[The problem]
SecurIntegration stores a large amount of confidential data on its servers and client computers. Sensitive information is transferred via the Internet (e.g. via eMail). Last but not least being a security consulting company, SecurIntegration is aware of providing a high security standard in their own company.
This led to finding a solution which allows to protect information from being eavesdropped or changed during transfer or while being stored locally. SecurIntegration found four requirements to be critical for the project’s success:
• Single Sign-On: The respective applications and services to be secured must provide a Single Sign-On functionality which requires the end user to log on only once.
• Recovery functionality:
-- A data loss must not occur under any circumstances.
-- Non-productive user time caused by a loss/damage of authentication information (passwords, keys) must be minimized by a fast recovery process.
• Easy administration: The administrative processes have to be straight-forward and automated as much as possible.
• Extensible: The solution implemented needs to be built in a way that allows a future integration of additional applications and must be scalable for a greater user basis.
[The solution]
SecurIntegration decided to implement a public key infrastructure (PKI). A public key infrastructure is a combination of hardware, software and processes for the generation, usage and administration of cryptographic keys. A PKI serves as a pure basis security provider with no practical use unless PKI-aware applications are implemented as well. SecurIntegration wanted to integrate three main applications during the implementation of the PKI:
- Log-on to the operating system
- Encrypted eMail
- Encrypted data store locally and on file-shares
[Implementation]
SecurIntegration decided to implement their PKI mainly on Windows 2000 basis. With the Active Directory and MS Certificate Services, Windows 2000 provides the core components of a PKI at no extra costs. The Windows 2000 PKI uses X.509v3 compliant certificates. For establishing a high security level, the keys used in the PKI are stored on smart cards. SecurIntegration decided to use Aladdin’s eToken, a smart card in form of a USB stick, because they do not require an additional card reader. Therefore the rollout is reduced to issuing the smart card which already includes the appropriate reader. The following services and applications have been integrated in the PKI:
• User logon to Windows operating system based on digital certificates (Microsoft Smart Card Logon)
• Secure eMail featuring encryption and signature with X.509 certificates on S/MIME basis
• Secure storage of local and centrally stored files using utimaco SafeGuard Private Disk
[Lessons learned]
We found a PKI project to be mainly process design where the main work is to be done in the details. Especially the registration (enrollment) and recovery processes are critical. They have to ensure the integrity of the certificates. The security level of the implemented solution correlates with the quality and security of these processes. The Windows 2000 PKI unfortunately does not provide a decent recovery mechanism. Therefore SecurIntegration had to design an additional process for recovery of the encryption certificates. This process is a critical part as well and needs to cover the four-eye-principle. As Windows 2000 does not support this principle, workarounds had to be found for this. The usage of PKI enabled applications is still often complicated for end users. This means that intensive trainings for the PKI users have to be taken into consideration.
[Future usage]
In the future, SecurIntegration plans to integrate additional application and services into its PKI. The next steps include secure VPN access to the corporate network based on X.509 certificates and certificate-based network logon (IEEE 802.1x). Additionally, future web applications for SecurIntegration’s users will benefit from the existing authentication mechanism. This clearly shows the role of a PKI being a security enabler from which existing and future applications can profit, hereby establishing a higher level of security and trust.
