The Trusted PKIThe Trusted PKI

Marc LarocheManager, Product Evaluation

marc.laroche@entrust.com(613) 247-3446

2

AgendaAgenda

• The Entrust PKI, an overview

• Evaluation approach

• Common Criteria Certification: Functionality and assurance covered

• What is next? Entrust/PKI v5.0 evaluation

• Summary

Entrust/PKIThe main components

X.500 Directory

CRL

Entrust/Authority

CMDatabase

LDAP

OS

OS

Entrust/PKIThe main components

X.500 Directory

CRL

Entrust/RAEntrust/Authority

CM CM

Database

LDAP

PKIX-CMP

Admin API

OS

OS

OS

Entrust/PKIThe main components

X.500 Directory

CRL

Other Applications

Entrust-Ready Applications

CM

Entrust/RAEntrust/Authority

CM CM

Database

LDAP

PKIX-CMP

Admin API

OS

OS

OS

OS

OS

Other CAs

TM

TM

Evaluation Scope

X.500 Directory

Entrust/Authority

Entrust/RA

Other Applications

CM

CM

CRL

Entrust-Ready Applications

CM TM

Database

PKIX-CMP

ADM API

TM

Evaluation Scope

X.500 Directory

Entrust/Authority

Non Entrust-Ready Applications

CM

CRL

Entrust-Ready Applications

CM TM

Database

PKIX-CMP

ADM APITM

Entrust/RA

CM

TM

TM

Evaluation Scope

X.500 Directory

Entrust/Authority

Entrust/RA

Non Entrust-Ready Applications

CM

CM

CRL

Entrust-Ready Applications

CM TM

Database

PKIX-CMP

ADM API

TM

TM

Evaluation Scope

X.500 Directory

Entrust/Authority

Entrust/RA

Non Entrust-Ready Applications

CM

CM

CRL

Entrust-Ready Applications

CM TM

Database

PKIX-CMP

ADM API

• User identification and authentication

Entrust/PKI 4.0a Certification:Evaluated Functionality

Entrust/Authority

Entrust/RACM

CM

End-Entities

ADM API

Other CAs

PKIX-CMP

• User identification and authentication– User I&A before any action (FIA_UID.2 and FIA_UIA.2)

– Password rules (FIA_SOS.1)

– Single use authentication for user initialization, key recovery and enabling of CA cross-certification (FIA_UAU.4)

– Enforced re-authentication to complete sensitive operations and after session time-out has occurred (FIA_UAU.6)

– Protected authentication feedback (FIA_UAU.7)

– Authentication failure handling (FIA_AFL.1)

• Access Control

Entrust/Authority

Entrust/RACM

CM

End-Entities

ADM API

Other CAs

PKIX-CMPData

Functions

Access ControlMediation

•User Id•Role•Privileges

• Access Control– Complete access control on CA data objects (e.g. CA

signing key, user privilege vector, policy, etc) and functions (FDP_ACC.2)

– Security attribute based access control (i.e. user id, role and permissions) (FDP_ACF.1)

– Secure management of security attributes, including access control and enforcement of secure values (FMT_MSA.1, FMT_MSA.2, FMT_MSA.3, FIA_ATD.1)

– Secure management of security enforcing data objects (e.g. integrity check rate, database encryption algorithm, CA signing algorithm, etc.), including access control and enforcement of secure values (FMT_MTD.1 and FMT_MTD.3)

• Separation of duties

Entrust/Authority

Entrust/RACM

CMADM API

PKIX-CMPMaster User

End User

Auditor

Security Officer

Administrator

Directory AdministratorOthers

(Custom-defined)

• Separation of duties– Maintenance of roles and associations between users and

roles (FMT_SMR.2)

– Management of security functions behavior restricted to distinct roles (FMT_MOF.1 and FMT_SAE.1)

• Key Management

TM

X.500 Directory

Entrust/Authority

Entrust/RACM

CM

CRL

End User

CM

Database

ADM APIX.509v3PKCS#1,3FIPS 140-1FIPS 186-1PKIX-CMP

• Key Management– Certificate-based key management that meets the following

standards: X.509v3, PKCS#1 and 3, FIPS 140-1 and 186-1, LDAP, PKIX-CMP (FCS_CKM.2)

– User initialization, key update, key recovery and encryption key back-up IAW PKIX-CMP and FIPS 140-1 (FCS_CKM.3)

– Use of secrets generated by a FIPS 140-1 cryptographic module is enforced (FIA_SOS.2)

• Audit– Audit records are generated for a defined list of events; each

record includes: log number, event description, severity level, user id, user type and state (FAU_GEN.1 and FAU_GEN.2)

– Any modification to audit records is detected (FAU_STG.2)

– Privileged users are provided with the capability to read audit records and look for specific information based on user-defined search criteria (FAU_SAR.1 and FAU_SAR.3)

X.500 Directory

Entrust/Authority

Entrust/RACM

CM

Database

PKIX-CMP

ADM API

CRL

• Trusted Path and Data Protection

X.500 Directory

Entrust/Authority

Entrust/RACM

CM

Other CAs

CM

Database

PKIX-CMP

ADM API

CRL

End Users

• Trusted Path and Data Protection– Communications with remote administrative users, end users

and external CAs are authenticated and protected from modification and disclosure (FTP_TRP.1)

– Communications involved with automatic key management operations (e.g. key update) are protected from modification and disclosure (FTP_ITC.1)

– The access control policy is enforced when data is transmitted and received, and modification, deletion, insertion or replay is detected (FPT_ITI.1)

– Exchanged data is consistently interpreted (FPT_TDC.1)– Generation of evidence of origin for CA certificates, user

certificates, CRLs and ARLs is enforced, and the capability to verify the evidence of origin is provided (FCO_NRO.2)

• Trusted Path and Data Protection (continued)– Generation of evidence that can be used as a guarantee of

the validity of CA certificates, user certificates, CRLs and ARLs is enforced, and the capability to verify evidence of the validity is provided (FDP_DAU.1)

– Data stored in the local database is monitored for integrity errors (FDP_SDI.1)

• Non-bypassability– Security enforcing functions are invoked and succeed before

each function within the CA allowed to proceed (FPT_RVM.1)

• Cryptographic services (Environmental)

TM

TM

X.500 Directory

Entrust/Authority

Entrust/RACM

CM

CRL

End-Users

CM TM

Database

PKIX-CMP

ADM API

• Cryptographic services– Key and secret generation is performed by a FIPS 140-1

validated module (FCS_CKM.1 and FIA_SOS.2.1)

– All plaintext keys are zeroized by a FIPS 140-1 validated cryptographic module (FCS_CKM.4)

– All cryptographic operations, including pseudo-random number generation, short term key storage, encryption/decryption, signature generation and verification, hashing and MAC generation and verification are performed by a FIPS 140-1 validated cryptographic module (FCS_COP.1)

• Abstract Machine Services (Environmental)– Reliable time stamps are provided for own use (FPT_STM.1)

– Audit records are protected against unauthorized deletion (FAU_STG.2.1)

– A security domain for own execution is maintained, which provides protection against interference and tampering by untrusted applications (FPT_SEP.1)

Entrust/Authority

Entrust/RA

CMADM API

PKIX-CMP

AuditCM

Time

Time

OS OS

And what EAL3+ means …• Internal development processes and systems were documented and

reviewed.

• Configuration management (source code, documentation, test plans); evidence that CM is actually used; measures that allow only authorized changes to configuration items.

• Security measures (physical, procedural, personnel and other used to protect the development environment).

• Flaw reporting procedures +

• Problem tracking +

• Product delivery

• Design was documented and reviewed for conformance with claimed functionality.

• Informal functional specification

• High-level design (description of security functions in terms of subsystems and relates subsystems to the functions that they provide; description of the interfaces between these subsystems).

• User documentation was reviewed:

• Installation guidance

• Administrative guidance

• Informal correspondence demonstration was reviewed:

• More abstract representation (claimed functionality) is correctly and completely refined in the less abstract representation (FS and HLS).

• Test plans, test procedures, expected test results and actual test results were submitted and reviewed:

• Demonstrate that each security function was tested against the functional specification in a systematic manner.

• Demonstrate that the tests are sufficient to confirm that the security functions operate IAW the High-Level Design; demonstrate that the internal interfaces are exercised.

• Vulnerability analysis was submitted and reviewed.

• Categorization report was submitted and reviewed.+

• subcomponents are described as security enforcing or not.

Continued ...

• Functionality• Enforced proof of receipt - keys and certificate (FCO_NRR.2)

• Residual information protection (FDP_RIP.1)

• Automated recovery of services (FPT_RCV.2)

• Replay detection - certificate request (FPT_RPL.1)

• Session locking (FTA_SSL.1 and FTA_SSL.2)

• Assurance - EAL-CS2• ADV_SPM.1 Informal TOE security policy model

• AVA_MSU.2 Validation of analysis

Entrust/PKI 5.0 evaluation:Augmented from 4.0a

In summary

• The Entrust/PKI evaluations cover:• cryptographic services• essential public key management functionality• supportive security critical functionality

• The Common Criteria certification serves as a fundamental extension to the FIPS 140-1 process.

• The selected CC assurance components (EAL3+) provide a maximum amount of confidence consistent with existing best practices for COTS development.

TM

Questions?

For more information:http://www.entrust.com/entrust/validation.htm

E-mail: marc.laroche@entrust.comTel: (613)247-3446