FIPS 201 Framework: Special Pubs 800-73,76,78 Jim Dray HSPD-12 Workshop May 4/5, 2005.

FIPS 201 Framework:FIPS 201 Framework:Special Pubs 800-73,76,78Special Pubs 800-73,76,78

Jim Dray

HSPD-12 Workshop

May 4/5, 2005

Special Publication 800-73Special Publication 800-73

• PIV card application definitiono NOT a general purpose card platform spec!

• Part 1: Common data model and migration• Part 2: Transition card interfaces• Part 3: End point specification

Part 1: Mandatory Data ObjectsPart 1: Mandatory Data Objects

• PIV credential element objectso Card Capability Container: Discoveryo Cardholder Unique Identifier: PACS 2.2o PIV Authentication Keyo Fingerprint Buffers (2)o Security Object

Part 1: Optional Data ObjectsPart 1: Optional Data Objects

• Optional PIV credential element objectso Printed Informationo Facial Imageo Digital Signature Keyo Key Management Keyo Card Authentication Key

Part 1: Migration IssuesPart 1: Migration Issues

• Some agencies have smart card deployments• Government Smart Card Interoperability

Specification (NISTIR 6887)• Migration path is based on continuity of the PIV

data model• Legacy agencies MAY use Part 2 transition

specification

SP800-73 Part 2SP800-73 Part 2

• Essentially a PIV profile of GSC-IS• Maintains the GSC-IS dual card interfaces

o File systemo Virtual Machine

• Developed by the Government Smart Card Interagency Advisory Board

• Part 2 is informative

SP800-73 Part 3SP800-73 Part 3

• Unified card command interface• Compliant with existing international

standards (ISO 7816)• Technology neutrality: Implementable on

any card platform• Essential features for:

o High degree of PIV card interoperabilityo Future-proofing PIV framework

Part 3: Data ModelPart 3: Data Model

• Data model is common to both Parts 2 and 3

• Different identifiers (BER-TLV) used at the card edge in Part 3

Part 3: Standard NamespacesPart 3: Standard Namespaces

• ASN.1 Object Identifiers in the PIV arc of the Computer Security Object Register at the Client Application Programming Interface

• PIV RID is the root of card Application Identifiers(AIDs)

• BER-TLV tags for data objects at the card interface

Part 3: PIV Card ApplicationPart 3: PIV Card Application

• AID is ‘A0 00 00 xx xx 00 00 10 00 01 00’• Full PIV RID to be published by NIST• Access Control Rules applied to PIV

credential objects• Provides a set of 8 ISO compliant card

interface commands• Restricted functionality in contactless mode

Part 3: Client Application Part 3: Client Application Programming InterfaceProgramming Interface

• Equivalent to GSC-IS Basic Services Interface

• Provides 9 higher level commands• Implemented by middleware• PIV middleware is MUCH simpler than

GSC-IS middleware because card command mapping is not required

Part 3: Reference Part 3: Reference ImplementationImplementation

• Part 3 compliant implementation• PIV card application running in a card

simulator• Middleware• Publicly available• Basis for conformance tests• Estimated completion date June 25

SP800-73 SummarySP800-73 Summary

• PIV II card application and client application programming interface spec

• Informative Part 2 transition specification for migrating legacy GSC-IS deployments

• Normative Part 3 end point specification• All agencies are to reach full deployment of Part 3

PIV cards by the end of their PIV II Phase, regardless of the migration path chosen.

Special Publication 800-78 Special Publication 800-78 OverviewOverview

• FIPS 201 relies on cryptographyo To protect objects stored on the PIV cardo To authenticate the PIV card or cardholdero To authenticate the source and integrity of

status information

Cryptographic Strength Cryptographic Strength RequirementsRequirements

• SP 800-78 mandates a transition from 80 bit strength to 112 bits of strength by 1/1/2011o Cryptographic keys that provide long term data

protection transition by 1/1/2009 to provide two years “forward security”

• Elliptic Curve Cryptography is specified with a minimum of 112 bits of strength (224 bit keys)o Avoid transition issues

Cryptographic Objects Stored on Cryptographic Objects Stored on the PIV Cardthe PIV Card

• FIPS 201 specifiedo Cryptographic keyso Digitally signed objects

• CHUID

• Biometrics

• X.509 Certificates

• SP 800-073 specifiedo Authentication/Integrity Object

Cryptographic keysCryptographic keys

• Asymmetric private keyso PIV Authentication key (Mandatory)o Digital Signature key (Optional)o Key Management key (Optional)

• May support key transport or key agreement

• Card Management Key (Optional)o Symmetric key

• PIV Cardholder Authentication Key (Optional)o May be symmetric or asymmetric

Asymmetric Algorithms for Asymmetric Algorithms for Cryptographic KeysCryptographic Keys

• SP 800-78 limits asymmetric keys to RSA and ECCo RSA must be 1024/2048/3072

• 1024 bit keys phased out by 1/1/2011• Digital signature and key management keys transition by

1/1/2008 to provide for forward security• Authentication keys transition by 1/1/2011 since forward

security is not an issue

o ECC must use a recommended curve from FIPS 186-2• 224 through 283 bit keys• No phase out specified

Symmetric Algorithms for Symmetric Algorithms for Cryptographic KeysCryptographic Keys

• SP 800-78 limits symmetric keys to Triple DES (TDEA) and AESo TDEA must be two key or three key

• Two key TDEA phased out by 1/1/2011

o AES may be 128, 192, or 256 bit keys• No phase out specified

Digitally Signed ObjectsDigitally Signed Objects

• Signatures may be generated using RSA or ECDSAo RSA may use PKCS #1 or PSS padding

schemeso SHA-1, SHA-224, and SHA-256 hash

algorithms• SHA-1 phased out by 1/1/2011

• Phase out depends on card expiration, not signature generation date

SP 800-73 Security ObjectSP 800-73 Security Object

• ICAO Authentication/Integrity Object• Digitally signed hash table

o The table includes a message digest for each of the objects (CHUID, keys, etc.) stored on the card

o Message digests are generated using SHA-1, SHA-224, or SHA-256

• SHA-1 phased out by 1/1/2011o Signature requirements from previous slide

Status InformationStatus Information

• FIPS 201 relies upon digitally signed X.509 CRLs and OCSP responses to distribute status information

• Signatures may be generated using RSA or ECDSAo RSA may use PKCS #1 or PSS padding schemeso SHA-1, SHA-224, and SHA-256 hash algorithms

• SHA-1 phased out by 1/1/2011

• Phase out depends on signature generation date

Special Publication 800-76Special Publication 800-76

• Biometric Data Specification for Personal Identity Verification

• Major issue: Minutia vs. full imageo File sizeo Interoperabilityo Privacy

• Still in draft form

Contact InformationContact Information

Curt Barker ([email protected]): PIV Program Manager

Jim Dray ([email protected] ): SP800-73

Terry Schwarzhoff ([email protected]): NIST Smart Card Program Manager, Standards Lead

NIST PIV Website: http://csrc.nist.gov/piv-project