Smart ID Systems



 Security Whitepaper




           RFID Cards that are Private and Secure Now




WP #4-1, V01     Co...
Not Unique


 RFID Cards that are Private and Secure Now                                                                  ...
RFID Cards that are Private and Secure Now                              Page 2 of 18



   Overview

   This page contains...
RFID Cards that are Private and Secure Now                                   Page 2 of 18




   1.0There is a legitimate ...
RFID Cards that are Private and Secure Now                                 Page 2 of 18

   Skimmer”, by Ilan Kirschenbaum...
RFID Cards that are Private and Secure Now                                 Page 2 of 18

   To the border crossing facilit...
RFID Cards that are Private and Secure Now                                     Page 2 of 18




   2.0The only completely ...
RFID Cards that are Private and Secure Now                                Page 2 of 18




       2.2.User-controlled enab...
RFID Cards that are Private and Secure Now                                Page 2 of 18




   3.0Conclusion --- The new se...
RFID Cards that are Private and Secure Now                                           Page 2 of 18




   4.0Appendix A – G...
RFID Cards that are Private and Secure Now                                        Page 2 of 18

   Card Activation and Iss...
RFID Cards that are Private and Secure Now                                          Page 2 of 18

   Certification Authori...
RFID Cards that are Private and Secure Now                                              Page 2 of 18

   Identification: T...
RFID Cards that are Private and Secure Now                                           Page 2 of 18

   Network: A collectio...
RFID Cards that are Private and Secure Now                                        Page 2 of 18

   Shared Service Provider...
RFID Cards that are Private and Secure Now                                         Page 2 of 18




   5.0Appendix B – Ref...
RFID Cards that are Private and Secure Now                                           Page 2 of 18


   OMB Memorandum M-0...
RFID Cards that are Private and Secure Now                                           Page 2 of 18


   SP 800-53, Recomme...
Upcoming SlideShare
Loading in …5
×

Download Full Whitepaper (Word Doc - 300k) --v

796 views

Published on

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
796
On SlideShare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
14
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Download Full Whitepaper (Word Doc - 300k) --v

  1. 1. Smart ID Systems Security Whitepaper RFID Cards that are Private and Secure Now WP #4-1, V01 Copyright 2006, Biometric Associates, Inc. 18-May-06
  2. 2. Not Unique RFID Cards that are Private and Secure Now Page 2 of 18 Contents 1.0 There is a legitimate privacy and security concern associated with conventional RFID devices. 4 1.1 The Illusion of Providing Security by Restricting Read Range.....................4 1.2 Relay Attacks against Contactless Cards --- Defeating Active Authentication......................................................................................................5 1.3 UHF Cards are More Convenient, but are also Vulnerable.........................6 2.0 The only completely effective solution is to disable the RF transceiver when the device is not in a controlled environment.........................................................................7 2.1. User-Enabled Identity Cards are the Answer............................................................7 2.2. User-controlled enablement solves the problems by completely disabling the RFID function except in the controlled environment where it is used...........8 2.3. Is this solution available now?.....................................................................8 3.0 Conclusion --- The new secure activation devices are effective for the preferred longer-range ID technologies...........................................................................................9 3.1. Secure activation cards are available and can be deployed now..............................9 3.2. RFID devices that authenticate identities should not be deployed without controlled-activation cards..................................................................................9 4.0 Appendix A – Glossary of Terms..............................................................................10 5.0 Appendix B – References.........................................................................................16 Biometric Associates, Inc. Washington DC Office 9475 Deereco Rd., Suite 304 • Timonium, MD 21093 410.252.7210 voice • 410.252.7214 fax Maine Office 26 Columbia Street • Bangor, ME 04401 207.992.2480 voice www.biometricassociates.com WP #4-1, V01 Copyright 2006, Biometric Associates, Inc. 18-May-06
  3. 3. RFID Cards that are Private and Secure Now Page 2 of 18 Overview This page contains a short bulleted outline of the following white paper. • All of the recent generation of RF user identification devices can be read, cloned, and tracked. This is a legitimate privacy and security concern. o Persons with reasonably proficient skills, using only public information, can surreptitiously read, clone, and track contactless identification devices in a way that presents a risk to both individuals and organizations. o Recently standardized cryptographic defenses have been thwarted by new third-party and relay attacks that render them ineffective. • The only completely effective solution is to disable the RF transceiver when the device is not in a controlled environment. o User-controlled enablement solves the problems by completely disabling the RFID function except in the controlled environment in which it is needed. o This secure-activation solution has been developed and is available to resolve the issue now. • The new user-controlled secure activation devices are effective for the preferred longer-range ID technologies o In order to accommodate today’s fast-moving vehicles and pedestrians, ID cards have progressed from the original close- coupled cards to proximity cards, then to vicinity cards, and finally to UHF distance cards. o User-controlled activation provides security for all of these technologies, enabling the latest generation of convenient UHF distance cards to be used securely to protect the nation’s borders for both pedestrians and vehicle drivers. • Secure activation cards are available now and are ready for deployment. o RFID cards with UHF and secure activation control are available today. o There is no need to delay the deployment cards since privacy and security are now protected. o RFID devices that authenticate identities should not be deployed without a controlled activation feature. WP #4-1, V01 Copyright 2006, Biometric Associates, Inc. 18-May-06
  4. 4. RFID Cards that are Private and Secure Now Page 2 of 18 1.0There is a legitimate privacy and security concern associated with conventional RFID devices. The current generation of RF user identification devices can be read, cloned, and tracked. These vulnerabilities originate in the Radio Frequency transmissions, anti-collision protocols and even in the security protocols. In addition, new cryptanalytic attacks on basic access control and authentication mechanisms have made it clear that cryptographically authenticated access controls and encrypted data do not solve the problem. The vulnerabilities are real and the distances at which the attacks can be performed are greater than many RF practitioners previously expected. Radio powered RFID devices have been read at more than five times their nominal range and can be relayed for miles using multiple devices. The process by which this was done did not produce any sensory effects that would make them detectable by the legitimate ID device carrier. Therefore, identity theft and other threats can take place without the victim being aware of them and raising the alarm. 1.1 The Illusion of Providing Security by Restricting Read Range The ISO/IEC 14443 standard calls for a 10 cm read distance from the reader to the card. This permits the reader or interrogator to provide power to the contactless device so that batteries are not necessary. This range is achieved assuming that a regulation ½ watt transceiver is used to excite the card. The first problem is that less conscientious people can arbitrarily raise the transmitted power and extend this distance far enough that an antenna can surreptitiously “skim” the contactless RF device through a plasterboard wall and into a corridor. Direct read attacks, are described by Ziv Kfir and Avishai Wool, in “Picking Virtual Pockets using Relay Attacks on Contactless Smartcard Systems,” http://eprint.iacr.org/2005/052.pdf. We quote from that document the distance versus cost in the table below, noting that the range has been increased to 4-6 feet using commercial readers at 4 watts (next page). Attack Methods Range Cost to attack Skill required Standard per ISO 14443 10 cm 0 Low Current and antenna increase 40 cm $100 Medium Current+antenna+software 50 cm $100 High These distances above have been confirmed by reputable laboratories. Of greater importance to organizations deploying systems, the hacker and academic communities have published papers teaching how-to build skimming devices for 14443A/B cards such as “How to Build a Low-Cost, Extended-Range RFID WP #4-1, V01 Copyright 2006, Biometric Associates, Inc. 18-May-06
  5. 5. RFID Cards that are Private and Secure Now Page 2 of 18 Skimmer”, by Ilan Kirschenbaum and Avishai Wool of the School of Electrical Engineering Systems, Tel Aviv University, at http://eprint.iacr.org/2006/054.pdf. It is not necessary to build your own equipment however; complete long-distance 14443 readers with a 4 to 6 foot range are available for sale using the AVANTE Antenna at: http://www.avantetech.com/RFID%20Pricing.PDF. Therefore, people with reasonably proficient skills, using only public information, can surreptitiously read, clone, and track contactless identification devices in a way that presents a risk to both individuals and organizations. 1.2 Relay Attacks against Contactless Cards --- Defeating Active Authentication The early defense against misuse of proximity cards was to transmit a code to the card and have the card return an encrypted response. Each card has a unique key and it will encrypt the “challenge” differently. The response to such a challenge was cryptographically checked to see if the response was correct, thereby determining if the card was genuine without transmitting the key, itself. The academic community pounced on this and defeated it using a surprisingly simple “relay attack”. Cambridge University extended the distance between the reader and the card indefinitely by making two devices, one to read the card as per the table above, and another to relay the information to the access point. The center link in this chain is a long-range radio link as illustrated below. The attacker can present a dummy card to a border crossing guard as shown on the left and at the same time carry a device with him that radio relays the cryptographic challenge from the interrogator to a second unit shown on the right near a person with a valid card. Since the unsuspecting victim is carrying a valid card, it performs the active authentication and returns the encrypted response on the long distance radio relay. The response is relayed to the first unit shown on the left that acts like a normal contactless card and presents the response to the interrogator. Short range Interrogator Long distance contactless radio relay access WP #4-1, V01 Copyright 2006, Biometric Associates, Inc. 18-May-06
  6. 6. RFID Cards that are Private and Secure Now Page 2 of 18 To the border crossing facility, this looks perfectly normal and the electronic authentication system reports that that the person presenting the dummy card is the unsuspecting victim. If the team that carries this out picks a victim that resembles the presenter of the card (in case the border guard checks the face on the display) then the system is still fooled despite the use of the strongest cryptography. Furthermore, the use of strong cryptography gives the organization a false sense of security based upon the alleged strength of the cryptographic algorithm. The report on this attack, describing how to implement the required equipment, can be found at: “A Practical Relay Attack on ISO 14443 Proximity Cards,” by Gerhard Hancke at: http://www.cl.cam.ac.uk/~gh275/relay.pdf Recently standardized cryptographic defenses have been thwarted by new third- party and relay attacks that render them ineffective. What, then, do we do to prevent these attacks? 1.3 UHF Cards are More Convenient, but are also Vulnerable Ultra High Frequency (UHF) RF identification cards use reflective technology to achieve increased read range (like toll booth tags), making them the card of choice for vehicle access at borders and entrances and for identifying both pedestrians and persons in cars. They are ideal for border crossings and facility access portals because they can be presented at a distance in any weather without leaving the vehicle. The delay time is thereby reduced and processing efficiency is maximized. But how does the use of UHF cards affect privacy and security? Surprisingly, very little! • Experience with the 14443 cards taught us that even though the cards had limited nominal range they did not provide privacy or security. Another security mechanism must prevent the surreptitious reading of the card when it is not in the protected environment of an INS station. • Although the UHF cards are an “open” system without cryptography, in fact, the widely published relay attacks can be successful against cryptographic measures with any of the card technologies. In the peculiar world of portable RF identification devices, cryptographic challenge- response technology creates a dangerously false sense of security. Therefore, it matters little what RF technology is used or which standard is being followed, something more is needed to ensure privacy and security. WP #4-1, V01 Copyright 2006, Biometric Associates, Inc. 18-May-06
  7. 7. RFID Cards that are Private and Secure Now Page 2 of 18 2.0The only completely effective solution is to disable the RF transceiver when the device is not in a controlled environment. Although it is possible to sandwich the card between metallic covers or keep it in a radio-opaque (shielded) sleeve, these measures depend upon special protection that will not consistently be used. In fact, credit card companies provided protective sleeves for their cards in response to scratched magnetic swipe problems, but they stopped providing such sleeves when they found that cardholders did not actually use them. The solution is to provide a convenient enablement mechanism within the card. 2.1. User-Enabled Identity Cards are the Answer. User-enabled Identity Cards are ISO/IEC 18000-6:2004 radio frequency identification (RFID) contactless smartcards that operate over extended distances in the 860 MHz to 960 MHz Industrial, Scientific, and Medical (ISM) band. Because ordinary RF card data can be surreptitiously interrogated and cloned for unauthorized access, it is important to make sure that the card is totally disabled and electronically silent until the cardholder activates the card in a protected area. The card contains an activation area around its perimeter that enables the card only when the user squeezes the card. This security feature provides anti-tracking and prevents data reading without the awareness and consent of the cardholder. ISO 14443 cards also can be supplied with the same “edge-enabled” security feature although they are not as appropriate for borders and vehicle access control. The card is inter-operable with other standards compliant contactless card systems because the device fully meets the standards when the card is squeezed by the cardholder. User- Activation Front Back WP #4-1, V01 Copyright 2006, Biometric Associates, Inc. 18-May-06
  8. 8. RFID Cards that are Private and Secure Now Page 2 of 18 2.2.User-controlled enablement solves the problems by completely disabling the RFID function except in the controlled environment where it is used. When a visitor enters the access control facility, he or she simply presses the card and the access control mechanism registers their identity. When the cardholder stops squeezing the card, it is tuned off --- and once more becomes electronically inert. In this way the cardholder protects his or her privacy. When not being used in the access control environment, the device is electronically disconnected and inert. The disabled ID card sits in a wallet or purse along with credit cards without revealing the cardholder’s identity, without responding to tracking signals and without providing any electronic information to be exploited. Both privacy and security are assured. 2.3.Is this solution available now? You bet! The industry anticipated the privacy/security problem and headed it off at the pass. This secure-activation solution has been developed and can be reliably deployed on a large scale. It can be provided for all RF card technologies but is an excellent companion security technology for the new UHF cards that citizens use to efficiently identify themselves and where convenience is important but privacy and security are paramount. WP #4-1, V01 Copyright 2006, Biometric Associates, Inc. 18-May-06
  9. 9. RFID Cards that are Private and Secure Now Page 2 of 18 3.0Conclusion --- The new secure activation devices are effective for the preferred longer-range ID technologies The future lies in cards that work at convenient distances. Over the years, ID cards have progressed from the original close-coupled cards to proximity cards, then to vicinity cards, and finally to UHF distance cards. This meets the needs of today’s fast-moving citizens, whether they are pedestrians, drivers, or passengers. User-controlled activation provides security for all these technologies, enabling the latest generation of convenient UHF distance cards to be used securely to protect the nation’s borders for both pedestrians and vehicle drivers. 3.1. Secure activation cards are available and can be deployed now. These new cards can be supplied now. BAI can mass-produce any number required. It is not some future technology. 3.2.RFID devices that authenticate identities should not be deployed without controlled-activation cards. Since there is no effective alternative, cards should not be deployed to authenticate identities without user-enablement. Since it is available now, there is no need to delay the deployment of such devices. WP #4-1, V01 Copyright 2006, Biometric Associates, Inc. 18-May-06
  10. 10. RFID Cards that are Private and Secure Now Page 2 of 18 4.0Appendix A – Glossary of Terms Access Authorization: The implementation of policies and procedures that establish the rules for granting and/or restricting access to a user, terminal, transaction, program, process, or physical facility. Access Control: The process of granting or denying specific requests: 1) Logical Access Control: obtain and use information and related information processing services such as network resources, computer applications or specific data items; and 2) Physical Access Control: enter specific physical facilities such as building doors, vehicle gates or border crossings. Application: A hardware/software system implemented to satisfy a particular set of requirements. In this context, an application incorporates a system used to satisfy a subset of requirements related to the verification or identification of an end user’s identity so that the end user’s identifier can be used to facilitate the end user’s interaction with the system. Architecture: A highly structured specification of an acceptable approach within a framework for solving a specific problem. An architecture contains descriptions of all the components of a selected, acceptable solution while allowing certain details of specific components to be variable to satisfy related constraints (e.g., costs, local environment, user acceptability). Attribute Authority: An entity recognized by the Federal PKI Policy Authority or comparable agency body as having the authority to verify the association of attributes to an identity. Authentication: The process of establishing confidence of authenticity; in this case, in the validity of a person’s identity and the PIV Card. Authority Revocation List (ARL): A data structure that enumerates digital certificates, including hierarchical and cross-certificates, that were issued to CAs but have been invalidated by their issuer prior to the date that they were scheduled to expire. Automated Fingerprint Identification System (AFIS): A storage, search and retrieval system for finger and palm print electronic images and demographic data. The FBI’s Integrated Automated Fingerprint Identification System (IAFIS) is an extended system being developed to provide ten-print, latent print, subject search, and criminal history request services, document submission, and image request services. Note, however, that PIV fingerprint images transmitted to the Federal Bureau of Investigation (FBI) as part of the background checking process shall be formatted according to the ANSI/NIST- ITL 1-2000 standard [FFSMT] and the CJIS-RS-0010 [EFTS] specification. Biometric: A measurable, physical characteristic or personal behavioral trait used to recognize the identity, or verify the claimed identity, of an Applicant. Facial images, fingerprints, and iris scan samples are all examples of biometrics. WP #4-1, V01 Copyright 2006, Biometric Associates, Inc. 18-May-06
  11. 11. RFID Cards that are Private and Secure Now Page 2 of 18 Card Activation and Issuance: Part of the Identity Management System (IDMS) this occurs after the card has been produced and distributed to the Issuing authority. When the Issuer has established by name and picture identity and also has confirmed by biometric verification that an individual seeking to activate their PIV credential is the same individual who originally applied for the PIV, and then the personalized credentials are written to the card. The Issuer is also responsible for maintaining and protecting the applicant’s personal information and obtaining a signature attesting to acceptance of the card. Card Authentication Key (PIV): An optional key intended for physical access control and can either be an asymmetric (private) or symmetric (public) key. Use of this key does not require explicit action such as the use of a PIN. This is not the same as the PIV Authentication Key. Card Management System (CMS): A system for performing card activation, issuance and card life-cycle control. See: Card Activation and Issuance. Card Management Key (PIV): An optional symmetric key that may be used for personalization and post-issuance card update activities. It is intended to support card activation by Card Management Systems that require it. It may be imported into the card by the Issuer and is only accessible using the contact interface of the card. Cardholder: An individual possessing an issued PIV Card. Certificate Revocation List (CRL): A list of revoked public key certificates created and digitally signed by a Certification Authority. [RFC 3280] Certificate Policy (CP): The administrative policy for certificate management. A CP addresses all aspects associated with the generation, production, distribution, accounting, compromise recovery, and administration of digital certificates. Indirectly, a CP can also govern the transactions conducted using a communications system protected by a certificate-based system. By controlling critical certificate extensions, such policies and associated enforcement technology can support provisions of the security services required by a particular application. Certificate Validation: Users and transactions cannot be trusted until the status of their digital certificate can be validated by checking to ensure that they have not expired or become revoked or suspended. Integrity checks are made by verifying the certificate’s digital signature and certificate path validation procedures check the certificate’s signature against parent certificates. The expiration date is checked and required extensions verified. Revocation and suspension before the expiration date can be checked by reference to certificate revocation lists CRLs or else real-time certificate status checking such as Online Certificate Status Protocol (OCSP). Certification: The process of verifying the correctness of a statement or claim and issuing a certificate as to its correctness. Certification Authority: A trusted entity that issues and revokes public key certificates, CARLs and/or CRLs. WP #4-1, V01 Copyright 2006, Biometric Associates, Inc. 18-May-06
  12. 12. RFID Cards that are Private and Secure Now Page 2 of 18 Certification Authority Revocation List (CARL): A signed, time-stamped list of serial numbers of CA public key certificates, including cross-certificates that have been revoked (a signed and time-stamped CRL). Certification Practices Statement (CPS): A statement of the practices that a CA employs in issuing, suspending, revoking and renewing certificates and providing access to them, in accordance with an organization’s specific requirements. Credential: Evidence attesting to one’s right to credit or authority; in this standard, it is the PIV Card and data elements associated with an individual that authoritatively binds an identity (and, optionally, additional attributes) to that individual. Cryptographic Key (Key): A parameter used in conjunction with a cryptographic algorithm that determines the specific operation of that algorithm. Delta Revocation List (DRL): A list of certificates that have been revoked since the last delta update. Digital Signature Key (PIV): An optional asymmetric private key supporting document signing. It must be generated on the card and operations using this key must use the contact interfaces of the card. A corresponding X.509 certificate shall also be stored on the card. DOT Common Identification System (DOT CIS): This Common Identification System is the Department of Transportation’s response to HSPD-12 (see HSPD-12). End Entity: An entity that uses keys and certificates for creating or verifying digital signatures or for confidentiality. End Entities are key holders, organizations or relying parties. Framework: A structured description of a topic of interest, including a detailed statement of the problem(s) to be solved and the goal(s) to be achieved. This is an annotated outline of all the issues that must be addressed while developing acceptable solutions to the problem(s). This is a description and analysis of the constraints that must be satisfied by an acceptable solution and detailed specifications of acceptable approaches to solving the problems(s). Federal Bridge Certification Authority (FBCA): A collection of Public Key Infrastructure components (Certificate Authorities, Directories, Certificate Policies and Certificate Practice Statements) that are used to provide peer to peer trust among Entity Principal Certification Authorities. Federal Public Key Infrastructure Policy Authority (FPKI PA): A federal government body responsible for setting, implementing, and administering policy decisions regarding PKI interoperability that uses the FBCA. Homeland Security Presidential Directive 12 (HSPD-12): A Presidential Directive which established a policy for a common identification standard for federal employees and contractors to gain access to Federally controlled facilities and logical access to Federally controlled information systems. It also stated the general requirements for the standard and the overall implementation milestones. WP #4-1, V01 Copyright 2006, Biometric Associates, Inc. 18-May-06
  13. 13. RFID Cards that are Private and Secure Now Page 2 of 18 Identification: The process of discovering the true identity (i.e., origin, initial history) of a person or item from the entire collection of similar persons or items. Identifier: Unique data used to represent a person’s identity and associated attributes. A name or a card number are examples of identifiers. Identity: The set of physical and behavioral characteristics by which an individual is uniquely recognizable. Identity Binding: Binding of the vetted claimed identity to the individual (through biometrics) according to the issuing authority. Represented by an identity assertion from the issuer that is carried by a PIV credential. Identity Proofing and Registration (for PIV): Identity Proofing is the process of providing sufficient information (e.g., identity history, credentials, documents) to a PIV Registrar when attempting to establish an identity. Identity Registration is the process of making a person’s identity known to the PIV system, associating a unique identifier with that identity, and collecting and recording the person’s relevant attributes into the system. Identity Management System (IDMS): One or more systems or applications that manage the identity verification, validation and issuance process. Identity Proofing: The process of providing sufficient information (e.g., identity history, credentials, documents) to a PIV Registrar when attempting to establish an identity. Identity Registration: The process of making a person’s identity known to the PIV system, associating a unique identifier with that identity, and collecting and recording the person’s relevant attributes into the system. Identity Proofing The process of confirming or denying that a claimed identity is correct by comparing the credentials (something you know, something you have, something you are) of a person requesting access with those previously proven and stored in the PIV Card or system and associated with the identity being claimed. Issuer: The organization that is issuing the PIV Card to an Applicant. Typically this is an organization for which the Applicant is working. Issuing Certification Authority: In a multiple-level certification hierarchy that include root CAs, optional intermediate CAs, and issuing CAs, the issuing CA is responsible for the user-level certificates. Key Management Key (PIV): An optional asymmetric private key supporting key management and transport. It can also be used as an encryption key and its cryptographic operations must be performed via the contact interface. Use of this key does not require explicit action such as the use of a PIN. If this key is implemented, a corresponding X.509 certificate shall also be stored on the card. Lightweight Directory Access Protocol (LDAP): A client-server protocol for accessing a directory service. It runs over TCP, and can be used to access a standalone LDAP directory service or to access a directory service back-ended by X.500. WP #4-1, V01 Copyright 2006, Biometric Associates, Inc. 18-May-06
  14. 14. RFID Cards that are Private and Secure Now Page 2 of 18 Network: A collection of computers and related devices, connected in a way that allows them to share common resources, such as: data, hardware, and software. Online Certificate Status Protocol (OCSP): An online protocol used to determine the status of a public key certificate. [RFC 2560] Personal Identification Number (PIN): A secret that a claimant memorizes and uses to authenticate his or her identity. PINs are generally only decimal digits. Personal Identity Verification (PIV) Card: A physical artifact (e.g., identity card, “smart” card) issued to an individual that contains stored identity credentials (e.g., photograph, cryptographic keys, digitized fingerprint representation) so that the claimed identity of the cardholder can be verified against the stored credentials by another person (human readable and verifiable) or an automated process (computer readable and verifiable). Must be verified against FIPS 201 and associated SP’s. PIV Authentication Key (PIV): A mandatory asymmetric private key supporting card authentication for an interoperable environment, and is required for each PIV card. This key is generated on the PIV card, cannot be exported, and cryptographic services using this key can only be performed through the contact interface of the card. Private key operations may be performed using an activated PIV Card without explicit user action (e.g., the PIN need not be supplied for each operation). A corresponding X.509 certificate shall also be stored on the card per FIPS PUB 201. PIV Issuer: An authorized identity card creator that procures FIPS-approved blank identity cards initializes them with appropriate software and data elements for the requested identity verification and access control application, personalizes the cards with the identity credentials of the authorized subjects, and delivers the personalized cards to the authorized subjects along with appropriate instructions for protection and use. PIV Registrar: An entity that establishes and vouches for the identity of an Applicant to a PIV Issuer. The PIV Registrar authenticates the Applicant’s identity by checking identity source documents and identity proofing, and ensures a proper background check has been completed, before the credential is issued. Public Key: The public part of an asymmetric key pair that is typically used to verify signatures or encrypt data. Public Key Infrastructure (PKI): A support service to the PIV system that provides the cryptographic keys needed to perform digital signature-based identity verification and to protect communications and storage of sensitive verification system data within identity cards and the verification system. Registration Authority: An entity that is responsible for identification and authentication of certificate subjects, but that does not sign or issue certificates (i.e., an RA is delegated certain tasks on behalf of a CA). Relying Party: A recipient of a certificate who acts in reliance on that certificate and/or digital signatures verified using that certificate. Repository: A repository is a database that stores digital certificates, so that digitally signed messages can be verified for authenticity. WP #4-1, V01 Copyright 2006, Biometric Associates, Inc. 18-May-06
  15. 15. RFID Cards that are Private and Secure Now Page 2 of 18 Shared Service Provider (SSP): A Shared Service Provider (for PKI) is a contracted and fee-for-service managed Public Key Infrastructure service. OMB guidance recommended the use of these services in order to obtain certified and policy-compliant PKI security services on a shared-cost basis. In order to compensate for the lack of direct federal agency controls that can create new risks not present in government- operated systems, the provider must be certified to meet the requirements of the Federal Identity Credentialing Committee (FICC). Subject: An identifier for the certificate owner, for example: "/DC=gov/DC=FAA/OU=People/CN=John Doe". The subject is part of the information the CA binds to a public key when creating a certificate. Trustworthiness: Security decision with respect to extended investigations to determine and confirm qualifications, and suitability to perform specific tasks and responsibilities. User Enrollment (pre-PIV): The User Enrollment process of previous generations of card issuance equipment has become subsumed within the PIV Card Life Cycle activities. Under PIV, user enrollment has become part of the Identity Proofing and Registration process. This process is initiated by a PIV Card Request, then proceeds to the user Identity Proofing and Registration process. After the basic enrollment operations have been completed, the process proceeds to PIV card and credential issuance. Validation: The process of demonstrating that the system under consideration meets in all respects the specification of that system. [INCITS/M1-040211] WP #4-1, V01 Copyright 2006, Biometric Associates, Inc. 18-May-06
  16. 16. RFID Cards that are Private and Secure Now Page 2 of 18 5.0Appendix B – References  "A Practical Relay Attack on ISO 14443 Proximity Cards", Gerhard Hancke, February, 2005, http://www.cl.cam.ac.uk/~gh275/relay.pdf  CIO Memorandum, “Acquisitions of Products and Services for Implementation of HSPD-12”, http://www.cio.gov/ficc/documents/GSAacquisitionHSPD12.pdf  CIO Document, “Shared Service Provider Repository Service Requirements”, January 23, 2004, http://www.cio.gov/ficc/documents/SSPrepositoryRqmts.pdf  Federal PKI Policy Authority (FPKIPA) Website http://www.cio.gov/fpkipa  FIPS PUB 201, “Personal Identity Verification of Federal Employees and Contractors,” www.csrc.nist.gov/publications/fips/fips201/FIPS-201-022505.pdf  FIPS Publication 140-2, “Security Requirements for Cryptographic Modules,” NIST, May 25, 2001. http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf.  GSA Office of Governmentwide Policy Memo of March 3, 2005 requiring a Federal PKI Common Policy Framework, http://www.cio.gov/ficc/documents/GSAsspCIO.pdf  GSA “Federal Identity Management Handbook,” (FIMH), http://www.cio.gov/ficc/documents/FedIdentityMgmtHandbook.pdf  GSA, “Access Certificates for Electronic Services (ACES)”, http://www.gsa.gov/Portal/gsa/ep/channelView.do?pageTypeId=8199&channelPage= %252Fep%252Fchannel%252FgsaOverview.jsp&channelId=-13479  HSPD 12, “Policy for a Common Identification Standard for Federal Employees and Contractors”, August 27, 2004, http://www.whitehouse.gov/news/releases/2004/08/20040827-7.html  ISO/IEC 14443-1:2000, Identification Cards—Contactless Integrated Circuit(s) Cards— Proximity Cards, ISO, 2000, http://www.iso.org/iso/en/CatalogueDetailPage.CatalogueDetail? CSNUMBER=28728&scopelist  RMS, Microsoft Rights Management Services, http://www.microsoft.com/windowsserver2003/technologies/rightsmgmt/default.mspx  NIST Change Number 2004-01, “Certificate Policy for the Common Policy Framework Change Proposal,” http://www.cio.gov/ficc/documents/CPchange200501.pdf.  OMB Memorandum M-03-22, Guidance for Implementing the Privacy Provisions of the E-Government Act of 2002, OMB, September 26, 2003, http://www.whitehouse.gov/omb/memoranda/m03-22.html WP #4-1, V01 Copyright 2006, Biometric Associates, Inc. 18-May-06
  17. 17. RFID Cards that are Private and Secure Now Page 2 of 18  OMB Memorandum M-04-04, E-Authentication Guidance for Federal Agencies, OMB, December 2003, http://csrc.nist.gov/policies/m04-04.pdf  OMB Memorandum M-05-05 Electronic Signatures, "How to Mitigate the Risk of Commercial Managed Services” http://www.whitehouse.gov/omb/memoranda/fy2005/m05-05.pdf  OMB Memorandum M-05-24, “Implementation of Homeland Security Presidential Directive (HSPD) 12,” http://www.whitehouse.gov/omb/memoranda/fy2005/m05-24.pdf  OMB Agency Implementation Guidance for HSPD-12, http://csrc.nist.gov/news-highlights/ OMB-hspd-12_guidance-draft.pdf  OMB Circular No. A-130, Appendix III, Security of Federal Automated Information Resources, http://www.whitehouse.gov/omb/circulars/a130/a130appendix_iii.html  OMB Form I-9, OMB No. 1115-0136, Employment Eligibility Verification, http://www.afd.calpoly.edu/Payroll/Forms/Cal%20Poly%20I-9%2012_19_03.pdf  PACS v2.2, Technical Implementation Guidance: Smart Card Enabled Physical Access Control Systems, Version 2.2, The Government Smart Card Interagency Advisory Board’s Physical Security Interagency Interoperability Working Group, July 27, 2004.  (PKCS #7), Public Key Cryptography Standard #7, “Cryptographic Message Syntax Standard,” ftp://ftp.rsasecurity.com/pub/pkcs/doc/pkcs-7.doc  (PKCS #10), Public Key Cryptography Standard #10, “Certification Request Syntax Specification,” (RFC 2986) ftp://ftp.isi.edu/in-notes/rfc2986.txt  (PKCS #11), Public Key Cryptography Standard #11, V2.20, “Cryptographic Token Interface Standard,” ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-11/v2-20/pkcs-11v2-20.doc  RFC 2401, (IPsec), “Security Architecture for the Internet Protocol,” http://www.faqs.org/rfcs/rfc2401.html  RFC 2560, X.509 Internet Public Key Infrastructure Online Certificate Status Protocol (OCSP), Internet Engineering Task Force (IETF), June 1999. http://www.ietf.org/rfc/rfc2560.txt.  RFC 3280, Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile, IETF, April 2002. http://www.ietf.org/rfc/rfc3280.txt.  RFC 3852, Cryptographic Message Syntax (CMS), IETF, July 2004. http://www.ietf.org/rfc/rfc3852.txt  SP 800-37, Guide for the Security Certification and Accreditation of Federal Information Systems, NIST, May 2004, http://csrc.nist.gov/publications/nistpubs/800-37/SP800-37- final.pdf WP #4-1, V01 Copyright 2006, Biometric Associates, Inc. 18-May-06
  18. 18. RFID Cards that are Private and Secure Now Page 2 of 18  SP 800-53, Recommended Security Controls for Federal Information Systems, NIST, September 2004 (2PD), http://csrc.nist.gov/publications/nistpubs  SP 800-73, Integrated Circuit Card for Personal Identity Verification, NIST, February 2005, http://csrc.nist.gov/publications/nistpubs/800-73/SP800-73-Final.pdf  SP 800-78, NIST, “Cryptographic Algorithms and Key Sizes for PIV, NIST, March 2005,” http://csrc.nist.gov/publications/nistpubs/800-78/sp800-78-final.pdf  SP 800-76, (second draft), NIST “Biometric Data Specification for PIV” (draft 2 for comments, awaits standardization decisions), expected 15 December, 2005, http://csrc.nist.gov/publications/drafts/800-76Draft/sp-800-76_draft.pdf  SP 800-79, “Guidelines for the Certification and Accreditation of PIV Card Issuing Organizations, http://csrc.nist.gov/publications/nistpubs/800-79/sp800-79.pdf  SSL, IETF Draft, SSL Protocol Version 3.0, http://wp.netscape.com/eng/ssl3/draft302.txt  TLS, IETF Draft, TLS Protocol Version 1.1, http://www.ietf.org/internet-drafts/draft-ietf- tls-rfc2246-bis-13.txt  X.509 Certificate Policy for the U.S. Federal PKI Common Policy Framework, Version 2.0, November 1, 2004. http://www.cio.gov/ficc/documents/CommonPolicy.pdf.  X.509 Certificate and Extensions Profile for the Common Policy, http://www.cio.gov/ficc/documents/CertCRLprofileForCP.pdf WP #4-1, V01 Copyright 2006, Biometric Associates, Inc. 18-May-06

×