enisa overview of tsp services security in europe
DESCRIPTION
Analysis of the results of the survey launched by ENISA to the security professionals of the Trust Service Providers in Europe. Security of services like Time-Stamping, Long time preservation of e-Signatures, e-Validation, e-Document storage, etc. are analysed. Recommendations to improve their security are given.TRANSCRIPT
European Union Agency for Network and Information Security www.enisa.europa.eu
TSP services, standards and risk analysisTrusted e-ID infrastructures and services in EUProf. Manel Medina (ENISA), Alex Elices (Athos Consulting)
Brussels, September, 24th 2013
European Union Agency for Network and Information Security www.enisa.europa.eu 2
Contents
• Context• Survey• Services• Standards• Risk Analysis• Recommendations summary• Pending issues
European Union Agency for Network and Information Security www.enisa.europa.eu 3
Context
• Proposal for a new Regulation on eID and Trust Services for electronic transactions.
• Current Directive 1999/93/EC on a Community framework for e-signatures.
• Provisions regarding the security requirements applicable to TSPs.
• ENISA works on 2013 on a series of studies:– The security aspects of trust service providers issuing
electronic certificates.– Security and interoperability aspects specific to the new
trust services foreseen in the proposed Regulation.
European Union Agency for Network and Information Security www.enisa.europa.eu 4
Survey
• Participants: EU TSPs • Scope: services they offer, security practices, standards used,
interoperability issues and type of risks related with their operation.
• The study is focused on the services whose provisions will be regulated in the new Regulation:– Electronic Time Stamps (TS)– Electronically signed documents storage or management
(eDoc)– Electronic delivery services (eDeliv)– Validation of electronic signatures (eVal)– Long time preservation of electronic signatures (LTP)
European Union Agency for Network and Information Security www.enisa.europa.eu 5
Survey
• The universe of the survey is 51 TSPs corresponding to 20 EU Member States.
• Invitations were made mainly through national regulators of certification service providers and the trust services lists they produce.
European Union Agency for Network and Information Security www.enisa.europa.eu 6
Services: Type of service provided
• Almost all provide certificates as well as other services.• They are already used to implement certification schemas.• 67% of TSPs offer services to both Public and private sector.
REC1: CSP Certification schemas could be extended to other TSP services to have harmonised criteria of QoS and SLA guidelines.
European Union Agency for Network and Information Security www.enisa.europa.eu 7
Services: Scope of certificates
REC2: Cross-border interoperability has to be promoted.
European Union Agency for Network and Information Security www.enisa.europa.eu 8
Services: Authentication mechanisms
REC3. The strength of the authentication mechanism should be proportional to the criticality of the accessed services.
European Union Agency for Network and Information Security www.enisa.europa.eu 9
Services: Platforms used
REC4. Promote the implementation of clients to be executed in the customer computer with web-service access to TSP (https unsafe)
European Union Agency for Network and Information Security www.enisa.europa.eu 10
Services: Documents storage in the TSP’s servers
The difference can be explained because of the nature of the services.
REC5. The impact of this practice in the adequate security mechanisms to be adopted recommends to define different profiles of the service provision in each case.
European Union Agency for Network and Information Security www.enisa.europa.eu 11
Standards: Security Management standards
BCM: Low use of the ISO standard, although 80% have BCP documents.
REC6. BCM standards should be promoted to address the ‘unavailability of the services’ type of risk.
European Union Agency for Network and Information Security www.enisa.europa.eu 12
Standards: Audits
European Union Agency for Network and Information Security www.enisa.europa.eu 13
Standards: e-Signature standards
REC7. Achieve full interoperability, reaching the 100% of acceptance of standards.
European Union Agency for Network and Information Security www.enisa.europa.eu 14
Standards: Time Stamping services
This is the service most offered in the survey (93%).
REC8. Although self-generated main time source is low used, it should be taken into consideration in the specification of the quality of a Time Stamping service.
European Union Agency for Network and Information Security www.enisa.europa.eu 15
Standards: Validation services
European Union Agency for Network and Information Security www.enisa.europa.eu 16
Standards: Long Time Preservation services
Adding CRL/certificates is preferred more than only references
REC9. The dispersion of standards used implies that best practices must be defined.
European Union Agency for Network and Information Security www.enisa.europa.eu 17
Risk Analysis
• Probability, Impact and Risk Values have been normalised to 100% for uniformity.
• 100% means the worst, but in most cases has been reported as 3/5, i.e. medium probability or impact.
• The aim is to identify areas where actions need to be taken, because they are weakest of the scenario.
• Deviation of responses indicates:– Confidence of the result.– Need to harmonise views.– Need of guidelines implementation.
European Union Agency for Network and Information Security www.enisa.europa.eu 18
0
20
40
60
80
100
120
Rela
y on
not
-upd
ated
cer
tifica
te r
evoc
ation
info
rmati
on /
eVa
l.
The
evol
ution
of c
rypt
ogra
phy
/ LT
P
Una
vaila
bilit
y of
ser
vice
/ e
Val.
Una
vaila
bilit
y of
ser
vice
/ e
Doc.
Web
site
/ w
eb s
ervi
ce im
pers
onati
on /
eD
oc.
Lose
or
alte
ratio
n of
evi
denc
es in
cha
in o
f tru
st /
eD
oc.
End
user
impe
rson
ation
/ e
Doc.
Com
prom
ise
of th
e m
ain
time
sour
ce /
TS
Send
er o
r Rec
eive
r im
pers
onati
on /
eD
el.
Una
vaila
bilit
y of
the
mai
n tim
e so
urce
/ T
S
Rela
y on
not
-upd
ated
cer
tifica
te r
evoc
ation
info
rmati
on /
LTP
Lose
of a
ccur
acy
of th
e m
ain
time
sour
ce /
TS
Lose
or
alte
ratio
n of
evi
denc
es in
cha
in o
f tru
st /
LTP
Web
site
/ w
eb s
ervi
ce im
pers
onati
on /
eD
el.
Lose
or
com
prom
ise
of s
ervi
ce’s
sig
natu
re c
reati
on d
ata
/ eD
oc.
Lose
or
alte
ratio
n of
dig
ital e
vide
nces
/ e
Del.
Lose
or
com
prom
ise
of s
ervi
ce’s
sig
natu
re c
reati
on d
ata
/ LT
P
Lose
or
alte
ratio
n of
dig
ital e
vide
nces
/ L
TP
Lose
or
com
prom
ise
of s
ervi
ce’s
sig
natu
re c
reati
on d
ata
/ TS
Lose
or
alte
ratio
n of
evi
denc
es in
cha
in o
f tru
st /
TS
Rela
y on
not
-upd
ated
cer
tifica
te r
evoc
ation
info
rmati
on /
eD
el.
Lose
or
alte
ratio
n of
dig
ital e
vide
nces
/ e
Doc
.
Una
vaila
bilit
y of
ser
vice
/ e
Del.
Rela
y on
not
-upd
ated
cer
tifica
te r
evoc
ation
info
rmati
on /
eD
oc.
Lose
or
com
prom
ise
of s
ervi
ce’s
sig
natu
re c
reati
on d
ata
/ eD
el.
Global Results Impact valueProb. valueRisk valueDeviation
Risk AnalysisRe
lay
on n
ot-u
pdat
ed ce
rtific
ate
revo
catio
n in
form
ation
eVal
The
evol
ution
of c
rypt
ogra
phy
LTP
Unav
aila
bilit
y of
serv
ice
eVal
Unav
aila
bilit
y of
serv
ice
eDoc
Web
site
/ w
eb se
rvic
e im
pers
onati
oneD
oc
Lose
/Alte
ratio
n of
evi
denc
es in
chai
n of
trus
teD
oc
End
user
impe
rson
ation
eDoc
Com
prom
ise
of th
e m
ain
time
sour
ceTS
Send
er o
r Rec
eive
r im
pers
onati
oneD
eliv
Unav
aila
bilit
y of
serv
ice
TS
Rela
y on
not
-upd
ated
certi
ficat
e re
voca
tion
info
rmati
onLT
P
Lose
of a
ccur
ay o
f the
mai
n tim
e so
urce
TS
Lose
/Alte
ratio
n of
evi
denc
es in
chai
n of
trus
tLT
P
Web
site
/ w
eb se
rvic
e im
pers
onati
oneD
eliv
Lose
/Com
prom
ise
sign
atur
e's c
reati
on d
ata
eDoc
Lose
/Alte
ratio
n of
dig
ital e
vide
nces
eDel
iv
Lose
/Com
prom
ise
sign
atur
e's c
reati
on d
ata
LTP
Lose
/Alte
ratio
n of
dig
ital e
vide
nces
LTP
Lose
/Com
prom
ise
sign
atur
e's c
reati
on d
ata
TS
Lose
/Alte
ratio
n of
evi
denc
es in
chai
n of
trus
tTS
Rela
y on
not
-upd
ated
certi
ficat
e re
voca
tion
info
rmati
oneD
eliv
Lose
/Alte
ratio
n of
dig
ital e
vide
nces
eDoc
Unav
aila
bilit
y of
serv
ice
eDel
iv
Rela
y on
not
-upd
ated
certi
ficat
e re
voca
tion
info
rmati
oneD
oc
Lose
/Com
prom
ise
sign
atur
e's c
reati
on d
ata
eDel
iv
European Union Agency for Network and Information Security www.enisa.europa.eu 19
Risk Analysis
• Lose or compromise of service’s signature creation data: high impact, but low probability and risk.– Adequate measures to prevent it are taken.
0
20
40
60
80
100
120
0 20 40 60 80 100 120
Probability
Impact
Lose or compromise of service's signature creation data
European Union Agency for Network and Information Security www.enisa.europa.eu 20
Risk Analysis• Relay on not-updated
certificate revocation information in eValidation: high risk and probability– Measures are taken:
services through CRLs and OCSP, but they still don’t rely on the quality of the information.
– REC10. Quality of the certificate revocation service should be guaranteed, to allow eVal. services to trust more on them.
– In LTP & eDeliv. Probability of this Risk is much lower, because these services are offered to customers close to the service provider, using credentials issued by close TSP.
European Union Agency for Network and Information Security www.enisa.europa.eu 21
Risk Analysis
• Web site / web service impersonation for eDocuments: high probabil. /high impact:– REC12: User training and
awareness about the risk.– Use of strong credentials in
client and server.– Promoting the implementation
of clients to be executed in the customer computer with web-service access to TSP.
• Unavailability of the service has also high risk, due to high probabil.:– Cloud hosting service providers.
European Union Agency for Network and Information Security www.enisa.europa.eu 22
Risk Analysis
• Evolution of cryptography in Long Time Preservation: high risk and probability– It is out of control: Difficult to
anticipate the evolution of algorithms.
– REC11: The use of 2 algorithmswill help, because breaking twoalgorithms at the same time is less probable.
• Electronic Time Stamp– Compromise of the main time source & Unavailability of the
main time source have large dispersion of values.– REC8. Promote the use of internationally trusted time sources
and define best practices to standardize the QoS through SLAs.
European Union Agency for Network and Information Security www.enisa.europa.eu 23
Recommendations summary
• REC2. Cross-border interoperability of credentials has to be promoted.
• REC3. The strength of the authentication mechanism should be proportional to the criticality of the accessed services, both in client and server.
• REC1. CSP Certification schemas could be extended to other TSP services to have harmonised criteria of QoS and SLA guidelines.
• REC8. Promote the use of internationally trusted main time sources and define best practices to standardize the QoS through SLAs. Although self-generated main time source is low used, it should be taken into consideration in the specification of the quality of a Time Stamping service.
• REC12. Focus on user training and awareness to prevent ‘Web site / web service impersonation’ for eDocuments.
European Union Agency for Network and Information Security www.enisa.europa.eu 24
Pending issues
• In relation with the platform used, promote the implementation of clients to be executed in the customer computer with web-service access to TSP (https unsafe).
• The impact of storing eDocs in the adequate security mechanisms to be adopted recommends to define different profiles of the service provision in each case.
• BCM standards should be promoted to address ‘unavailability of the services’ type of risk / Use Cloud hosting service providers to prevent unavailability.
European Union Agency for Network and Information Security www.enisa.europa.eu 25
Pending issues
• Achieve full interoperability, reaching the 100% of acceptance of eSignature standards.
• The dispersion of standards used in LTP services implies that best practices about standards adopted must be defined.
• Quality of the certificate revocation service should be guaranteed, to allow e-Validation services to trust more on them.
• The use of two PKI/Hash algorithms will help to prevent cryptanalysis , because breaking two algorithms at same time is less probable.
www.enisa.europa.eu
Follow ENISA:
European Union Agency for Network and Information Security
Thank you