FIPS 201 Framework: FIPS 201 Framework: Special Pubs 800- Special Pubs 800- 73,76,78 73,76,78 Jim Dray HSPD-12 Workshop May 4/5, 2005
Mar 29, 2015
FIPS 201 Framework:FIPS 201 Framework:Special Pubs 800-73,76,78Special Pubs 800-73,76,78
Jim Dray
HSPD-12 Workshop
May 4/5, 2005
Special Publication 800-73Special Publication 800-73
• PIV card application definitiono NOT a general purpose card platform spec!
• Part 1: Common data model and migration• Part 2: Transition card interfaces• Part 3: End point specification
Part 1: Mandatory Data ObjectsPart 1: Mandatory Data Objects
• PIV credential element objectso Card Capability Container: Discoveryo Cardholder Unique Identifier: PACS 2.2o PIV Authentication Keyo Fingerprint Buffers (2)o Security Object
Part 1: Optional Data ObjectsPart 1: Optional Data Objects
• Optional PIV credential element objectso Printed Informationo Facial Imageo Digital Signature Keyo Key Management Keyo Card Authentication Key
Part 1: Migration IssuesPart 1: Migration Issues
• Some agencies have smart card deployments• Government Smart Card Interoperability
Specification (NISTIR 6887)• Migration path is based on continuity of the PIV
data model• Legacy agencies MAY use Part 2 transition
specification
SP800-73 Part 2SP800-73 Part 2
• Essentially a PIV profile of GSC-IS• Maintains the GSC-IS dual card interfaces
o File systemo Virtual Machine
• Developed by the Government Smart Card Interagency Advisory Board
• Part 2 is informative
SP800-73 Part 3SP800-73 Part 3
• Unified card command interface• Compliant with existing international
standards (ISO 7816)• Technology neutrality: Implementable on
any card platform• Essential features for:
o High degree of PIV card interoperabilityo Future-proofing PIV framework
Part 3: Data ModelPart 3: Data Model
• Data model is common to both Parts 2 and 3
• Different identifiers (BER-TLV) used at the card edge in Part 3
Part 3: Standard NamespacesPart 3: Standard Namespaces
• ASN.1 Object Identifiers in the PIV arc of the Computer Security Object Register at the Client Application Programming Interface
• PIV RID is the root of card Application Identifiers(AIDs)
• BER-TLV tags for data objects at the card interface
Part 3: PIV Card ApplicationPart 3: PIV Card Application
• AID is ‘A0 00 00 xx xx 00 00 10 00 01 00’• Full PIV RID to be published by NIST• Access Control Rules applied to PIV
credential objects• Provides a set of 8 ISO compliant card
interface commands• Restricted functionality in contactless mode
Part 3: Client Application Part 3: Client Application Programming InterfaceProgramming Interface
• Equivalent to GSC-IS Basic Services Interface
• Provides 9 higher level commands• Implemented by middleware• PIV middleware is MUCH simpler than
GSC-IS middleware because card command mapping is not required
Part 3: Reference Part 3: Reference ImplementationImplementation
• Part 3 compliant implementation• PIV card application running in a card
simulator• Middleware• Publicly available• Basis for conformance tests• Estimated completion date June 25
SP800-73 SummarySP800-73 Summary
• PIV II card application and client application programming interface spec
• Informative Part 2 transition specification for migrating legacy GSC-IS deployments
• Normative Part 3 end point specification• All agencies are to reach full deployment of Part 3
PIV cards by the end of their PIV II Phase, regardless of the migration path chosen.
Special Publication 800-78 Special Publication 800-78 OverviewOverview
• FIPS 201 relies on cryptographyo To protect objects stored on the PIV cardo To authenticate the PIV card or cardholdero To authenticate the source and integrity of
status information
Cryptographic Strength Cryptographic Strength RequirementsRequirements
• SP 800-78 mandates a transition from 80 bit strength to 112 bits of strength by 1/1/2011o Cryptographic keys that provide long term data
protection transition by 1/1/2009 to provide two years “forward security”
• Elliptic Curve Cryptography is specified with a minimum of 112 bits of strength (224 bit keys)o Avoid transition issues
Cryptographic Objects Stored on Cryptographic Objects Stored on the PIV Cardthe PIV Card
• FIPS 201 specifiedo Cryptographic keyso Digitally signed objects
• CHUID
• Biometrics
• X.509 Certificates
• SP 800-073 specifiedo Authentication/Integrity Object
Cryptographic keysCryptographic keys
• Asymmetric private keyso PIV Authentication key (Mandatory)o Digital Signature key (Optional)o Key Management key (Optional)
• May support key transport or key agreement
• Card Management Key (Optional)o Symmetric key
• PIV Cardholder Authentication Key (Optional)o May be symmetric or asymmetric
Asymmetric Algorithms for Asymmetric Algorithms for Cryptographic KeysCryptographic Keys
• SP 800-78 limits asymmetric keys to RSA and ECCo RSA must be 1024/2048/3072
• 1024 bit keys phased out by 1/1/2011• Digital signature and key management keys transition by
1/1/2008 to provide for forward security• Authentication keys transition by 1/1/2011 since forward
security is not an issue
o ECC must use a recommended curve from FIPS 186-2• 224 through 283 bit keys• No phase out specified
Symmetric Algorithms for Symmetric Algorithms for Cryptographic KeysCryptographic Keys
• SP 800-78 limits symmetric keys to Triple DES (TDEA) and AESo TDEA must be two key or three key
• Two key TDEA phased out by 1/1/2011
o AES may be 128, 192, or 256 bit keys• No phase out specified
Digitally Signed ObjectsDigitally Signed Objects
• Signatures may be generated using RSA or ECDSAo RSA may use PKCS #1 or PSS padding
schemeso SHA-1, SHA-224, and SHA-256 hash
algorithms• SHA-1 phased out by 1/1/2011
• Phase out depends on card expiration, not signature generation date
SP 800-73 Security ObjectSP 800-73 Security Object
• ICAO Authentication/Integrity Object• Digitally signed hash table
o The table includes a message digest for each of the objects (CHUID, keys, etc.) stored on the card
o Message digests are generated using SHA-1, SHA-224, or SHA-256
• SHA-1 phased out by 1/1/2011o Signature requirements from previous slide
Status InformationStatus Information
• FIPS 201 relies upon digitally signed X.509 CRLs and OCSP responses to distribute status information
• Signatures may be generated using RSA or ECDSAo RSA may use PKCS #1 or PSS padding schemeso SHA-1, SHA-224, and SHA-256 hash algorithms
• SHA-1 phased out by 1/1/2011
• Phase out depends on signature generation date
Special Publication 800-76Special Publication 800-76
• Biometric Data Specification for Personal Identity Verification
• Major issue: Minutia vs. full imageo File sizeo Interoperabilityo Privacy
• Still in draft form
Contact InformationContact Information
Curt Barker ([email protected]): PIV Program Manager
Jim Dray ([email protected] ): SP800-73
Terry Schwarzhoff ([email protected]): NIST Smart Card Program Manager, Standards Lead
NIST PIV Website: http://csrc.nist.gov/piv-project