An
Introduction to Smart Card Based PKI
What
is a PKI ?
Why PKI ?
Digital Certificates
Four parts in a PKI
Basic services
Why use PKI, isn't standard password or encryption-based
technology enough?
Adding Hardware to your PKI-solution - when software encryption
is not enough
A general-purpose PKI
Market push for interoperability
Creating the digital society
A practical example
The Gatekeeper Project
An Introduction to smart card based PKI
Public Key Infrastructure (PKI) is the accepted, global standard for Internet security. It is a system that uses asymmetric encryption and digital certificates to achieve secure Internet services. A PKI generally consist of four parts (see pictures below).
In the physical world, face-to-face transactions, photo identification and even written signatures offer some protection against fraud. However, the Internet remains relatively anonymous, making it harder to know who is at the other end of the network.
The challenge for the Internet economy is to translate the trust conventions of the physical marketplace and make them work online. Public key infrastructure has become the de facto standard for establishing this trust and executing binding contracts over electronic networks.
PKI is a system that uses asymmetric encryption and digital certificates to achieve secure Internet services.
A PKI can be used within almost any networked environment, from an internal corporate network to the World Wide Web. Implementing a PKI brings with it an infrastructure that can be leveraged to achieve secure communication not only across an enterprise but also outside it. The use of a PKI to create legally binding digital signatures means online trade and communication with customers, partners and suppliers can be conducted professionally and safely.
Digital certificates are the online equivalent of physical proofs of identity, such as passports or driving licenses, helping to identify users communicating across electronic networks. Unique to each individual, a digital certificate may be held on a hard disk, diskette, or, for the ultimate in tamper-proof security, a cryptographic smart card. Digital certificates are the essential element of a PKI. It is issued by a trusted third party, a bank for example, to authenticate the holder.
There are several uses for digital certificates:
Certification handling services will soon be embedded into everyday devices from interactive TVs to mobile phones. PKI is set to become an integral part of the fabric of the networked economy.
A PKI uses a matching key pair, one private and held by the user and one made available on a public directory. Each key performs a one-way transformation of data that can only be reversed by its matching key. The 'Public' key is made available to everyone, a bank for example, whilst the 'Private' key is kept secret and only accessible by the user. By matching these key pairs and using them to decrypt information, or using them to create a digital signature, a user can be authenticated. Such encryption can be used as proof of identity when using the Internet.
A Public Key Infrastructure generally
consists of four parts.
These together form the whole infrastructure for electronic identification and secure electronic business. This is shown in the overview picture below.
Used across a variety of e-business applications, from online banking to shopping, the growing need for digital certificates is opening up enormous opportunities for Certification Authorities (CAs), those organisations responsible for the issuing and management of user certificates.
In the network environment the products and systems in the PKI must be able to perform the basic services on which all relationships and transactions are based. A PKI thus fulfils the four basic principles of a secure Internet:
Authentication -
to identify a user
Verifying that users actually are who they claim they are and
have the authority to access the resource is the process of authentication.
Non-repudiation -
to assure the origin of a transaction
Non-repudiation means users are unable to deny that they have
sent a message or participated in a transaction. Non- repudiation, or the act
of guaranteeing the identity of the issuer, is derived from the public key infrastructure
benefits.
Confidentiality -
to keep information encrypted and secure
The confidentiality service is more or less a cryptographic issue.
None but the communicating parties are able to se an ongoing transaction as
the session is encrypted.
Integrity
Integrity means to prove that information has not been tampered with during
transmission.
User-to-user and business-to-business
With PKI you can secure web-sites but you can also secure business-to-business
and user-to-user transactions (see picture below).
Why use PKI, isn't standard password or encryption-based technology enough?
Password systems are of little value on a mass-scale as they require a great deal of back-office administration. Passwords can also be used stolen or copied, how many times have you seen a log-on password stuck to a computer monitor?! Not very secure. As long as the correct password is entered the vendor has no way of telling if it is really you.
Adding Hardware to your PKI-solution - when software encryption is not enough
A combination of PKI and smart cards is by far the most secure and manageable way of handling user identities. Public key infrastructure (PKI) builds on the protection of the users' private keys. One of the major issues surrounding private encryption keys is where and how to store them. In many cases it is enough to put them on the hard disk and protect them by a PIN code, but this is not the most secure method of storage.
When the highest level of security is needed, a smart card is often the only viable option for storing and executing the private keys. A smart card based PKI makes it possible to avoid theft, tampering or unauthorised use. Smart Cards are easy to use, portable, and can be integrated with a wide range of applications. These include financial on-line services, secure mail, secure web services or virtual private networks (VPN) with solutions it is possible to start out by storing the private keys on a diskette or on a hard disk and then to migrate to smart cards without changes in servers or client software.
Many existing products, such as groupware and messaging systems, provide their own certificate infrastructure. These special-purpose PKIs have their own application-specific management services and key generation providing digital signatures for software users.
Users will ultimately need a general-purpose PKI that can serve many applications. It is important that the client software supports the chosen certificate structure and that it can use a general-purpose PKI. A general-purpose PKI will certify public keys and manage the keys that it and other applications generate. There are several benefits with a general-purpose PKI - lower administrative cost, improved information about users, increased security, and greater trust.
A general-purpose PKI should support secure business-to-business and secure user-to-user transactions.
Market push for interoperability
As PKI becomes the standard security infrastructure for the Internet economy is has to 'just work'. There are a number of international industry bodies and forums, all established with the express purpose of bring uniformity and international standardisation to the world of Internet security and e-commerce. This means that interoperability is becoming very important and this is what is reflected in a number of market initiatives to strive for interoperability like the PKI Certification Forum of Australia.
Open standards also mean faster implementation - solutions can be easily integrated into the existing infrastructure. A PKI based on open standards should make it possible to add security to existing solutions without introducing more complex services from a user perspective. An open PKI should offer more flexibility, functionality, security, less administration, and finally, lower costs.
With national governments moving to make digital signatures legally binding, the future penetration of PKI into the mass market is without question.
Firstly Alice and Bob must provide valid identification to a Certification Authority (CA) who will, once satisfied with their credentials, generate a key pair that will be used for both signing and encrypting electronic communicants. The key pair consists of a public key, kept on a server accessible on the Internet and a private key pair usually kept in a secure device such as a smartcard.
Alice then wants to send an email to Bob, both Alice and Bob have their own private keys and public keys. The public keys are kept on a database that both can access while each keep their private key safe in a SmartCard. Alice proceeds to write an email to Bob then she inserts her SmartCard into the reader attached to her computer. She selects the sign and the encrypt option available in her mail application. The system prompts Alice to enter her private PIN in order to access her private key. Once the application has verified that the user is indeed Alice it uses her private key to sign her email.
Next the application looks up the recipient in her Addressbook, in this case it is Bob. The system then searches the common directory available on the Internet, for Bob's public key. Once found it uses Bob's public key to encrypt the email, now the email is both signed and encrypted and can be sent to Bob. Along with the email, Alice's public key is also sent.
Upon receiving the email on Bob's computer, Bob's mail program will look at who has sent the email, in this case it is Alice. If Bob's mail application has not associated Alice's public key with Alice in his Addressbook, the mail program will do so, in this way any further email from Alice can be processed more quickly. Now since Alice has encrypted the email with Bob's public key only Bob's private key can decrypt it, this ensures that only Bob will be able to read Alice's email. To gain access to Bob's private key the system requires that Bob inserts his SmartCard into the reader attached to his system. Bob's private key is then used to decrypt the email. Finally, Alice's public key is used to ensure that it really is Alice's digital signature, once it has verified the signature, Bob can be certain that the message was sent by Alice.
Gatekeeper is the Commonwealth strategy for the use of Public Key Infrastructure (PKI) and a key enabler for the delivery of Government online. Gatekeeper also leads by example to encourage the uptake of e-commerce in the private sector.
The GATEKEEPER project focuses on the implementation of technology, but its major impact will be on the way agencies are able to do business electronically. GATEKEEPER should therefore be viewed principally as an enabling activity for business processes.
GATEKEEPER aims to establish a rationalised voluntary mechanism for the implementation of PKT by agencies. It will facilitate interoperability and allow users to choose from a panel of service providers whose products and methods of delivery have been evaluated and accredited to meet prescribed government standards for integrity and trust.
PKT to these standards will be available to everyone who wishes to conduct online transactions with Commonwealth agencies, in circumstances where authentication and or confidentiality are required. This includes industry and the public on matters as diverse as doing business with the Commonwealth and the receipt of Commonwealth services. The strategy also provides for assurance of online transactions within and between Commonwealth agencies.
State Governments are adopting GATEKEEPER standards for transactions between and with its agencies.