policy on standardization of airport access security 14.may · policy on standardization of airport...
TRANSCRIPT
Security Solutions & Services
May
14,
200
8
Policy on Standardization of Airport Access Security 14.May.2008
1 Security Solutions & Services
May
14,
200
8Agenda
What’s happening in aviation security?
What are the key policy drivers?
What’s happening to improve the situation?
2 Security Solutions & Services
May
14,
200
8Six events, all at once
Security breachesPicked up by the press OMG factor
Leads toCongressional actionConsortium/Association actionsDHS/TSA regulatory initiativesTSA specificationsRumored HSPD on biometrics for airports
Oy…
3 Security Solutions & Services
May
14,
200
8Generalized Weaknesses for IdM-CIS
(Weaknesses are numbered, specific aspects are lettered)1.Inappropriate Granting of an ID Card (or unwarranted Credential approval)a. Undetected ineligibility based on citizenship/immigration statusb. Undetected previous derogatory information – DHS c. Undetected previous derogatory information – Criminald. Undetected previous derogatory information – Employmente. Mis-adjudicated identified derogatory/eligibility information – all sourcesf. Insider support to avoid disqualification (NOTE: in items a-f, consideration must be given to both proactive imposters and inadvertent oversights/errors. Proactivity could take the form of aliases, false SSN, forged/tampered breeder documents, collusion, etc.2.Fraudulent use of Active ID Card by Impostera. Lost and unreported ID Cardb. Stolen ID Card (and possibly PACS PIN) prior to reporting as stolenc. Cloned ID Card (and possibly PACS PIN)d. Spoofing biometrically enabled ID Card3.Uncontrolled Revoked ID Carda. Local Privileges not removed with knowledge of ID revocationb. Local Privileges not removed due to absence of knowledge of revocation (e.g. transient employees with PACS Interoperable ID Card)
i. Failure to report revocation by sponsor to issuerii. Failure to report revocation by issuer to central services iii. Failure to request revocation information from central serviceiv. Failure to disseminate revocation information to PACS decision pointsv. Failure to validate revocation status at decision point
c. Gain access at unattended, PACS controlled entry point using piggybacking (incidental)d. Gain access at unattended, PACS controlled entry point using piggybacking (collusion)e. Gain access at attended (not PACS controlled) entry point (photo sufficient likeness, human Identity verification error by attendant, attendant not diligent, etc.) (NOTE: italicized items are not IdM-CIS related issued, but rather are PACS related or external)
EAA/TSP
Checkpoint
OPSPublic
TerminalArea
SterileTerminal
Area
Secured Area&
SIDA
Air Operations Area(AOA)
LANDSIDE(Parking &TerminalEntrance)
Gate
Employee Parking
Cargo / Mail
Remote orin-Terminal..
FBO / GA
Catering
Apt Maint &Vehicles Trash
ARFF/Structural
AircraftMaintenanceSCA-3
300 Ft
ConstructionVehicles & Changes
Military & Joint Use
VendorSuppliesSCA-3
300 Ft
FIS
VIP
LEO G
G
G
TaxiBus
Limo
CourtesyVans
Rental Cars Train
Train
CHRC/ID
ACS
Escort
Challenge
T&D
DDR
Exit
A
T
C
•Curbside checkin
Utility tunnel
FuelNatural Barrier
5 Security Solutions & Services
May
14,
200
8Who Owns the Problem?
By regulation and current law – AirportsFull ID verification to make an access decision
ID Proofing may have been done by the employer
Threat assessmentFederal componentLocal component
Issuance, activation and revocation
In the futureID Proofing by DHS?Why are airports liable for the failure of EEV, STA, SAVE, etc.?
6 Security Solutions & Services
May
14,
200
8Many Parallel Events
14.March.2008 - Federal Identity and Credentialing Committee’s architecture working group published the draft Back-end Attribute Exchange Architecture and Technical Specification (BAE Spec)1.April.2008 - National Institute for Standards and Technology published Special Publication 800-116 (SP800-116) in draft form2.April.2008 - AAAE forms the Biometric Airport Security Identification Consortium (BASIC)29.April.2008 - RTCA Special Committee 207 voted approval and completion of its work on the revisions to the DO-230A. This work is anticipated to publish as the DO-230B in June.2008.29.April.2008 - The TSA just published to airports their draft Aviation Credential Interoperability Solution (ACIS) Technical Specification to the aviation community7.May.2008 – HR 5982??? – HSPD ?
7 Security Solutions & Services
May
14,
200
8Congressional
H.R. 5982 - The Biometric Enhancement and Airport-Risk Reduction (BEAR) Act of 2008The bill requires:
The Transportation Security Administration (TSA) to study existing and proposed industry programs that enhance our biometric security systems at airports. TSA to study how airports can transition to uniform, standards-based and interoperable biometric identifier systems for airportworkers with unescorted access.TSA to submit to Congress a breakdown on best practices for issuing biometric credentials for airport workers. The Secretary of Homeland Security to spearhead a working group with industry stakeholders to strengthen private and public partnerships as they support the Secretary and Assistant Secretary in carrying out this Act.
8 Security Solutions & Services
May
14,
200
8ID and Systems – managing the risk
RTCA DO-230B takes a System of Systems approach
Offensive strategies for positive controlsIdM-CISPACS
Defensive and response strategiesIntrusion Detection and Perimeter DetectionVideo Surveillance
Central to allCommunications infrastructureSecurity Operations Center (SOC)
New territoriesInteroperable credentials
9 Security Solutions & Services
May
14,
200
8What is the key driver?
Identity Assurance for an access decision
FIPS 201 compliant technology and processesCredentials defined have three missions
Personal Identity Verification (biometrics)Physical Access – PACSLogical Access (PKI) – LACS
FIPS 201 is critical enabling technologyDefines opportunity for
Convergence between PACS and LACS
More importantly – Identity Assurance
10 Security Solutions & Services
May
14,
200
8Depending on your point of view…
HSPD-12 drove Federal Agencies to converged IDExtensive use of PKI in Federal applicationsFIPS 201 was driven by PKI policies and methodsPACS was secondaryFocused on interoperability across the federal enterprise
Aviation environment defined by DO-230BDriven by Physical Access for safety and security of airport facilities and personnelLogical access using PKI is mentioned, but not exploited
In airports, interoperability is _not_ requiredFor the moment, that is
FIPS 201 is upside down!
11 Security Solutions & Services
May
14,
200
8Consider the Opportunities
Identity AssuranceConfidence in WHO we are granting access to assets
ConvergenceOne person, one ID card, common understanding of accessRevoke the ID card, revoke all access to the airport’s networks, systems and servicesUsing PKI login
DoD experience: 90% reduction in penetration of critical systems
Coordinated Identification Friend/Foe
13 Security Solutions & Services
May
14,
200
8
IdentityAuthority
Person/ Subject
ApplicationAuthority
Link at enrollment and vetting
Link atprivilege granting
Link at use
AnAnID cardID card
asserts theasserts theidentity of theidentity of the
legitimatelegitimatecardholder,cardholder,
but may not grant explicitbut may not grant explicitprivilegeprivilege
Identity Assertion
Identity Assertion
Subject VerificationSubject Verification
Attri
bute
Cer
tifica
tion
Attri
bute
Cer
tifica
tion
TransferTrust
EstablishTrust
•Collect Biographic•Collect Biometric•Collect/examine Breeder•Collect/examine sponsorship•Sign complete enrollment
Data
•Evaluate Enrollment data •Adjudicate•Resolve disputes•Redress
•STA/CHRC•Revoke
•Check Duplicate aviation wide•Identify local duplicates
•Issue•Renew•Re-issue•Re-Enroll
Federal/State/LocalBusiness Suitability
External revocation
•Print•Personalize•Control Inventory
•Confirm applicant Identity•Finalize card•Confirm operation•Issue
•Receive•Secure prior to issuance •Send/Ship cards
•Send enrollment
ExternalDuplicate IDService(aviation wide)
PACS/LACSPACS/LACS
Sponsor
Applicant
Cardholder
Bearer
Participant
Subject
Sponsor
Enroll & Approve
Apply
Issue Card
Register to PACS
Cardholder
Authorized Cardholder in ISSA
CardholderImposter
Trusted Agent
Trusted Agent
Trusted Agent
Cert Auth
PACS Federated IDGateway
EnrollmentApplicant
IDMS CMS
Issuance Workstation
Threat/Risk Assessment
Cardholder
Federated IDGateway
Federated ID svcs
DHS/TSA
EAA
TSP
1:n Biometrics
ID Management and Credential Issuance
System
ID Management and Credential
Issuance System
1:n Biometrics
PACS
IDMSCMS
Card Production Facility
Threat/Risk Assessment
EnrollmentApplicantIssuance
WorkstationCardholder
SSP Cert Auth
3rd Party Shared Service Providers
Federated IDGateway
Federated IDGateway
Airport Owner/Operators
Airlines
DHS
-----
Local Law Enforcement
Issuance Workstation
SSP Cert Auth
PACS Federated IDGateway
Enrollment
Applicant
IDMS CMS
Card Production Facility
Participant
RegistrantRegistration Workstation
1:n Biometrics
Cardholder
Threat/Risk Assessment
ID Management and Credential Issuance System
Person ID || Credential Data || Attribute DataPI Pointer Pointer
MinimalID RecordNever divulged
Credential Data TablesDriver’s LicensePassportSocial Security CardTWICACIS credentialSIDA 1 – lostSIDA 2 – expiredSIDA 3 – current…
Attribute Data TablesFingerprint Images
Iris ImagesFacial Image
Fingerprint TemplatesNameAddr
Contact…
StatusAudit Activity
Breeder Documents
Operational/Issued Credentials
IDBinding
Customer Svc Info;
Operational Security Info
Encrypted at rest
Applicant
Registration Workstation
IdM-CIS
SSP Cert Auth
Federated IDGateway
PACS Federated IDGateway
Applicant
Registration Workstation
IdM-CIS
SSP Cert Auth
Federated IDGateway
PACS Federated IDGateway
Enrollment
ApplicantAccess Card
Applicant
Registration Workstation
IdM-CIS
SSP Cert Auth
Federated IDGateway
PACS Federated IDGateway
Federated IDGateway
Attributes
SSP Cert Auth
IdM-CISFederated IDGateway
Applicant
24 Security Solutions & Services
May
14,
200
8Summary about Interoperable ID
ID is not the end gameNeed both offense and defense involvedRecognize challenges of our real world securityNot just about “me”, more about “situational awareness”
Interoperability is an end game – the critical toolEnables management of situationsReduces costs, security risksImproves efficiency
Shared Services are criticalDuplication checking reduces ID fraud and known risks
Secure ID can be expensive – Share the load…
25 Security Solutions & Services
May
14,
200
8TSA ACIS
ACIS, in current draft, enablesPhase 1 - Identity Assurance, through a standardized ACIS credential and trust model, supporting local decisions for access controlPhase 2 - Field challenge programs for identity within an airportPhase 3 - Over time, the opportunity for an interoperable access tool
Carefully designed, it does not specify contactless operations until phase 3
Allows use of existing PACS infrastructureSupports migration planningAllows time for interoperable contactless biometric application to be developed
26 Security Solutions & Services
May
14,
200
8BASIC
BASIC Concept of Operations thumbnail: Airports participating in BASIC have identified several key principles that must be part of any future biometric-based badging and access control systems, including:
Safeguards on local control and issuance of credentials,Leveraging of existing capital investments and resources,Open architecture and local determination of qualified vendors, andPhased implementation that migrates over time.
No public meetings yet. These are anticipated soon. Should gain significantly from prior art
RTCA DO-230BACIS specificationRTIC process (not necessarily resulting spec)
27 Security Solutions & Services
May
14,
200
8Concerns to Manage
FederationWhen and if it is needed
Privacy and securityOf the information in the credentialOf the information in databases/on networksOf the information printed on the credentialAgainst attackersBy policy and law
Weighed againstOperational needExpectations of the bearer
28 Security Solutions & Services
May
14,
200
8ID coming to you
Federal Initiatives advance around FIPS 201Drives lower costs of total system ownershipMitigates risks for fraudulent access
Impacts parallel environmentsHospitalsAirportsEnterprise seeking to do business with GovernmentEnterprise with extranet relationships
Opportunities to exploit OpenIDUse of a secure ID in your customer relationship
29 Security Solutions & Services
May
14,
200
8Significant Areas Yet to be Addressed
Identity Assurance technology for interoperability is there
Policies and cultures yet to be updatedVisual ID challenge programs vs. Electronic challengeTrust infrastructures
Federal Bridge availabilityAccess to NACI or ability to define equivalency
Technologies to finalizeFederated ID gatewaysLook to Back-End Attribute Exchange Specification by GSA AWG
Security Solutions & Services
May
14,
200
8
Thank You!Stephen P. Howard
VP Business Development, Identity ManagementThales e-Security, Inc.