Credential

Issuance System

1:n Biometrics

PACS

IDMSCMS

Card Production Facility


EnrollmentApplicantIssuance

WorkstationCardholder

SSP Cert Auth

3rd Party Shared Service Providers

Federated IDGateway

Federated IDGateway

Airport Owner/Operators

Airlines

DHS

-----

Local Law Enforcement

Issuance Workstation

SSP Cert Auth


Enrollment

Applicant

IDMS CMS

Card Production Facility

Participant

RegistrantRegistration Workstation

1:n Biometrics

Cardholder


ID Management and Credential Issuance System

Person ID || Credential Data || Attribute DataPI Pointer Pointer

MinimalID RecordNever divulged

Credential Data TablesDriver’s LicensePassportSocial Security CardTWICACIS credentialSIDA 1 – lostSIDA 2 – expiredSIDA 3 – current…

Attribute Data TablesFingerprint Images

Iris ImagesFacial Image

Fingerprint TemplatesNameAddr

Contact…

StatusAudit Activity

Breeder Documents

Operational/Issued Credentials

IDBinding

Customer Svc Info;

Operational Security Info

Encrypted at rest

IdM-CIS

SSP Cert Auth

Federated IDGateway


PACS Federated IDAppliance

Applicant

Registration Workstation

IdM-CIS

SSP Cert Auth

Federated IDGateway


Applicant


IdM-CIS

SSP Cert Auth

Federated IDGateway


Enrollment

ApplicantAccess Card

Applicant


IdM-CIS

SSP Cert Auth

Federated IDGateway


Federated IDGateway

Attributes

SSP Cert Auth

IdM-CISFederated IDGateway

Applicant


May

14,

200

8Summary about Interoperable ID

ID is not the end gameNeed both offense and defense involvedRecognize challenges of our real world securityNot just about “me”, more about “situational awareness”

Interoperability is an end game – the critical toolEnables management of situationsReduces costs, security risksImproves efficiency

Shared Services are criticalDuplication checking reduces ID fraud and known risks

Secure ID can be expensive – Share the load…


May

14,

200

8TSA ACIS

ACIS, in current draft, enablesPhase 1 - Identity Assurance, through a standardized ACIS credential and trust model, supporting local decisions for access controlPhase 2 - Field challenge programs for identity within an airportPhase 3 - Over time, the opportunity for an interoperable access tool

Carefully designed, it does not specify contactless operations until phase 3

Allows use of existing PACS infrastructureSupports migration planningAllows time for interoperable contactless biometric application to be developed


May

14,

200

8BASIC

BASIC Concept of Operations thumbnail: Airports participating in BASIC have identified several key principles that must be part of any future biometric-based badging and access control systems, including:

Safeguards on local control and issuance of credentials,Leveraging of existing capital investments and resources,Open architecture and local determination of qualified vendors, andPhased implementation that migrates over time.

No public meetings yet. These are anticipated soon. Should gain significantly from prior art

RTCA DO-230BACIS specificationRTIC process (not necessarily resulting spec)


May

14,

200

8Concerns to Manage

FederationWhen and if it is needed

Privacy and securityOf the information in the credentialOf the information in databases/on networksOf the information printed on the credentialAgainst attackersBy policy and law

Weighed againstOperational needExpectations of the bearer


May

14,

200

8ID coming to you

Federal Initiatives advance around FIPS 201Drives lower costs of total system ownershipMitigates risks for fraudulent access

Impacts parallel environmentsHospitalsAirportsEnterprise seeking to do business with GovernmentEnterprise with extranet relationships

Opportunities to exploit OpenIDUse of a secure ID in your customer relationship


May

14,

200

8Significant Areas Yet to be Addressed

Identity Assurance technology for interoperability is there

Policies and cultures yet to be updatedVisual ID challenge programs vs. Electronic challengeTrust infrastructures

Federal Bridge availabilityAccess to NACI or ability to define equivalency

Technologies to finalizeFederated ID gatewaysLook to Back-End Attribute Exchange Specification by GSA AWG

Security Solutions & Services

May

14,

200

8

Thank You!Stephen P. Howard

VP Business Development, Identity ManagementThales e-Security, Inc.

[email protected]