FIPS 201 -- Steps in right direction
For the first time, users have been bold to accept a new technology not really used for the purpose it was invented -- path followed was by defining and standardizing this widely accepted security technology.
The use of smartcard as an identity card for physical as well as logical security for all federal government facilities, computer systems and employees is not only a technically bold move, but also a smart decision, which is a solution designed in response to HSPD-12. Critics have argued that cards although have improved security, invade our privacy, but for the first time they are wrong and the system security architects are right. Isn't leaving your fingerprints on that door you know you opened last a privacy issue? Can we do anything about it? Well, the answer is N ... !!
The best way to design a secure authentication system is by using multi-factor authentication. Use of secure credentials only upon verification of a secret that you know makes the “proper” design of the system even for physical access systems that have high traffic and has strict requirements for small transaction time.
The amalgamation of physical as well as logical security into a dual-interface card leads to the use of cutting edge technology for the use of security. In times prior to FIPS 201, the access cards were either contact or contactless talking at different frequencies 125kHz and 13.56 MHz to the reader. The technology enabler to FIPS 201 for all practical purposes is a dual-interface card, which at least has the capability to transfer the unique holder identifier to the reader through both the interfaces. It couldn't have been thought of better than the way it has been defined for PIV application.
The physical security does pose a threat to reveal the CHUID which is otherwise secured and never let out, but isn't this a convenience factor as well? Encryption of cardholder's unique identity is not the best option because of its adverse affects on the transaction time and the hassle of managing cryptographic keys. The security is built into the specification by limiting the read range to less than 10 cm by specifications. The user's card can be interrogated without his knowledge but then the cards are required to be kept in a protective shield.
FIPS 201 -- possible future enhancements
A. Is the PIV card open for post issuance application download?
If at all the card is open for post issuance, methods to download the application on the card needs to be defined in the specifications. Although, this part is well covered in Global Platform, there is a need for an application level specifications. In present state of specifications, this has been left open and leans towards post issuance download of applications.
B. Why not encrypt communication between card and the reader?
Even though the distance between the reader and PIV card in the field can't be more than 10 cms. there have been concerns about snooping the CHUID and the popular message replay attack. Specification needs to address encryption of the data and its decryption in an interoperable way.
C. What is the best method to swap the credentials if needed.
Well, if the cost of PIV card is this ($$$) much, can't issuers update the card with new set of credentails? A method to retain the container and update credentials has not been defined or thought of in the specifications.
D. Definition of the format from the card readers to the access control systems have not been clearly defined and detailed.
Although this is PACS implementation dependent, the specifications addendum may address this to cover all holes in the inter-operability issues. In most cases, the reader to controller interface is a Weigand, however, there are some systems that use F/2F as well. There needs to be a common standard which will help protect the investment of Federal agencies.
E. Its a popular misconception that the expiration date is not required for visitors to be given access, but this misconception is a mis---conception.
The specification does mention that they are necessary and required for all roll outs.
---
Posts
0 comments:
Post a Comment