Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Email PKI Without the “I” Presented at: Federal Cyber-Security Conference U.S. Department of Interior Presented by Charlie Matthews, VP Customer.

Similar presentations


Presentation on theme: "Secure Email PKI Without the “I” Presented at: Federal Cyber-Security Conference U.S. Department of Interior Presented by Charlie Matthews, VP Customer."— Presentation transcript:

1 Secure Email PKI Without the “I” Presented at: Federal Cyber-Security Conference U.S. Department of Interior Presented by Charlie Matthews, VP Customer Services PC Guardian March 26, 2003

2 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901 Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com 2 Topics of Discussion Is there a problem with PKI? What is PKI “without the I?” How does “PKI without the I” work? Summary

3 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901 Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com 3 Public Key Infrastructure A brief history...

4 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901 Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com 4 1976: The beginning Whitfield Diffie and Martin Hellman introduced public key cryptography in their “New Directions in Cryptography” white paper in 1976. But … only within the last 10 years or so has technology become available to “manage” the public/private key pairs. This managed solution is referred to as Public Key Infrastructure (PKI). Support for digital certificates has been a primary struggle and challenge for the market.

5 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901 Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com 5 1999: “The Year of PKI!” Mathew Nelson, InfoWorld: “Is 1999 the Year of PKI?” John Ryan, Entrust : “…recognition by companies that they will all need a PKI is now upon us. So I think this year will be the year where people recognize they will definitely have a PKI in their enterprise.”

6 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901 Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com 6 Four years later … Gartner Group: “50 percent of all PKI software ultimately becomes shelfware.” “2002 will be the year … PKI dies” Source: Gene Schultz - Principal Engineer with Lawrence Berkeley Laboratory

7 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901 Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com 7 PKI – what went wrong? “There are now many successful PKI rollouts that serve the needs of organizations well. But the PKI movement has been doomed from its onset, and by the end of this year (2002) the demise of this movement will be widely acknowledged.” (Schultz)

8 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901 Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com 8 What went wrong? “I would in fact even like to go on record as being in favor of PKI. However, promise and reality are not the same. A large number of organizations have tried to implement a PKI, but have failed. In many cases the PKIs were designed and put in place, but were not used at all or used very little afterwards.” “…among financial institutions, only 14 percent had invested in PKI products and only one percent actually used them.” (Schultz)

9 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901 Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com 9 What went wrong? Lack of interoperability: Failure to obtain cross certification between Certificate Authorities (especially root CAs) belonging to different PKI trees that are run by different vendor software. Complexity: Failure to use a technology that superficially seems easy, but which has complex underlying mechanisms and procedures. Most users do not understand what a public key is. Cost: PKI is very expensive.

10 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901 Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com 10 What went wrong? It is a good and sound concept that lacked a simple, cost effective, method of implementation. It is not completely dead. PKI is just waiting for the market to package it into something that works. “The primary fault lies with certificate management.” (Shultz)

11 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901 Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com 11 $75 $114Verisign $111$225Entrust * Cost Per Seat at 20,000 Seats * Cost Per Seat at 5,000 SeatsVendor * First-year costs. Source: “Choosing a PKI Vendor,” Renaissance Worldwide, Inc., March 2000. Standard PKI can be very expensive to implement. Cost

12 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901 Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com 12 What customers really want... A secure and practical method of message transmission. One that … 1. Any end user can understand and use. 2. Offers level of security relative to Total Cost of Ownership. 3. Can evolve with technology.

13 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901 Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com 13 Specifically… Sends secure messages to those outside as well as those within the organization. Simple to use, simple to deploy, simple to administer. Does not require recipients to install special software. Is cost-efficient. Can use certificates when the “time is right.”

14 PC Guardian’s Secure Email PKI Without The “I” PC Guardian’s Encryption Plus ® Email 3.0 and Encryption Plus ® Secure Export 5.0

15 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901 Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com 15 Technology overview EP Email: A plug-in for Lotus Notes or Microsoft Outlook. EP Secure Export: Stand alone version. Support both peer-to-peer Public Private Key (PPK) and Symmetrical Key (SK) technology. Simple to deploy using any common deployment process. Little or no training for Admin, technicians, help desk staff, or end users.

16 The User Program

17 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901 Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com 17 Peer-to-Peer Key Distribution Company A If sender and recipient have EP Email installed, they can exchange public keys directly via email. Company B Company A User sends an email containing his public key to Company B user. The email containing Company B user’s public key is automatically received and added to the Recipient Manager. Company B User sends an email containing her public key to Company A user. The email containing Company A user’s public key is automatically received and added to the Recipient Manager 1 34 2

18 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901 Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com 18 Symmetrical Key Technology as an option Company A User Encryption Plus Company B User No Encryption Plus Users A and B agree on a password. User B receives a file that can be decrypted using the shared password. Encryption Plus Email or Secure Export do not have to be installed. User A enters this password and sends User B an encrypted message. 1 2 3

19 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901 Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com 19 It Must Be Simple Sender creates message as usual and clicks the SEND button. The SEND process is hooked. The message is encrypted and continues its journey to the recipient. We access the recipient’s Public Key (or Symmetrical Key) to encrypt the message. User A

20 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901 Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com 20 The encrypted message is received as usual. User is prompted for password to decrypt message. Are we installed? NoYes The encrypted message is decrypted automatically. It Must Be Simple (cont) User B

21 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901 Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com 21 Based on the concept of the Recipient Manager. (A simplified address book.)

22 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901 Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com 22 Recipient Manager auto prompts for recipient info.

23 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901 Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com 23 Recipient’s info now stored in Recipient Manager. Sender now sends Public Key. Recipient accepts Public Key. Program automatically mails Recipient Public Key to sender.

24 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901 Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com 24 Easy to deploy Your organization assigns an admin. User setup files are installed on the user machines. 1 The program creates admin key and user setup files 2 3 4 Program is installed using common installation tools and a unique Public Private Key is created for each user. AdminUsers

25 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901 Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com 25 Simple Deploy in any standard deployment model. Public/Private Keys transparently generated on user workstations. User populates Recipient Manager with email addresses of others. Users send Public Keys to those in Recipient Manager. Public Keys of others automatically returned and stored in Recipient Manager Messages automatically encrypted at send time.

26 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901 Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com 26 Features Protects data via 256-bit AES Automatically generates public-private keys using Elliptic Curve Cryptography with a 233-bit key Includes simplified public key exchange Needs no Digital Certificates (but future release will support x.509 certificates) Needs no key servers Includes option to require user passwords Allows encrypted files pass through content-filtering firewalls Administrators can recover encrypted data

27 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901 Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com 27 Benefits Requires little training Uses simplified, secure Public-Private Key and optional Symmetrical Key technology Recipients outside the organization do not need special software to receive encrypted email Requires minimal infrastructure or financial investment to implement

28 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901 Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com 28 Cost $75 $114Verisign $111$225Entrust Cost Per Seat at 20,000 Seats Cost Per Seat at 5,000 SeatsVendor PC Guardian $28$19 First-year costs.

29 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA 94901 Tel: 415-459-0190 | Fax: 415-459-1162 | info@pcguardian.com 29 PC Guardian http://www.pcguardian.com http://www.pcguardian.co.uk http://www.pcguardian.com http://www.pcguardian.co.uk 800-288-8126 (USA & Canada) +1-415-459-0190 (0) 1752 318 078 (United Kingdom)


Download ppt "Secure Email PKI Without the “I” Presented at: Federal Cyber-Security Conference U.S. Department of Interior Presented by Charlie Matthews, VP Customer."

Similar presentations


Ads by Google