1. Utilizing PKI to ReduceBusiness Risks and Costs May 2011 Lim Chin Wan
2. WASTE! WASTE! WASTE!
3. 400%40 Years4 Billion
4. 1 tree makes 16.67reams of copy paper or 8,333.3 sheets
5. Time ismoney!
6. 8 WEEKS!
7. THE ENEMY – PAPER CHASE•Offices with only 11% of their documents in paper spends less than 10 minutes a daylocating information!•However, offices with 52% documents in paper spends more than 2 hours a daylocating information!•For every paper document: • 19 copies are made • 1 out of 20 are lost • 150 hours/year lost looking for incorrectly filed documents • 25 hours are spent recreating documents•IDC reported an enterprise with 1,000 Information Workers spend an average of 3hours a week recreating content which is an average cost per worker per week of $87and $4,501 for a year. This adds up to a staggering $4,500,600 spent annually. TIME LOST CANNOT BE REGAINED!
8. THAT IS A LOT OF WASTAGE!
9. Let’s convertevery paper to digital!
10. PROBLEM SOLVED?
11. The Traditional Paper Approach• Agreements, contracts, application forms etc. – all written on paper• Authenticity – achieved using hand signatures• Confidentiality – achieved using sealed envelopes, couriers etc.
12. Problems with The Traditional Approach• It takes / wastes a lot of time – Preparing paper – Sending paper to various people – Checking it has all arrived• Document Amendments – Resource intensive – Error prone• A False Sense of Security – Documents can be tampered – Signatures can be copied / forged – It is easy to make mistakes – And what about archiving the paper?
13. Problems with Archiving• Paper Archive issues – Expensive – Searching & retrieving is not easy – Misfiling is easy – Disaster recovery is even more expensive• Image Archive – Still expensive – Indexing errors – Large file sizes
14. Cost estimates• How expensive is paper? – Printing: $0.02/page – Transportation: expensive! with prices varying depending on method (courier, postage, fax, etc.) – Scanning: $0.05/page + $15/hour for operator cost – Archiving: $0.02/page + $15/hour for operator cost This is substantial for a large organisation• E-documents avoid these costs but require: – Strong user authentication so you can independently prove who signed, approved etc…both now and in the future – Strong data integrity so any changes to the document invalidate the digital signatures that can be applied
15. From Paper to e-DocumentsThe Risks of Simple Electronic Transactions:• “I did not authorise or send that report !”• “That information is not what I sent !”• “I sent the tender before the deadline not after!”• “I said BUY not SELL”• “Is this the final approved version?”• “Has anything changed?”
16. Approval and Sign Off
17. Why are Trust Services Needed fore-Business?• To prevent fraud – Stop changes to final documents – Mandating sign-off and approval – Clearly identifying the author and approvers – Provide undeniable evidence• Meet legislative requirements – Enable legal acceptance of documents – Strengthen internal and external processes – Ensure traceability, audit and compliance• To enable cost savings and reduce risk – Reduced costs of paper, postage, handling, storageIt must be easy to apply and manage these services
18. One Ring to Rule Them All…
19. Digital Signatures Provide Trust• The provide strong security: – Authenticity: a valid signature implies the signer deliberately signed the associated document – Non-Repudiation: the signer cannot deny having signed a document which has a valid signature – Data Integrity: to ensure the contents of the document have not been modified – Unique: the signature of the document cannot be used with another document – Unforgeable: only the signer can give a valid signature for the associated document• What’s else is required? – How can it be shown to be role or limit authorised? – How easy is it to sign and to verify and be understood?
20. What to Consider in a Solution• A flexible yet easy to implement solution – Provide multiple signing and verification options – Support multiple platforms and languages (Java, .NET) – Provide flexible integration options (API, folders, email) – Handle multiple document types and signature formats to that future needs are covered• Provide effective management so business applications do not need to handle this – Manage all the signing keys and certificates – Manage HSMs and USB tokens and/or soft keys/certs – Manage detailed event and transactional logs to ensure traceability and accountability and reporting – Manage application authorisation for all actions – Provide security with separation from O/S admin staff
21. A Typical Business Solution Architecture
22. What security services are needed? Sign VerifyPDF Documents- Basic signature (visible / invisible) ? ?- Certify Sign ? ?- PAdES basic, timestamp & Long-term signatures ? ?XML Documents- XML DSig (XAdES ES) ? ?- Timestamps (XAdES ES-T) ? ?- Long-term signatures (XAdES X, X-Long) ? ?- Explicit Policy and Archive (-EPES, ES–A) ? ?PKCS#7 / CMS / SMIME- Basic signature (CAdES ES) ? ?- Timestamps (CAdES ES-T)- Long-term signatures (CAdES X, X-Long) ? ? ? ?- Explicit Policy and Archive (-EPES, ES–A) ? ?Historic VerificationOCSP Validation (immediate verify & long term sign) - ?Time Stamp Authority (TSA) Server ? ? ? ? You only need license and use what is needed today
23. What integration options are available Sign VerifyWeb Services- via OASIS DSS XML/SOAP messaging ? ?- via a provided high level .NET API ? ?- via a provided high level Java API ? ?Using a Browser Applet- For PDF, XML, PKCS#7, CMS signing ? ?- Optional PDF Viewer/ Signer/ Verifier ? ?- Local file & Central file hash & sign ? ?Using an intelligent watched folder client- For fast processing of one or more watched folders ? ?Using a gateway for confidentiality- to extract signatures from documents - ?Using a secure email server- to handle emails and/or attachments ? ?Using a workflow sign-off solution- within a SaaS collaboration environment ? ?
24. Where should data security be applied• Protecting information output – signing and timestamping, notarising and archiving services for e- invoicing, statements, acceptances, reports etc• Protecting inbound information – notarising/timestamping and archiving services for any received information for larger organisations• Protecting internal document workflows – signing/approving documents or data to confirm a chain of approval (Server or Client held documents)• Confirming external transactions – Using intelligent web-forms that results in both end-user signing and corporate counter signing – Allowing client documents and files to be signed + uploaded
25. PDF Options Explored• PDF provides a strong format for e-business – World-wide use - since 1993 – A de facto standard for web documents, – A royalty-free specification - anyone can build PDF solutions – Freely available Reader software for anyone to use – A variety of other desktop, Java applet and server products• Now standardised – As ISO standard 32000-1:2008 – As PDF/A ISO 19005-1:2005• Platform independent – displays documents in consistent way regardless of software, operating system or hardware specifications• Good security features – including digital signatures, rights management and encryption
26. PDF Digital Signatures• A good range of security options for multiple uses – Visible and invisible signatures – Multiple signatures – Certify signatures, for controlling further edits to the document (e.g. one-way publishing and form content) – Supports long-term signatures with embedded timestamps and signer revocation information – Supports the latest algorithms SHA-2, RSA & DSA• Free Reader shows the document trust status – Signature verification including certificate validation – Long-term signature verification• PDF attachments are supported – So other file types such as Word, Excel, Visio, etc. can be attached and also protected by the digital signature(s)
27. Signature AppearancesLabels can be All aspects of the signature appearance aretranslated to customisable:otherlanguages - Text item: colour, font type and size and(Unicode) location - graphic images: position, size and order Engineering/Architectural drawings have particular requirements for signature appearances
28. Invisible Signatures Invisible signatures leave the original document unchanged. The signature details are visible only from the signature panel. Useful for some business documents but note printed document will not have any indication that it has been signed.
29. Certifying Signatures Certifying signatures allow you to control further changes to the document Shown in Reader with blue ribbon
30. Signer Certificate Expiry• Documents signed today may need to be verified in two weeks, two months, two years or two decades• “Houston we have a problem” – certificates have a finite lifetime• After a signer’s certificate has expired an existing signature on a document will appear like this:• Long-term signatures are needed
31. Long-term Signatures• Designed to stop certificate expiry or later revocation issues• Long-term signatures prove – When the signature was created (timestamp from a trusted TSA) – The signer’s certificate status at the time of signing• This evidential information is stored inside each signature• Such signatures are referred to as advanced or long-term signatures Validation Authority Time Stamp Authority (TSA) OCSP/CRLs TSP At time of signing the software must: a) obtain the revocation status of her certificate from a Validation Authority b) obtain a timestamp for the document from a Time Stamp Authority c) embed these in a compliant way within the signature
32. Verifying Long-term signatures• First verify the embedded timestamp to determine when the signature was applied (timestamp must be trusted in order to be used)• Then verify whether the signer’s certificate status was valid at time of signing• It doesn’t matter what happened later – this signature was good at the time of signing
33. Server-side Signatures• Server functions – Hashing and signing – Secure management of the keys (optional HSM)• Signer should authorise key use before signing – passwords, biometrics, OTPs, two factor• Where is the document to sign? – May be on the server or may uploading from desktop – Signer should be able to see it before and after signing – Signer should be allowed to save the data locally
34. Conclusions• Long-term signatures are strongly recommended – for any serious business documents or data so that verification can be done offline or without reference to online systems• For historic verification of basic signatures – an online verification service with access to old CRL data is required• Long-term evidence archiving may be needed – for long-lived documents even with a long-term signature!• The document format, signature format and algorithms and key lengths need to be carefully considered• A flexible, well managed security solution is needed that ensures investment protection
35. Summary•Reduced paper storage•Improved retrieval time•Saves paper, printer and toner costs•Improved staff productivity•Improved disaster recovery•Reduce Fraud with PKI•Meet Legislative Requirements
36. Formula for Strong Digital Security firstname.lastname@example.org www.securemetric.comQuestions:Chin Wan LimH : +6 016 261 8925O : +6 03 8996 email@example.com