Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Email PKI Without the “I” Presented at: Federal Cyber-Security Conference U.S. Department of Interior Presented by Charlie Matthews, VP Customer.

Similar presentations


Presentation on theme: "Secure Email PKI Without the “I” Presented at: Federal Cyber-Security Conference U.S. Department of Interior Presented by Charlie Matthews, VP Customer."— Presentation transcript:

1 Secure PKI Without the “I” Presented at: Federal Cyber-Security Conference U.S. Department of Interior Presented by Charlie Matthews, VP Customer Services PC Guardian March 26, 2003

2 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA Tel: | Fax: | 2 Topics of Discussion Is there a problem with PKI? What is PKI “without the I?” How does “PKI without the I” work? Summary

3 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA Tel: | Fax: | 3 Public Key Infrastructure A brief history...

4 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA Tel: | Fax: | : The beginning Whitfield Diffie and Martin Hellman introduced public key cryptography in their “New Directions in Cryptography” white paper in But … only within the last 10 years or so has technology become available to “manage” the public/private key pairs. This managed solution is referred to as Public Key Infrastructure (PKI). Support for digital certificates has been a primary struggle and challenge for the market.

5 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA Tel: | Fax: | : “The Year of PKI!” Mathew Nelson, InfoWorld: “Is 1999 the Year of PKI?” John Ryan, Entrust : “…recognition by companies that they will all need a PKI is now upon us. So I think this year will be the year where people recognize they will definitely have a PKI in their enterprise.”

6 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA Tel: | Fax: | 6 Four years later … Gartner Group: “50 percent of all PKI software ultimately becomes shelfware.” “2002 will be the year … PKI dies” Source: Gene Schultz - Principal Engineer with Lawrence Berkeley Laboratory

7 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA Tel: | Fax: | 7 PKI – what went wrong? “There are now many successful PKI rollouts that serve the needs of organizations well. But the PKI movement has been doomed from its onset, and by the end of this year (2002) the demise of this movement will be widely acknowledged.” (Schultz)

8 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA Tel: | Fax: | 8 What went wrong? “I would in fact even like to go on record as being in favor of PKI. However, promise and reality are not the same. A large number of organizations have tried to implement a PKI, but have failed. In many cases the PKIs were designed and put in place, but were not used at all or used very little afterwards.” “…among financial institutions, only 14 percent had invested in PKI products and only one percent actually used them.” (Schultz)

9 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA Tel: | Fax: | 9 What went wrong? Lack of interoperability: Failure to obtain cross certification between Certificate Authorities (especially root CAs) belonging to different PKI trees that are run by different vendor software. Complexity: Failure to use a technology that superficially seems easy, but which has complex underlying mechanisms and procedures. Most users do not understand what a public key is. Cost: PKI is very expensive.

10 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA Tel: | Fax: | 10 What went wrong? It is a good and sound concept that lacked a simple, cost effective, method of implementation. It is not completely dead. PKI is just waiting for the market to package it into something that works. “The primary fault lies with certificate management.” (Shultz)

11 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA Tel: | Fax: | 11 $75 $114Verisign $111$225Entrust * Cost Per Seat at 20,000 Seats * Cost Per Seat at 5,000 SeatsVendor * First-year costs. Source: “Choosing a PKI Vendor,” Renaissance Worldwide, Inc., March Standard PKI can be very expensive to implement. Cost

12 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA Tel: | Fax: | 12 What customers really want... A secure and practical method of message transmission. One that … 1. Any end user can understand and use. 2. Offers level of security relative to Total Cost of Ownership. 3. Can evolve with technology.

13 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA Tel: | Fax: | 13 Specifically… Sends secure messages to those outside as well as those within the organization. Simple to use, simple to deploy, simple to administer. Does not require recipients to install special software. Is cost-efficient. Can use certificates when the “time is right.”

14 PC Guardian’s Secure PKI Without The “I” PC Guardian’s Encryption Plus ® 3.0 and Encryption Plus ® Secure Export 5.0

15 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA Tel: | Fax: | 15 Technology overview EP A plug-in for Lotus Notes or Microsoft Outlook. EP Secure Export: Stand alone version. Support both peer-to-peer Public Private Key (PPK) and Symmetrical Key (SK) technology. Simple to deploy using any common deployment process. Little or no training for Admin, technicians, help desk staff, or end users.

16 The User Program

17 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA Tel: | Fax: | 17 Peer-to-Peer Key Distribution Company A If sender and recipient have EP installed, they can exchange public keys directly via . Company B Company A User sends an containing his public key to Company B user. The containing Company B user’s public key is automatically received and added to the Recipient Manager. Company B User sends an containing her public key to Company A user. The containing Company A user’s public key is automatically received and added to the Recipient Manager

18 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA Tel: | Fax: | 18 Symmetrical Key Technology as an option Company A User Encryption Plus Company B User No Encryption Plus Users A and B agree on a password. User B receives a file that can be decrypted using the shared password. Encryption Plus or Secure Export do not have to be installed. User A enters this password and sends User B an encrypted message

19 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA Tel: | Fax: | 19 It Must Be Simple Sender creates message as usual and clicks the SEND button. The SEND process is hooked. The message is encrypted and continues its journey to the recipient. We access the recipient’s Public Key (or Symmetrical Key) to encrypt the message. User A

20 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA Tel: | Fax: | 20 The encrypted message is received as usual. User is prompted for password to decrypt message. Are we installed? NoYes The encrypted message is decrypted automatically. It Must Be Simple (cont) User B

21 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA Tel: | Fax: | 21 Based on the concept of the Recipient Manager. (A simplified address book.)

22 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA Tel: | Fax: | 22 Recipient Manager auto prompts for recipient info.

23 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA Tel: | Fax: | 23 Recipient’s info now stored in Recipient Manager. Sender now sends Public Key. Recipient accepts Public Key. Program automatically mails Recipient Public Key to sender.

24 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA Tel: | Fax: | 24 Easy to deploy Your organization assigns an admin. User setup files are installed on the user machines. 1 The program creates admin key and user setup files Program is installed using common installation tools and a unique Public Private Key is created for each user. AdminUsers

25 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA Tel: | Fax: | 25 Simple Deploy in any standard deployment model. Public/Private Keys transparently generated on user workstations. User populates Recipient Manager with addresses of others. Users send Public Keys to those in Recipient Manager. Public Keys of others automatically returned and stored in Recipient Manager Messages automatically encrypted at send time.

26 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA Tel: | Fax: | 26 Features Protects data via 256-bit AES Automatically generates public-private keys using Elliptic Curve Cryptography with a 233-bit key Includes simplified public key exchange Needs no Digital Certificates (but future release will support x.509 certificates) Needs no key servers Includes option to require user passwords Allows encrypted files pass through content-filtering firewalls Administrators can recover encrypted data

27 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA Tel: | Fax: | 27 Benefits Requires little training Uses simplified, secure Public-Private Key and optional Symmetrical Key technology Recipients outside the organization do not need special software to receive encrypted Requires minimal infrastructure or financial investment to implement

28 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA Tel: | Fax: | 28 Cost $75 $114Verisign $111$225Entrust Cost Per Seat at 20,000 Seats Cost Per Seat at 5,000 SeatsVendor PC Guardian $28$19 First-year costs.

29 PC Guardian, 1133 East Francisco Blvd, San Rafael, CA Tel: | Fax: | 29 PC Guardian (USA & Canada) (0) (United Kingdom)


Download ppt "Secure Email PKI Without the “I” Presented at: Federal Cyber-Security Conference U.S. Department of Interior Presented by Charlie Matthews, VP Customer."

Similar presentations


Ads by Google