Privacy PKI: Improved Security System for Public Administration

Published on March 2017 | Categories: Documents | Downloads: 29 | Comments: 0 | Views: 113
of 3
Download PDF   Embed   Report

Comments

Content

Copyright © 2007 ISACA. All rights reserved. www.isaca.org.

Privacy PKI:
Improved Security System for Public Administration
By Bálint Molnár, Ph.D., and Andrea Kõ, Ph.D.
Technology should provide services even in distributed or federated cases, by which the partners—PA and citizens— could build up a mutual trust relationship. There is a very critical and significant difference in the use of PKI by public enterprises, especially the internal utilization of PKI for the secure and reliable communication and business management among an organization’s staff members.2 The difference is in the privacy and protection of personal data. A person can be identified unambiguously or with high probability using some natural bits of information, e.g., given name, second name. There are some identification numbers or character strings used within certain sectors of PAs, such as tax numbers, social insurance numbers or personal identification PKI Technology as an Improvement numbers. These unambiguous and easy-to-handle identifiers Opportunity for E-government cannot be used together because of the legal restrictions in The traditional identity management methods that have some countries and jurisdictions, and they cannot be stored in been in use are neither secure nor comfortable. The PKI the same data store or linked to each other. This is true, in a architecture provides services that are rooted in the available broad sense, for the member countries of the European Union information technology (IT). Regarding all business processes (EU), albeit with slight differences. associated with PKI, the requirements for process If a citizen obtains a digital certificate at one of the improvement and the opportunities for enhancing the existing commercial certification authorities (CAs) for managing business and software processes should be investigated. his/her business with the PA, the public For political and economic reasons, there directory of the CA will not contain other Traditional identity is a strong pressure to implement more PA data. Optionally, the name of organization, services using IT—e-government services. management methods that department/business unit, country code, Remote access to e-government services makes it necessary for citizens to identify have been in use are neither identification number/serial number, or the city or town may appear as public and authenticate themselves in a reliable and information. The publication of these data is secure nor comfortable. secure manner that ensures mutual trust for somewhat risky because of privacy issues, both the PA and the citizens. unless the person gives permission for the publication. The PKI technology developed during the last decades has public key and the serial number of the certification at a achieved success. However, the PKI technology has particular CA can be considered as an unambiguous, unique accomplished only modest success in the relationship of identifier of a person. For identification and authentication, citizens to government in the form of e-government. these data seem to be perfect. However, what does the public The problem is that even if the most recent PKI technology is key identify? The popular view is that the person is identified, used, PKI cannot guarantee the authentication and authorization but the question is which person is identified. Using the 1 of the identity at the level that is required by PA. Business public key included in the certificate, only the name and processes and the supporting IT for e-government services must maybe the e-mail address of the person are public. What is be reengineered, and the available technology solutions should be the process that can identify unambiguously the person in complemented with appropriate parts. The concept of identity this situation? Generally, the available information is not background checking should also be leveraged. The most sufficient for unambiguous identification, as the names important Hungarian regulation approach is found in the Act for (given name, second name, etc.) are not unique. The Procedures of Processes in Public Administration. alternatives are for PA to: Within the relationship between the citizen and PA, there is • Create a central database of e-mail addresses and couple to a requirement for mutual verification and validation of the the specific person identities of partners, usually prescribed compulsorily by law, • Create a central database of public keys and link to the legal environments and/or jurisdiction. specific person There are several technologies available that could provide a • Use the existing central databases of tax numbers, social technical solution. However, a technically satisfying solution insurance numbers and personal identification numbers could collide with local regulation and jurisdictions. rocesses that are related to the identification and the authentication of individuals and legal entities have been functioning for a while in public administration (PA) and business entities. Approaches to identity management solutions vary throughout Europe, as many European countries are at different maturity levels of services. This article concentrates on public key infrastructure (PKI)-related identity management solutions, mainly from a Hungarian perspective. It presents a suggested PKI-based identity management framework, customized for Hungarian specialties.

P

JOURNALONLINE

1

• Map the person unambiguously onto the identifier in each single database. The identifier and public key should be linked together in each database. Disregarding the “Big Brother” approach in which the state collects all personal data, one of the lawful solutions is a voluntary registration mechanism that enables the person and his/her public key within the digital certificate to be linked together. The major task is to find a registration, certification, identification and authentication mechanism that conforms to the international (EU) directives and national laws and regulations. The tax offices and the social insurance agencies have similar databases containing the identifier that is specific to the sector as well as other items of personal data suitable for identifying the person and considered natural identifiers. There is a temptation to use these databases to support the identification and authentication within each sector of PA involved in e-government and using PKI technology. Joining the public key of a person’s certificate and the identifier specific to a particular sector of PA seems to be a feasible approach, with the rationale that the public key is public—nomen est omen— and it doesn’t jeopardize the person’s privacy. However, there is a serious logical fault in this argument. Through the public key of a person’s certificate, all the separate and insulated databases can be joined together by a primitive algorithm without any serious effort. All the activities related to the public administration of a single person could be tracked easily, and the data collection about a person would become trivial. In the EU generally and in the member states specifically, this solution is strictly prohibited by the law and the practice of jurisdiction. A resulting problem area is supporting commercial CAs by creating market for their services.

The Hungarian Solution to Improve the Service and Security of E-government Processes
In Hungary, the Gordian knot of the previously mentioned problem is resolved in the following way (see figure 1): • The request for a certificate enclosing a digital signature and registration takes place at a commercial CA with a conforming rigorous certification policy (CP) that enables the certification holder to do business with government through e-government services (no. 1 and 4 in figure 1). Avoidance of centralization of personal data is automatically guaranteed and designates a movement toward a federated PKI architecture. • At a single CA, the person’s naturally identifying data are stored in a secure database beside the certificate, and only the public data are published in a directory. The certificate contains an indicator that signals the appropriateness for the PA to handle issues through e-government services. The identifiers specific to certain sectors of PA (tax number, social insurance number, etc.) are not stored in the certificate or in the personal registration database—not even in a coded format that might be created by a cryptographic algorithm or a hash function. • The CAs should own by the force of law a so-called certificate revocation list (CRL) site. At this site, the CA should provide specific services to answer yes or no to an identification request from the PA. The CA receives a data package that includes the naturally identifying data of a person, public key and/or the serial number of the certificate. The service carries out a check on the database, retrieves information and unifies to the provided data. If there is a match, the answer is yes; in all other cases, the answer is no (no. 3, 4, 5 and 6).

Figure 1—A Solution for Privacy Safeguarding Using the PKI Approach

End-entity (citizen, partner of PA)
1
Certificate and identifier validation protocol

Internet 4 6 2
Certificate and identifier validation protocol

Certification Database (CD) Comercial CA Certificate Server E-E Database

5

3

E-E Database for the sector A gateway to a service of a specific sector or public administration

2

JOURNALONLINE

• During an interaction with the PA, a citizen can identify himself/herself and try to get authenticated by a certificate enclosing a digital signature. The e-government service of a specific sector requests the sector-specific identifier (e.g., tax number or social insurance number), the public key of the digital signature and some naturally identifying data. The e-government service based on the gathered data calls for an answer from the certificate issuer CA and performs a check on its own internal database. After gaining an answer satisfying and fitting to the available data from both resources (i.e., internal and external databases), the person is authenticated and authorized to execute transactions through the e-government service (see no. 1-6).

Herreweghen, E., et al; “Enterprise PIM Roadmap: Privacy Enhancing Technologies and Identity Management Systems in Enterprises,” 2002 IT Governance Institute (ITGI), Enterprisewide Identity Management—Managing Secure and Controllable Access in the Extended Enterprise Environment, USA, 2004, www.itgi.org Koch, M.; W. Wörndl; “Community Support and Identity Management,” Proceedings of the European Conference on Computer Supported Cooperative Work (ECSCW 2001), Germany, September 2001

Endnotes Conclusion
PA faces a lot of legal issues as the circle that may want to do business with it is not closed and could be regarded as open. The procedures of PA abide by strict regulations, laws and other legalities. For this reason, the e-government service should find the narrow path between the legal opportunities and solutions provided by the PKI technology. The Hungarian approach avoids several pitfalls: • There is no central registration of citizens with digital certificates. • The registration process does not use any sector-specific identifier of the Hungarian PA at the commercial CA. • The certification issued by the commercial CA contains sufficient information for interfaces and automated software solutions at the various sectors of the Hungarian PA. The applied cryptographic procedures related to the PKI technology are widespread, technically sophisticated, sound, reliable and resistant to the known algorithmic attack. The Hungarian solution is technically sound and conforms to the legal environment without any compromise and, therefore, could be considered as the basis for an international approach. Menezes, Alfred J.; P. C. van Oorschot; Scott A. Vanstone; Handbook of Applied Cryptography, CRC Press, 2001 2 Nash, A.; Bill Duane; Celia Joseph; Derek Brink; PKI: Implementing and Managing E-security, USA, Osborne/McGraw-Hill, 2001
1

Bálint Molnár, Ph.D., CISA is a member of the ISACA Academic Relations Committee and a principal consultant, research and course manager, at the Information Technology Foundation of the Hungarian Academy of Sciences, which works for the Hungarian Government as a service provider in ICT consultancy. Molnár is also associate professor at Budapest University of Economic Sciences and Public Administration, where he teaches development of information systems, project management and knowledge-based systems development. Molnár can be reached at [email protected]. Andrea Kõ, Ph.D. is a lecturer at Budapest University of Economic Sciences and Public Administration in the Department of Information Systems. She teaches IT audit, MIS, knowledge management, e-commerce, information systems development, project management and knowledge-based systems development. She is also an ISACA member and academic advocate, as well as a member of the John von Neumann Society for Computing Sciences. Kõ can be reached at [email protected].

References
Architecture Guidelines for Trans-European Telematics Networks for Administrations, IDA Enterprise DG Brussels, September 2004 Gateway to e-Government Success Story, 2001, www.gateway.gov.uk

Information Systems Control Journal is published by ISACA. Membership in the association, a voluntary organization serving IT governance professionals, entitles one to receive an annual subscription to the Information Systems Control Journal. Opinions expressed in the Information Systems Control Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and/or the IT Governance Institute® and their committees, and from opinions endorsed by authors’ employers, or the editors of this Journal. Information Systems Control Journal does not attest to the originality of authors' content. © 2007 ISACA. All rights reserved. Instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. For other copying, reprint or republication, permission must be obtained in writing from the association. Where necessary, permission is granted by the copyright owners for those registered with the Copyright Clearance Center (CCC), 27 Congress St., Salem, Mass. 01970, to photocopy articles owned by ISACA, for a flat fee of US $2.50 per article plus 25¢ per page. Send payment to the CCC stating the ISSN (1526-7407), date, volume, and first and last page number of each article. Copying for other than personal use or internal reference, or of articles or columns not owned by the association without express permission of the association or the copyright owner is expressly prohibited. www.isaca.org

JOURNALONLINE

3

Sponsor Documents

Or use your account on DocShare.tips

Hide

Forgot your password?

Or register your new account on DocShare.tips

Hide

Lost your password? Please enter your email address. You will receive a link to create a new password.

Back to log-in

Close