Presentation is loading. Please wait.

Presentation is loading. Please wait.

GMD, Darmstadt SECUDE, Darmstadt UCL, London MessageDirect, London SSE, Dublin SETECS, Stockholm Entrust, Zürich IAIK, Graz Politecnico Torino CCI, Meppen.

Similar presentations


Presentation on theme: "GMD, Darmstadt SECUDE, Darmstadt UCL, London MessageDirect, London SSE, Dublin SETECS, Stockholm Entrust, Zürich IAIK, Graz Politecnico Torino CCI, Meppen."— Presentation transcript:

1 GMD, Darmstadt SECUDE, Darmstadt UCL, London MessageDirect, London SSE, Dublin SETECS, Stockholm Entrust, Zürich IAIK, Graz Politecnico Torino CCI, Meppen U Salford, Manchester Uni-C, Copenhagen Uninett, Trondheim FCR, Barcelona IJS, Ljubljana 1 Interworking Public-Key Certification Infrastructures for Commerce, Administration and Research Wolfgang Schneider, ICE-CARICE-CAR

2 GMD, Darmstadt SECUDE, Darmstadt UCL, London MessageDirect, London SSE, Dublin SETECS, Stockholm Entrust, Zürich IAIK, Graz Politecnico Torino CCI, Meppen U Salford, Manchester Uni-C, Copenhagen Uninett, Trondheim FCR, Barcelona IJS, Ljubljana 2 Scope of this presentation nObjectives nApplications nSecurity Technology nMajor Achievements nNext Steps nConclusions

3 GMD, Darmstadt SECUDE, Darmstadt UCL, London MessageDirect, London SSE, Dublin SETECS, Stockholm Entrust, Zürich IAIK, Graz Politecnico Torino CCI, Meppen U Salford, Manchester Uni-C, Copenhagen Uninett, Trondheim FCR, Barcelona IJS, Ljubljana 3 ICE-CAR Objectives nPromote technically compatible and interconnectable Public-Key Infrastructures for different applications nFoster development of European security technolgy for e-commerce, intra-organisation communication, research, administration, health care applications nDevelop and deploy interoperable security technology components nSupport real PKI applications and end users nParticipation in the IETF standardisation

4 GMD, Darmstadt SECUDE, Darmstadt UCL, London MessageDirect, London SSE, Dublin SETECS, Stockholm Entrust, Zürich IAIK, Graz Politecnico Torino CCI, Meppen U Salford, Manchester Uni-C, Copenhagen Uninett, Trondheim FCR, Barcelona IJS, Ljubljana 4 ICE-CAR Applications ICE-CAR Applications nPK technology in the German health care system nCertification infrastructure for the European R&D nSecured internet applications with PKIs for the city administration of Torino and other Italian cities (Torino 2000) nCA for SMEs in Greater Manchester nCA services of the PTA in Austria nSecure Multimedia conferencing (with MECCANO) nSecured directory at the British DRA

5 GMD, Darmstadt SECUDE, Darmstadt UCL, London MessageDirect, London SSE, Dublin SETECS, Stockholm Entrust, Zürich IAIK, Graz Politecnico Torino CCI, Meppen U Salford, Manchester Uni-C, Copenhagen Uninett, Trondheim FCR, Barcelona IJS, Ljubljana 5 ICE-CAR Security Technology CA tools, S/MIME clients, desktop security and security toolkits from Entrust, SECUDE and SSE LDAP/X.500 Enterprise Directory Server and Web to LDAP/X.500 Access Server from MessageDirect Java crypto toolkit, Java SSL-3.0 and Java S/MIME tools from IAIK CA servers, cardholder wallet, merchant servers and payment gateway for SET from SETECS Secured video and audio tools from UCL

6 GMD, Darmstadt SECUDE, Darmstadt UCL, London MessageDirect, London SSE, Dublin SETECS, Stockholm Entrust, Zürich IAIK, Graz Politecnico Torino CCI, Meppen U Salford, Manchester Uni-C, Copenhagen Uninett, Trondheim FCR, Barcelona IJS, Ljubljana 6 ICE-CAR Partners nsecurity technology providers ncertification infrastructure service providers nPartners providing applications The 15 partners from 10 countries are a mixture of industrial, research institute and academic, broadly grouped into three categories

7 GMD, Darmstadt SECUDE, Darmstadt UCL, London MessageDirect, London SSE, Dublin SETECS, Stockholm Entrust, Zürich IAIK, Graz Politecnico Torino CCI, Meppen U Salford, Manchester Uni-C, Copenhagen Uninett, Trondheim FCR, Barcelona IJS, Ljubljana 7 ICE-CAR Partners IC GMD, SECUDE IAIK IJS Polito Uninett SSE FCR Uni-C SETECS U Salford DFN UCLCCI Entrust

8 GMD, Darmstadt SECUDE, Darmstadt UCL, London MessageDirect, London SSE, Dublin SETECS, Stockholm Entrust, Zürich IAIK, Graz Politecnico Torino CCI, Meppen U Salford, Manchester Uni-C, Copenhagen Uninett, Trondheim FCR, Barcelona IJS, Ljubljana 8 PKI for the European R&D Certification infrastructure based on X.509v3 has been established in most participating countries Certification hierarchy with a European top (at Uni-C) and national CAs, but other structures can be supported Accessible through and WWW

9 GMD, Darmstadt SECUDE, Darmstadt UCL, London MessageDirect, London SSE, Dublin SETECS, Stockholm Entrust, Zürich IAIK, Graz Politecnico Torino CCI, Meppen U Salford, Manchester Uni-C, Copenhagen Uninett, Trondheim FCR, Barcelona IJS, Ljubljana 9 Torino 2000 Security nThe Torino 2000 project will provide citizens and communal administrations with internet- based communication tools; they need security which ICE-CAR will provide nuse IP over ATM/ISDN napplication choosen is the application for building licenses at the municipality nneed standard tools for web document exchange and secured nPiloting with ICE-CAR tools ongoing

10 GMD, Darmstadt SECUDE, Darmstadt UCL, London MessageDirect, London SSE, Dublin SETECS, Stockholm Entrust, Zürich IAIK, Graz Politecnico Torino CCI, Meppen U Salford, Manchester Uni-C, Copenhagen Uninett, Trondheim FCR, Barcelona IJS, Ljubljana 10 Torino 2000 Security national PKI and security support center: the cities of Modena and Rome EETIC (European Entrapreneurs Telematics Initiative Committee) public PKI with LDAP and TSA within the Torino-2000 project, digital administration at Politecnico di Torino: for students for staff for researchers

11 GMD, Darmstadt SECUDE, Darmstadt UCL, London MessageDirect, London SSE, Dublin SETECS, Stockholm Entrust, Zürich IAIK, Graz Politecnico Torino CCI, Meppen U Salford, Manchester Uni-C, Copenhagen Uninett, Trondheim FCR, Barcelona IJS, Ljubljana 11 Torino 2000 Security every user will have a smart-card and an X.509 public-key certificate interface via PKCS-11 messages via S/MIME on-line services via SSL-based Web, with authorizations handled on the basis of the X.509 certificate public-key computer authentication (NT domain logon, Unix SSL-telnet and SSL-ftp)

12 GMD, Darmstadt SECUDE, Darmstadt UCL, London MessageDirect, London SSE, Dublin SETECS, Stockholm Entrust, Zürich IAIK, Graz Politecnico Torino CCI, Meppen U Salford, Manchester Uni-C, Copenhagen Uninett, Trondheim FCR, Barcelona IJS, Ljubljana 12 German Health Care Security KZV KV Hessen KV Hessen KV Hessen KV Hessen Clearing- center Clearing- center KBV KV KZBV KZV Dentist Medical Pharmacy Computer Center Computer Center Care Other Health Care Provider Other Health Care Provider 100 % 90 % 10 % 100 % 60% - 80 % 20 %- 40 % 100 % ARZ Hospital Computer Center Co-operation Computer Center Co-operation KKKK-RZ Computer Center Computer Center Other Health Care Provider Other Health Care Provider 60% - 80 % Care 20 %- 40 % Hospital Copyright by ITSG GmbH /

13 GMD, Darmstadt SECUDE, Darmstadt UCL, London MessageDirect, London SSE, Dublin SETECS, Stockholm Entrust, Zürich IAIK, Graz Politecnico Torino CCI, Meppen U Salford, Manchester Uni-C, Copenhagen Uninett, Trondheim FCR, Barcelona IJS, Ljubljana 13 German Health Care Security ITSG TrustCenter Health Care Provider Clearing Center of public health insurances certification request X.509 Certificate written request and printed public key fingerprint confirmation

14 GMD, Darmstadt SECUDE, Darmstadt UCL, London MessageDirect, London SSE, Dublin SETECS, Stockholm Entrust, Zürich IAIK, Graz Politecnico Torino CCI, Meppen U Salford, Manchester Uni-C, Copenhagen Uninett, Trondheim FCR, Barcelona IJS, Ljubljana 14 CA for SMEs in Greater Manchester Have set up a CA using Entrust Technology Working with Manchester Training and Enterprise Council and Chamber of Commerce Trying to encourage Small and Medium Sized Enterprises to use the Internet for business data Difficult task as SMEs are: usually short of time, money and expertise believe the Internet is OK as it is, or would never use it Once you get a early adopter, still difficult as he then needs to persuade his business partners to sign up as well (cf Queen Victoria and the telephone)

15 GMD, Darmstadt SECUDE, Darmstadt UCL, London MessageDirect, London SSE, Dublin SETECS, Stockholm Entrust, Zürich IAIK, Graz Politecnico Torino CCI, Meppen U Salford, Manchester Uni-C, Copenhagen Uninett, Trondheim FCR, Barcelona IJS, Ljubljana 15 Secure Directory Guardian DSA is an application proxy that sits in an organisation’s firewall Filters traffic at the application level i.e. LDAP, DAP, DSP and DISP protocols Makes it safe to allow external users to access certificates and CRLs without compromising any other directory information, or to replicate a portion of corporate directory to external site

16 GMD, Darmstadt SECUDE, Darmstadt UCL, London MessageDirect, London SSE, Dublin SETECS, Stockholm Entrust, Zürich IAIK, Graz Politecnico Torino CCI, Meppen U Salford, Manchester Uni-C, Copenhagen Uninett, Trondheim FCR, Barcelona IJS, Ljubljana 16 Secure Directory Interconnectivity of Directories Fully Filtered Access via Application Proxy Organization'sNetwork(trusted) The Internet (untrusted) Guardian DSA Directory Application Proxy The Organisation’s Firewall Organisations Directory Server

17 GMD, Darmstadt SECUDE, Darmstadt UCL, London MessageDirect, London SSE, Dublin SETECS, Stockholm Entrust, Zürich IAIK, Graz Politecnico Torino CCI, Meppen U Salford, Manchester Uni-C, Copenhagen Uninett, Trondheim FCR, Barcelona IJS, Ljubljana 17 Secure Directory Sheffield Health Authority  want to inter-connect hospital directory to social services directory held by local council Ministry of Defence  Highly secure. They want to replicate a subset of directory information outside the organisation’s firewall so no external users can gain access to internal directory. Will test the replication filtering (DISP) Pilot Sites

18 GMD, Darmstadt SECUDE, Darmstadt UCL, London MessageDirect, London SSE, Dublin SETECS, Stockholm Entrust, Zürich IAIK, Graz Politecnico Torino CCI, Meppen U Salford, Manchester Uni-C, Copenhagen Uninett, Trondheim FCR, Barcelona IJS, Ljubljana 18 Secure Conferencing Mbone Conferencing Have Conference tools:  RAT (Audio), Vic (Video), NTE (Shared Editor) and WB (Shared workspace) Start tools with SDR (Session Directory tool), which enters SD parameters:  The SD parameters are acquired by SDR with Session Announcement (SAP), Session Invitation (SIP), or even from a depository

19 GMD, Darmstadt SECUDE, Darmstadt UCL, London MessageDirect, London SSE, Dublin SETECS, Stockholm Entrust, Zürich IAIK, Graz Politecnico Torino CCI, Meppen U Salford, Manchester Uni-C, Copenhagen Uninett, Trondheim FCR, Barcelona IJS, Ljubljana 19 Secure Conferencing All tools use encrypted streams Session Encryption Keys (SEKs) are distributed with, and part of, SD parameters SD parameters are distributed encrypted, processed by Secured SDR (SSDR) which:  authenticates and encrypts SD Parameters  sends SD Parms via SAP, SIP or depository  acquires, decrypts, authenticates SD Parameters and starts conference tools

20 GMD, Darmstadt SECUDE, Darmstadt UCL, London MessageDirect, London SSE, Dublin SETECS, Stockholm Entrust, Zürich IAIK, Graz Politecnico Torino CCI, Meppen U Salford, Manchester Uni-C, Copenhagen Uninett, Trondheim FCR, Barcelona IJS, Ljubljana 20 Secure Conferencing Current Status Tools use only DES for encrypting streams  DES key entered from Command line or SDR Secure SDR uses only Secured SAP  With PGP encoding of SD parameters with originators private key for authentication  PGP encryption of SD parameters with Group public key pair for confidentiality  Out-of-band secure distribution of Public/private group key pair

21 GMD, Darmstadt SECUDE, Darmstadt UCL, London MessageDirect, London SSE, Dublin SETECS, Stockholm Entrust, Zürich IAIK, Graz Politecnico Torino CCI, Meppen U Salford, Manchester Uni-C, Copenhagen Uninett, Trondheim FCR, Barcelona IJS, Ljubljana 21 Secure Conferencing Next steps Use X.509 encoding & ICE-CAR certification infrastructure for SDR security operations Use secured SIP for distributing SD parameters Use secured directories and Web stores from partners as depositories for SD parameters  will need encrypted/signed repository access Automate operations for managing groups  will use smart cards to help automate operations Investigate IPSEC for media streams

22 GMD, Darmstadt SECUDE, Darmstadt UCL, London MessageDirect, London SSE, Dublin SETECS, Stockholm Entrust, Zürich IAIK, Graz Politecnico Torino CCI, Meppen U Salford, Manchester Uni-C, Copenhagen Uninett, Trondheim FCR, Barcelona IJS, Ljubljana 22 Support of CEEC countries

23 GMD, Darmstadt SECUDE, Darmstadt UCL, London MessageDirect, London SSE, Dublin SETECS, Stockholm Entrust, Zürich IAIK, Graz Politecnico Torino CCI, Meppen U Salford, Manchester Uni-C, Copenhagen Uninett, Trondheim FCR, Barcelona IJS, Ljubljana 23 Training and support programme for Central and Eastern European countries One-week technical workshop on security im May next year together with NATO Support of CEEC countries

24 GMD, Darmstadt SECUDE, Darmstadt UCL, London MessageDirect, London SSE, Dublin SETECS, Stockholm Entrust, Zürich IAIK, Graz Politecnico Torino CCI, Meppen U Salford, Manchester Uni-C, Copenhagen Uninett, Trondheim FCR, Barcelona IJS, Ljubljana 24 Major Achievements nCertification services began in most participating countries, based on WWW and e- mail nimproved security toolkits available for Unix and Windows95/NT commercially nimproved CA tools available commercially nvarious security components available commercially ( plug-ins, directory components, WWW components, Java implementations) npiloting with these tools ongoing nSeveral European projects are using our technology

25 GMD, Darmstadt SECUDE, Darmstadt UCL, London MessageDirect, London SSE, Dublin SETECS, Stockholm Entrust, Zürich IAIK, Graz Politecnico Torino CCI, Meppen U Salford, Manchester Uni-C, Copenhagen Uninett, Trondheim FCR, Barcelona IJS, Ljubljana 25 Conclusions nICE-TEL providing infrastructure - but also end user tools and tools for end user applications nUsers clearly need three different things which ICE-TEL is going to provide: nsecurity toolkits for large own applications ne.g. secured SAP R/3 with ICE-CAR technology ne.g. Data exchange in the German health care nCA tools to build up their own infrastructure ne.g. German Federal Government ne.g. German Health Care system nend user tools and security plug-ins for standard tools

26 GMD, Darmstadt SECUDE, Darmstadt UCL, London MessageDirect, London SSE, Dublin SETECS, Stockholm Entrust, Zürich IAIK, Graz Politecnico Torino CCI, Meppen U Salford, Manchester Uni-C, Copenhagen Uninett, Trondheim FCR, Barcelona IJS, Ljubljana 26


Download ppt "GMD, Darmstadt SECUDE, Darmstadt UCL, London MessageDirect, London SSE, Dublin SETECS, Stockholm Entrust, Zürich IAIK, Graz Politecnico Torino CCI, Meppen."

Similar presentations


Ads by Google