Presentation is loading. Please wait.

Presentation is loading. Please wait.

CAMP - June 4-6, 2003 1 Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin 2003. This work is the intellectual property of the authors.

Published byAngelina Garrison Modified over 8 years ago

Similar presentations

Presentation on theme: "CAMP - June 4-6, 2003 1 Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin 2003. This work is the intellectual property of the authors."— Presentation transcript:

1 CAMP - June 4-6, 2003 1 Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin 2003. This work is the intellectual property of the authors. Permission is granted for this material to be shared for non-commercial, educational purposes, provided that this copyright statement appears on the reproduced materials and notice is given that the copying is by permission of the authors. To disseminate otherwise or to republish requires written permission from the authors.

2 PKI and Academic Applications Robert Brentrup, Mark Franklin Dartmouth College PKI Lab CAMP June 5, 2003

3 CAMP - June 4-6, 2003 3 Why PKI? Comprehensive way to address securing many applications No passwords on the wire No need for shared secrets Strong underlying security technology Widely included in Technology Products

4 CAMP - June 4-6, 2003 4 PKI and Passwords Technology –Passwords NOT even sent to server –Still using password to unlock key Only user knows password (harder to share) Even Central IT can’t recover the password Policy - Process –Registration: How individual is identified –Individual education of best practice –Generating and storing key pair –Stronger AuthN strengthens AuthZ

5 CAMP - June 4-6, 2003 5 Key Validity Duration needs –Limited as defense against compromise –Retain for future decryption –History of Public keys for signature verification Kerberos authn application –PK technology with short lifetime Can issue X.509 certs with timeframes chosen based on use

6 CAMP - June 4-6, 2003 6 Dartmouth PKI Lab R&D to make PKI a practical component of a campus network Multi-campus collaboration sponsored by the Mellon Foundation Dual objectives: –Deploy existing PKI technology to improve network applications –Improve the current state of the art identify security issues in current products develop solutions to the problems

7 CAMP - June 4-6, 2003 7 What is PKI? PKI is Public Key Infrastructure A pair of asymmetric keys is used, one to encrypt, the other to decrypt

8 CAMP - June 4-6, 2003 8 Public and Private Keys The "public" key is published The "private" key is kept a secret No need to exchange a secret "key" by some other channel Invented in 1976 by Whit Diffie and Martin Hellman Commercialized by RSA Security

9 CAMP - June 4-6, 2003 9 Basic applications of PKI Authentication and Authorization of Web users and servers –It is the basis for the SSL protocol used to secure web connections Secure e-mail (signed and encrypted) Electronic signatures Data encryption –Business documents, databases, executable code Network data protection (VPN, wireless)

10 CAMP - June 4-6, 2003 10 What is X.509? A standard for the format of a public key certificate and related standards for how certificates are used. Current PKI product offerings inter-operate through this standard There are many other possible formulations, eg SDSI/SPKI Is X.509 THE solution?

11 CAMP - June 4-6, 2003 11 What is a certificate? Signed data structure that binds some information to a public key Trusted entity asserts validity of information in certificate The information is usually a personal identity or a server name Think of it as an electronic ID card

12 CAMP - June 4-6, 2003 12 Basic Public Key Operations Encryption –encrypt with public key of recipient –only the recipient can decrypt with their private key

13 CAMP - June 4-6, 2003 13 Signature –Compute message digest, encrypt with your private key –Reader decrypts with your public key –Re-compute the digest and compare the results, Match? Basic Public Key Operations

14 CAMP - June 4-6, 2003 14 What is a certificate authority? An organization that creates and publishes certificates Verifies the information in the certificate Protects general security and policies of the system and its records Allows you to check certificates and decide to use them in business transactions

15 CAMP - June 4-6, 2003 15 What is a CA certificate? A certificate authority generates a key pair used to sign the certificates it issues Multiple institutions can collaborate via: –Hierachical structure among their CAs –Bridge Certification Authorities "peer to peer" approach

16 CAMP - June 4-6, 2003 16 Hierarchy

17 CAMP - June 4-6, 2003 17 Bridge

18 CAMP - June 4-6, 2003 18 Dartmouth PKI Deployment PKI applications in use Web authentication alternative to Kerberos/Sidecar Banner SIS, other Oracle apps, same mechanism Library resource access control, local and JSTOR Secure Mail S/MIME, Sympa Electronic document signatures NIH pilot, replace paper forms Wireless Network Access WPA, 802.1x EAP-TLS

19 CAMP - June 4-6, 2003 19 Next Steps Applications of –Workflow, signatures –Secure mail for Student health Services -HIPAA –PKI enhanced List-server –Wireless network data protection –Databases and E-commerce Improvements in Infrastructure –Key storage hardening Tokens, smartcards, coprocessors –In-person contact in Enrollment –Trusted Third Party Services –Higher Ed Bridge CA –Authorization and Delegation

20 CAMP - June 4-6, 2003 20 Questions? Dartmouth PKI Lab –http://www.dartmouth.edu/~pkilab –Robert.J.Brentrup@dartmouth.edu –Mark.J.Franklin@dartmouth.edu

Download ppt "CAMP - June 4-6, 2003 1 Copyright Statement Copyright Robert J. Brentrup and Mark J. Franklin 2003. This work is the intellectual property of the authors."

Similar presentations

Public Key Infrastructure and Applications

Public Key Infrastructure and Applications
Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.

Public Key Infrastructure A Quick Look Inside PKI Technology Investigation Center 3/27/2002.
(n)Code Solutions A division of GNFC

(n)Code Solutions A division of GNFC
Dartmouth PKI Certificate Deployment June 2004 Fed Ed Meeting.

Dartmouth PKI Certificate Deployment June 2004 Fed Ed Meeting.
Grid Computing, B. Wilkinson, 20045a.1 Security Continued.

Grid Computing, B. Wilkinson, 20045a.1 Security Continued.
Copyright Judith Spencer 2002. This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,

Copyright Judith Spencer This work is the intellectual property of the author. Permission is granted for this material to be shared for non-commercial,
Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.

Grid Security Infrastructure Tutorial Von Welch Distributed Systems Laboratory U. Of Chicago and Argonne National Laboratory.
Lecture 2: Security Rachana Ananthakrishnan Argonne National Lab.

Lecture 2: Security Rachana Ananthakrishnan Argonne National Lab.
Copyright Statement Copyright Robert J. Brentrup 2005. This work is the intellectual property of the author. Permission is granted for this material to.

Copyright Statement Copyright Robert J. Brentrup This work is the intellectual property of the author. Permission is granted for this material to.
Lecture 23 Internet Authentication Applications

Lecture 23 Internet Authentication Applications
Grid Security. Typical Grid Scenario Users Resources.

Grid Security. Typical Grid Scenario Users Resources.
Copyright Statement Copyright Robert J. Brentrup and Sean W. Smith 2002. This work is the intellectual property of the authors. Permission is granted for.

Copyright Statement Copyright Robert J. Brentrup and Sean W. Smith This work is the intellectual property of the authors. Permission is granted for.
Identity Management Realities in Higher Education NET Quarterly Meeting January 12, 2005.

Identity Management Realities in Higher Education NET Quarterly Meeting January 12, 2005.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.

PKI Activities at Virginia January 2004 CSG Meeting Jim Jokl.
DESIGNING A PUBLIC KEY INFRASTRUCTURE

DESIGNING A PUBLIC KEY INFRASTRUCTURE
David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.

David L. Wasley Information Resources & Communications Office of the President University of California Directories and PKI Basic Components of Middleware.
Dartmouth PKI Deployment Robert Brentrup PKI Summit July 14, 2004.

Dartmouth PKI Deployment Robert Brentrup PKI Summit July 14, 2004.
Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Mar 12, 2002Mårten Trolin1 This lecture Diffie-Hellman key agreement Authentication Certificates Certificate Authorities SSL/TLS.

Similar presentations

Ads by Google